I would like to reiterate that mount.cifs does not transmitted password in
plain text over the network. Unless you use ancient version, which I do not
think is possible without extra effort on your side.
On Dec 5, 2017 7:26 AM, "michael" wrote:
> I'm thinking about how to address security concerns with mount.cifs from a
> Pi 3 running Raspbian Stretch.
>
> An option is to have the customer run winscp server on their Windows
> server and give me a login/password to a limited account that can see the
> relevant shared files on the windows network.
>
> Granted, once I'm connecting via a limited account, the security concerns
> are less for mount.cifs. OpenSSH is the code behind winscp, but from what
> I can see, the administrator has to install winscp.
>
> If I ignore the security concern that the password transmits in the clear
> with mount.cifs, it is simple for the Windows administrator to set up a
> share and a limited login that can access that share.
>
> As far as active directory, etcetera, I don't understand how that works
> where I lack the necessary time to learn how that works. PC-NFS has
> problems similar to mount.cifs, unless of course Kerberos is used for
> authentication. Again, I don't have time to learn how to setup Kerberos
> and it would be a lot of work on the windows side.
>
> The Raspberry Pi 3 model B is limited on processing power and memory.
> Push it hard enough and it will overheat. Keep in mind, the only time
> truss files need to transfer from Windows to the Pi is when there is a
> request for a new one that isn't already locally available. If scp is
> used, that should be lighter than keeping a CIFS share or an NFS share
> mounted between Linux and Windows.
> ___
> PLUG mailing list
> PLUG@pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug
