HP CIFS Server 3.0b Administrator's Guide version A.02.01.01
Securing HP CIFS Server
Security Protection Methods
Chapter 10224
You can also use the Lightweight Directory Access Protocol (LDAP) for
authentication. To prevent plain text password transfer with LDAP
directories, you can configure Secure Socket Layer (SSL) on your systems
and enable HP CIFS Server with SSL. For detailed information on how
to enable SSL communication over LDAP, seeChapter 6, “LDAP
Integration Support,” on page 109.
The HP CIFS Server accepts the highly secure Kerberos tickets for
Windows 2000 Active Directory configurations.
Protecting Sensitive Configuration Files
The default permissions for HP CIFS Server configuration files have
been carefully selected to ensure security while providing appropriate
accessibility. However, you need also to protect these configuration files
from unauthorized access. Be especially careful if you decide to locate
them in alternative directories.
Table 6-1describes a list of commonly used configuration files and their
default locations. There are also many smb.conf configuration
parameters which permit alternate locations for these files and many
parameters that result in additional configuration files or scripts
controlling run-time actions not mentioned here.
Table 10-1 Configuration Files
File Description
/etc/opt/samba/smb.conf Master configuration file
/var/opt/samba/log.* Log files
/var/opt/samba/locks/*.tdb Database files containing important
internal run-time information
/var/opt/samba/locks/*.dat Data files containing system name
and addresses
/var/opt/samba/locks/*.pid Master daemon process ID files used
for starting, stopping, and
clustering scripts
/var/opt/samba/private/*.tdb Database files containg important
internal run-time information