[linux-cifs-client] [PATCH 0/6] Introduction: implement SPNEGO/Kerberos in CIFS (try #3)

[Jeff Layton]

This try #3 of the patchset to implement krb5 mounts with CIFS. This
is essentially the same patchset as #2, but has a few small cleanups and
I've changed the upcall/downcall format to be better suited to the
current design.

At this point, I think this is pretty close to being ready for commit. I
think I've got the #define's done well enough that this should have
little effect on anyone who doesn't have CONFIG_CIFS_UPCALL set. Getting
this committed may help move along development on the userspace piece.

Again, the list of to-do's:

1) The userspace request-key program is not yet complete. Igor and Simo
Sorce have volunteered to write it. I've used Igor's userspace program
to test it, but it needs some work (primarily work on having it deal
with different UID's). I can envision this being part of the samba tree.
smbclient needs to roll up SPNEGO blobs too, so it seems like that code
could be shared. I'll defer that decision to those who are writing
the program, though...

2) Multi-stage SPNEGO conversations are not yet implemented. It
shouldn't be too tough to add them, but as of today, I'm not clear on
what they actually look like on the wire. Particularly, I don't know
what the SMB status field will look like. So for now, if multi-stage
SPNEGO is needed, the mount will probably fail. If someone is able
to trigger this and can provide captures or info about it, then we
should be able to get that added.

3) multi-user mounts are not currently implemented. I've been chatting
with Steve about the best scheme for handling them, so for now, things
are pretty much still single-user.

Many thanks to Simo Sorce, Steve French and Igor Mammedov for guidance
and sample code on this. Comments are appreciated.

Signed-off-by: Jeff Layton <jlayton at redhat.com>