[linux-cifs-client] Question on current state of sec=krb5* integration in cifs.ko
Volker Lendecke
Volker.Lendecke at SerNet.DE
Fri Oct 23 10:02:04 MDT 2009
On Fri, Oct 23, 2009 at 11:55:12AM -0400, Jeff Layton wrote:
> Yes, much...
>
> NFS (well, RPC actually) sends credentials with every call, so if you
> destroy the creds, then the client and server will tend to pick up on
> that fact rather quickly. With CIFS the credentials are just used to
> establish a "session". After that, krb5 doesn't really come into play
> very much (at least until you have to reconnect).
It's not *as* bad as it sounds security-wise, SMB signing
attempts to provide integrity, and the Samba extensions for
SMB encryption (Jeff: Hint...! :-)) would provide
confidentiality.
Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://lists.samba.org/pipermail/linux-cifs-client/attachments/20091023/3b201353/attachment.pgp>
More information about the linux-cifs-client
mailing list