[linux-cifs-client] [PATCH 0/5] cifs: add support for MSKRB5
authentication
Jeff Layton
jlayton at redhat.com
Mon Aug 18 19:41:04 GMT 2008
We've now had support for some time for "regular" KRB5 authentication,
but there are some servers that only support the Microsoft KRB5
auth flavor. This patch adds support for that auth flavor to Linux CIFS.
The main change is that the "mechListMIC" string is now parsed out of
the SPNEGO reply from the server. We then pass that to userspace as
part of the upcall string. The upcall program then can use that info
to build a SPNEGO blob for MSKRB5 authentication.
Igor Mammedov already has a patch that adds this support to the
upcall program, and I can confirm from network captures that I can
successfully authenticate to a Win2k3 server using MSKRB5.
I'll plan to commit his cifs.upcall patch if this approach looks OK.
Signed-off-by: Jeff Layton <jlayton at redhat.com>
Jeff Layton (5):
cifs: add local server pointer to cifs_setup_session
cifs: add mechListMIC pointer to TCP_Server_Info struct
cifs: parse mechListMIC out of SecurityBlob and attach to
TCP_Server_Info
cifs: add mechListMIC string to SPNEGO upcall key description
cifs: distinguish between Kerberos and MSKerberos in upcall
fs/cifs/asn1.c | 50 ++++++++++++++++++++++++++++++------------------
fs/cifs/cifs_spnego.c | 11 ++++++++-
fs/cifs/cifsglob.h | 4 ++-
fs/cifs/cifsproto.h | 3 +-
fs/cifs/cifssmb.c | 3 +-
fs/cifs/connect.c | 35 ++++++++++++++++++---------------
fs/cifs/sess.c | 2 +-
7 files changed, 67 insertions(+), 41 deletions(-)
More information about the linux-cifs-client
mailing list