thr3ads.net - samba - [Samba] SWAT [May 2005]

If this information is useful, please help other people find it:
Share via:

Twitter
Facebook
Email

Scott Hamm

2005-May-14 15:31 UTC

[Samba] SWAT

How secure is SWAT in production level?  If it's insecure, can anybody
explain why that it is not?  I'm running Slackware 10, kernel 2.4.26
and samba 3.0.4.

Scott
-- 
Power to people, Linux is here.

Carlos Rodrigues

2005-May-15 01:12 UTC

head link

[Samba] Re: SWAT

Scott Hamm wrote:> How secure is SWAT in production level?  If it's insecure, can anybody
> explain why that it is not?  I'm running Slackware 10, kernel 2.4.26
> and samba 3.0.4.
Well, that depends on how insecure do you find a service that requires 
you to send your root password through the network in the clear...

However, there are ways around this. You can wrap the connections to 
swat using "stunnel", or you can just restrict swat access to
localhost
and then use it over an ssh tunnel (this is as easy as "ssh 
-L2222:localhost:901 user@sambaserver", so I kind of like it).

Carlos Rodrigues

samba - May 2005 - SWAT

[Samba] SWAT

[Samba] Re: SWAT