Passing UNC username and password within a UNC path

Is it possible to pass the UNC username and password within a UNC path?

Similar to how FTP and SMB support this:

smb://user:[email protected]/share
ftp://user:[email protected]/share

I am trying to get a (non domain PC) service access to a DFS path.

Is there another way around this? I could bind the PC to the domain and run the service as a domain user but what if I was using Linux?


Solution 1:

On Windows, you cannot put credentials in UNC paths. You must provide them using net use, runas /netonly, or when asked by Windows.

You can also store the password as a "domain credential" using cmdkey /add:, or using the CredWrite() function in C, both of which are equivalent to checking the "Remember password" box in Windows.

On Linux, it depends on the program.

  • GNOME's Gvfs accepts the user@host syntax, but appears to completely ignore the password. (However, you can store it in GNOME Keyring beforehand.)

  • smbclient uses the same UNC syntax as Windows; however, it has an --authentication-file option from which credentials could be read.

  • Both programs above are using libsmbclient, and can use Kerberos authentication instead of passwords: run kinit [email protected] and use smbclient -k //host/share. This is more secure than password authentication.

Note that putting passwords into URIs is deprecated, and you should not rely on it being supported anywhere.

Solution 2:

You can map a "drive" to the UNC path using net use. Future accesses should share the existing connection

Net Use \\yourUNC\path /user:uname password

Note: you do not need to specify a drive letter

Solution 3:

I think the user name and password has to be passed to the server for authentication first before any file access can be done, so the code handling the SMB connection has to be able to parse and extra the user name and password from the URL. You'll have to check if that code supports this format or not.

If it doesn't, you can mount that SMB share through SAMBA and direct your program to use that "local" path. You can put the mount into fstab and use a SAMBA password file to supply the user credentials. Remember to set the correct permissions to the password file so normal users can't read it.

Note that it is bad practice to store passwords in clear text in configuration files, so even if your program can handle password in URL, you should consider the mounted share method.