[linux-cifs-client] Improving auto.smb for user mounts

[simo]

On Mon, 2008-01-28 at 12:48 -0500, Joe Krahn wrote:
> I am working on my own version of auto.smb to handle auto-mounting of
> shares with SMB user access control, and I would like to know if the
> CIFS developers think my plan is useful, or if there are better
> alternatives being planned. It seems that there are no really good
> solutions due to various design incompatibilities, but maybe this is OK,
> at least for the near future.
> 
> My idea for auto.smb is to support a key with a @ symbol, in the form
> "user at host". Shares auto-mounted under that key use that user's
> credentials, and also sets the file permission options to match that
> user. This allows system-level auto-mounting, but keeps user-level
> access control.
> 
> I have this working right now, except that SElinux is getting in the
> way. The disadvantage is having to store credentials in a file, but it
> should be possible come up with an alternative method that requires
> manual password entry.
> 
> Thanks for any suggestions,
> Joe Krahn

I would like to see this working with the new kerberos support if
possible, at some point.

Another strategy we are pursuing is supporting transparent user
authentication (also replies on kerberos cached crdentials) on existing
mount points. IE you mount something like /home and then authentication
happen transparently (new session setup and all) when a user walks
in /home giving him proper access to his own and other users directories
similar to what you can do with NFSv4 too (at least on Solaris, not sure
what the status of transparent krb5 auth is on Linux).

Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Senior Software Engineer at Red Hat Inc. <ssorce at redhat.com>