[linux-cifs-client] [PATCH 0/5] cifs: add support for MSKRB5
authentication
Jeff Layton
jlayton at redhat.com
Wed Aug 20 19:02:03 GMT 2008
On Wed, 20 Aug 2008 22:40:04 +0400
"Q (Igor Mammedov)" <niallain at gmail.com> wrote:
> On Wed, Aug 20, 2008 at 9:25 PM, Steve French <smfrench at gmail.com> wrote:
> > Working around the broken servers by adding the 2nd OID seems a higher
> > priority. Whether the 2nd fix (not yet written) for the MechList
> > should be merged fast or wait till 2.6.28 depends on how big/risky it
> > is (it is late in the 2.6.27 cycle).
> We can do it in not synchronized way for kernel and samba if
> cifs.upcall will support
> fall back. This way we could push MIC support in cifs.upcall as soon
> as it is possible
> and when kernel supports mechListMIC, cifs.upcall will be ready for it.
>
Yes. The mechListMIC change is less dependent on synchronization
between versions. We can change that in either place and it shouldn't
break anything.
The sec=mskrb5 change is not as forgiving. A new kernel + and older
upcall program will not work if the server sends the MSKRB5 OID first.
This is the reason that I don't want to back out that patch. It would
have been nice to have that patch make samba 3.2.2, but it looks like
we missed it...
Igor, I'll plan to respin the kernel patches if you want to concentrate
on the userspace piece. I should be able to get something ready by
Thursday sometime...
--
Jeff Layton <jlayton at redhat.com>
More information about the linux-cifs-client
mailing list