[linux-cifs-client] Kerberos5 support in cifs pathset [PATCH: 0/4]

Q (Igor Mammedov) qwerty0987654321 at mail.ru
Mon Oct 22 17:09:08 GMT 2007


Hi Jra and Steve,

Complete Kerberos5 support patch is attached (against kernel 2.6.22.9).

Before mounting user must have TGT acquired and cached (for example 
using kinit).

For mounting I used followed command:

mount -t cifs \\\\server\\share /mnt -o guest,sec=krb5i

Share will be mounted with calling user credentials(TGT) and key will be 
saved in user's session keyring.

Additionaly to make patch easyer for review I will send it in following 
small parts:

krb_signing.patch  -  adds support for signing required for kerberos

enable_krb5_in_NEG_and_SESS_SETUP_req.patch - enables extended security 
in NEG... and SESSION_SETUP... requests when mounting with krb5i option

spnego_upcall_handling.patch - upcall handling via KEYS API for getting 
security blob and session key

spnego_request_key_utility.patch - userspace utility for creating 
security blob and getting session key.

patch: spnego_upcall_handling.patch depends on the first 2 patches.


Comments are appreciated.

-- 

Best regards,

-------------------------
Igor Mammedov,
niallain "at" gmail.com




-------------- next part --------------
A non-text attachment was scrubbed...
Name: krb5.patch.gz
Type: application/x-gzip
Size: 12120 bytes
Desc: not available
Url : http://lists.samba.org/archive/linux-cifs-client/attachments/20071022/f27d85ee/krb5.patch-0001.bin


More information about the linux-cifs-client mailing list