[linux-cifs-client] Kerberos5 support in cifs pathset [PATCH: 1/4] adds support for signing required for kerberos

Jeff Layton jlayton at redhat.com
Thu Oct 25 18:11:14 GMT 2007


On Thu, 25 Oct 2007 18:16:42 +0400
"Q (Igor Mammedov)" <qwerty0987654321 at mail.ru> wrote:

> Jeff Layton wrote:
> > We'll need something analogous to the
> > ntlmv2_resp struct for kerberos, but I'm unclear on what that should
> > look like. If you have insight into that, please let me know.
> 
> I don't see what for something like ntlmv2_resp is needed for
> kerberos secblob just passed to/from userspace as is.

I guess I was just uncomfortable writing the kerberos sesskey into a
union member called "ntlm" :-). It does work though. One thing we
probably need to do is determine how big these keys actually can be
so that we can make sure that the union is sized correctly.

> However in a case of multi-stage negotiation we probably will need 
> persistent kerberos/auth context in user space handler 
> (=daemon+interface via request_key to it).
> 

Yes. I've pretty much handed off the userspace piece to Simo, and he
mentioned that he'd likely have to do something like that.

Thanks,
-- 
Jeff Layton <jlayton at redhat.com>


More information about the linux-cifs-client mailing list