Can I automate mounting a cifs share without storing my password in plaintext?

Question

I currently use a script which contains commands along the lines of

sudo /sbin/mount.cifs $SERVER_SHARE $MOUNT -o username=$DOMAIN_$USER,uid=$USER,gid=$USER,file_mode=0664,dir_mode=0775

to mount my cifs shared directories. This works fine, but I have to enter my password for each of these lines, so I would like to automate this process.

In order to adhere to local security policy I must not add my password to the command line, nor may I store my password in plain text in a file (either the mount script or a credentials file).

Do I have any other options for authenticating my cifs mount, or am I stuck entering my password for each and every share?

Ideally I would like the equivalent of doing a ssh-add, where I only have to enter my password once and all subsequent ssh commands use that authentication and do not require me to enter my password again.

If it makes any difference, I am using RHEL 5.8 as a normal user with very limited sudo access.

Answer 1

The Gnome keyring can store passwords. You can enter the password in your Gnome keyring, or if you use the Gnome keyring for other things, you can put a master password and save the keyring to disk.

GVFS, the Gnome virtual filesystem framework, queries the Gnome keyring for passwords if it's available.

From the command line, you can perform a Samba mount with gvfs-mount:

gvfs-mount smb://username\;workgroupname@hostname/sharename

You have no control on the mount point: it's ~/.gvfs/sharename\ on\ hostname. And I don't think that you can control mount options such as permission mappings (but I could be wrong: gvfs-mount is not documented and I haven't explored its internals).

You'll need D-bus. See Samba mount with password prompt as non-root user