Is mount.cifs (SMB) secure with `seal` and `sec=ntlmssp`?

xaa29221

8/31/24, 5:15 PM

I'm using the csi-driver-smb driver for Kubernetes to mount SMB volumes. Everything works well, but now I'm reading that the default security mode is sec=ntlmssp. I'm worried, from what I read online, that this is insecure.

I'm also using the seal option, which

Request encryption at the SMB layer. The encryption algorithm used is AES-128-CCM. Requires SMB3 or above (see vers).

But is the NTLMSSP also encrypted? Or does that occur before the SMB protocol initiates?

The alternative seems to be using Kerberos. I'm unfamiliar with Kerberos, but it looks like the machine has to be joined to a domain? That's not an option, the volume must only be mounted with username/password.

0 + 0

samba

cifs

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Is mount.cifs (SMB) secure with `seal` and `sec=ntlmssp`?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.