> >> I was wondering if there is any utility that does encrypiton of SMB at the
> >> network level, eg something like secure-NFS or SSL. Note that the package
> >nope, been looking for years and years...
> I would *love* to put this into Samba. Unfortunatly it would
> probably have to be a proprietary dialect that only Linux
> smbfs (the SMB client with *source*) could use.
> There's no way the US government would let MS put SMB
> encryption that they couldn't crack into the Windows
> code - that must be their nightmare :-).
> Now if someone writes a replacement SMB network file system
> for Win95 or NT - drop me an email and let's talk...
> Jeremy Allison,
> Samba Team.
there are three ways in which you could achieve your goal:
1) purchase, for $1000, microsoft's undocumented, unsupported IFS kit. wait
for several weeks or possibly months to receive your IFS kit if you live
outside of the US / Canada, because microsoft thinks that there is a
crypto or export issue involved.
invest large amounts of time working out what's going on, and write
yourself a replacement SMB client for NT. document and implement some
at the end of your efforts, send microsoft all your source code, because
they own the rights to it.
re-read the IFS license agreement.
trash your entire implementation, and never release it publicly, because
it could possibly be deemed a "competitor" to a part of the NT OS that
already ships with NT.
you could _possibly_ only implement a new SMB level that is not supported
by NT or w95, and is only supported by those vendors with whom you can
obtain cooperation. let me make it clear right now that co-operation
will be absolutely guaranteed on such a project, from me (another samba
team member) to put such an SMB level into Samba.
2) purchase, for $80,000 (possibly now only $50,000) from www.osr.com
(open system resources), OSR's fully documented, fully supported IFS kit,
and start work, anywhere in the world.
invest about six weeks writing yourself a replacement SMB client for NT,
with assistance from OSR. document and implement some crypto SMBs, with
assistance and involvement of experts in those fields.
at the end of your efforts, do what you like, except don't release the
header files and the dynamic dlls, because that will break your license
agreement with OSR.
make friends very quickly with large numbers of CIFS server vendors for
unix, macintosh, os/2 and others (IBM, SCO, AT & T, Thursby, Syntax,
Auspex, Network Appliances to name a few), and a very large number of
users who would want to see secure SMB communication, knowing that some of
the best experts who _really_ understand secure communications have been
consulted and involved.
3) wait for NT 5.0. replace all your samba servers with NT 5.0 servers.
upgrade all your NT 4.0 and Win95 workstations to NT 5.0 Workstations.
spend $$$, not knowing if the protocol you are using is secure or not,
because you can never ask an expert, or anyone in fact, to independently
analyse the protocol being used.
anyone interested in investigating and investing in 2) above?
<a href = "http://mailhost.cb1.com/~lkcl"> Lynx2.7-friendly Home Page </a>
<br><b> "Apply the Laws of Nature to your environment because your
environment applies the Laws of Nature to you" </b>