I'm using the csi-driver-smb driver for Kubernetes to mount SMB volumes. Everything works well, but now I'm reading that the default security mode is sec=ntlmssp.
I'm worried, from what I read online, that this is insecure.
I'm also using the seal option, which
Request encryption at the SMB layer. The encryption algorithm used is AES-128-CCM. Requires SMB3 or above (see vers).
But is the NTLMSSP also encrypted? Or does that occur before the SMB protocol initiates?
The alternative seems to be using Kerberos. I'm unfamiliar with Kerberos, but it looks like the machine has to be joined to a domain? That's not an option, the volume must only be mounted with username/password.
