[linux-cifs-client] [PATCH 2/2] cifs.spnego helper in samba:
helper source code
simo
idra at samba.org
Wed Nov 14 20:23:46 GMT 2007
On Wed, 2007-11-14 at 19:54 +0300, Q (Igor Mammedov) wrote:
> Domain mapping to realm could be configured in krb5.conf file
> (http://web.mit.edu/Kerberos/krb5-1.5/krb5-1.5.4/doc/krb5-admin/Mapping-Hostnames-onto-Kerberos-Realms.html).
> And it should work with the last cifs.spnego patch. (not tried though)
>
> As for DNS TXT record _kerberos.<domain> I don't know whether it
> supported by krb5 library or we should do in our code.
>
> Theoretically we could add @REALM sufix to server name like:
> //srv.test.foo at MY.REALM/sharename
> an do necessary parsing in mount.cifs for possibility of explicit
> REALM defining. But wouldn't we have to configure this realm in
> krb5.conf anyway so that kerberos library would be happy?
not if you have dns discovery for realms and you have trusts, but I
agree this is a corner case, we can look (and test) it later.
Simo.
--
Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Senior Software Engineer at Red Hat Inc. <ssorce at redhat.com>
More information about the linux-cifs-client
mailing list