[linux-cifs-client] Kerberos5 support in cifs pathset [PATCH: 0/4]
Q (Igor Mammedov)
qwerty0987654321 at mail.ru
Mon Oct 22 17:09:08 GMT 2007
Hi Jra and Steve,
Complete Kerberos5 support patch is attached (against kernel 2.6.22.9).
Before mounting user must have TGT acquired and cached (for example
using kinit).
For mounting I used followed command:
mount -t cifs \\\\server\\share /mnt -o guest,sec=krb5i
Share will be mounted with calling user credentials(TGT) and key will be
saved in user's session keyring.
Additionaly to make patch easyer for review I will send it in following
small parts:
krb_signing.patch - adds support for signing required for kerberos
enable_krb5_in_NEG_and_SESS_SETUP_req.patch - enables extended security
in NEG... and SESSION_SETUP... requests when mounting with krb5i option
spnego_upcall_handling.patch - upcall handling via KEYS API for getting
security blob and session key
spnego_request_key_utility.patch - userspace utility for creating
security blob and getting session key.
patch: spnego_upcall_handling.patch depends on the first 2 patches.
Comments are appreciated.
--
Best regards,
-------------------------
Igor Mammedov,
niallain "at" gmail.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: krb5.patch.gz
Type: application/x-gzip
Size: 12120 bytes
Desc: not available
Url : http://lists.samba.org/archive/linux-cifs-client/attachments/20071022/f27d85ee/krb5.patch-0001.bin
More information about the linux-cifs-client
mailing list