[linux-cifs-client] [PATCH] [CIFS] only use krb5 session key from
first SMB session on socket
Steve French
smfrench at gmail.com
Mon Dec 31 04:27:45 GMT 2007
Has anyone tried the same scenario with ntlmv2 to see if that has a
similar problem?
On Dec 18, 2007 8:27 AM, Jeff Layton <jlayton at redhat.com> wrote:
> On Tue, 18 Dec 2007 14:22:16 +0000
> simo <idra at samba.org> wrote:
>
> >
> > On Tue, 2007-12-18 at 16:40 +0300, Q (Igor Mammedov) wrote:
> > > Jeff Layton wrote:
> > > > Currently, any new kerberos SMB session overwrites the server's
> > > > session key. The session key should only be set by the first SMB
> > > > session set up on the socket.
> > >
> > > It could be better don't do upcall at all in this case?
> >
> > It's just the signing key that is shared on the same TCP connection,
> > we still need to authenticate different users in a multi-user setup.
> >
>
> I thought that was probably the case.
>
> > I guess we may avoid doing a new session setup and just skip to the
> > tree connect if the same user already has an open session. But I
> > guess this is just optimization.
> >
>
> I think the code already does that. cifs_find_tcp_session looks for
> an existing TCP session that it can share, as well as an existing SMB
> session. If it finds the latter, then it skips the session setup.
>
> --
>
> Jeff Layton <jlayton at redhat.com>
>
--
Thanks,
Steve
More information about the linux-cifs-client
mailing list