[linux-cifs-client] Re: [PATCH 0/6] Introduction: implement SPNEGO/Kerberos in CIFS (try #3)

Steve French smfrench at gmail.com
Fri Nov 2 16:12:40 GMT 2007 

This is excellent work (from the three of you in particular).  Thank you.

Due to the desire by akpm and others to finally deprecate smbfs,
perhaps we should push these upstream (albeit as experimental) during
the end of this release cycle (instead of waiting for 2.6.25) unless I
find problems in the code review, but I do want to go through each of
these carefully and check them in one at a time.

On 11/2/07, Jeff Layton <jlayton at redhat.com> wrote:
> This try #3 of the patchset to implement krb5 mounts with CIFS. This
> is essentially the same patchset as #2, but has a few small cleanups and
> I've changed the upcall/downcall format to be better suited to the
> current design.
>
> At this point, I think this is pretty close to being ready for commit. I
> think I've got the #define's done well enough that this should have
> little effect on anyone who doesn't have CONFIG_CIFS_UPCALL set. Getting
> this committed may help move along development on the userspace piece.
>
> Again, the list of to-do's:
>
> 1) The userspace request-key program is not yet complete. Igor and Simo
> Sorce have volunteered to write it. I've used Igor's userspace program
> to test it, but it needs some work (primarily work on having it deal
> with different UID's). I can envision this being part of the samba tree.
> smbclient needs to roll up SPNEGO blobs too, so it seems like that code
> could be shared. I'll defer that decision to those who are writing
> the program, though...
>
> 2) Multi-stage SPNEGO conversations are not yet implemented. It
> shouldn't be too tough to add them, but as of today, I'm not clear on
> what they actually look like on the wire. Particularly, I don't know
> what the SMB status field will look like. So for now, if multi-stage
> SPNEGO is needed, the mount will probably fail. If someone is able
> to trigger this and can provide captures or info about it, then we
> should be able to get that added.
>
> 3) multi-user mounts are not currently implemented. I've been chatting
> with Steve about the best scheme for handling them, so for now, things
> are pretty much still single-user.
>
> Many thanks to Simo Sorce, Steve French and Igor Mammedov for guidance
> and sample code on this. Comments are appreciated.
>
> Signed-off-by: Jeff Layton <jlayton at redhat.com>
>
>


-- 
Thanks,

Steve

More information about the linux-cifs-client mailing list