[linux-cifs-client] Kerberos5 support in cifs pathset [PATCH:
4/4] userspace utility for creating security blob and getting session
key
Q (Igor Mammedov)
qwerty0987654321 at mail.ru
Fri Oct 26 10:04:30 GMT 2007
simo wrote:
> Have you already thought how to find the right credentials here ?
It takes first TGT from default kerberos cache file. We don't have
direct means to select what TGT to use for TGS, I could suggest that we
can use UID of the user calling 'mount' utility, to decide whose krb5
cache to use (assuming that the most users have only one TGT).
For hands off cache initialization we could use keytab files.The proper
place for this could be in mount.cifs. For example we specify sec='krb5'
and credentials option with keytab file or user/password and mount.cifs
utility initializes cache with TGT.
Recently I've played with mounting using krb5 auth as ordinary user and
have patch to cifs_spnego.c/and mine kernel patch that allows to use
right cache depending on the calling user.
> Do you know if the sesskey is always guaranteed to be a fixed length ?
There is no guaranties that sesskey length be fixed in the future.
However, preliminary reading on this topic reveals that often used
ciphers are DES/RC4-HMAC (MS-Preferred)/3DES/AES and maximum key length
of them is for AES 256bits.
--
Best regards,
-------------------------
Igor Mammedov,
niallain "at" gmail.com
More information about the linux-cifs-client
mailing list