[linux-cifs-client] [PATCH] [CIFS] only use krb5 session key
from first SMB session on socket
Jeff Layton
jlayton at redhat.com
Tue Dec 18 14:27:15 GMT 2007
On Tue, 18 Dec 2007 14:22:16 +0000
simo <idra at samba.org> wrote:
>
> On Tue, 2007-12-18 at 16:40 +0300, Q (Igor Mammedov) wrote:
> > Jeff Layton wrote:
> > > Currently, any new kerberos SMB session overwrites the server's
> > > session key. The session key should only be set by the first SMB
> > > session set up on the socket.
> >
> > It could be better don't do upcall at all in this case?
>
> It's just the signing key that is shared on the same TCP connection,
> we still need to authenticate different users in a multi-user setup.
>
I thought that was probably the case.
> I guess we may avoid doing a new session setup and just skip to the
> tree connect if the same user already has an open session. But I
> guess this is just optimization.
>
I think the code already does that. cifs_find_tcp_session looks for
an existing TCP session that it can share, as well as an existing SMB
session. If it finds the latter, then it skips the session setup.
--
Jeff Layton <jlayton at redhat.com>
More information about the linux-cifs-client
mailing list