[linux-cifs-client] Improving auto.smb for user mounts

simo idra at samba.org
Mon Jan 28 22:29:37 GMT 2008


On Mon, 2008-01-28 at 16:47 -0500, Joe Krahn wrote:

> Linux support for krb5 is good. I didn't know about the new sec= feature
> in mount.cifs. I'll experiment with using krb5.
> 
> The complication of transparent authentication is that file permissions
> can't just be mapped to POSIX user+group.

We have id mapping.

> If one user accesses a share,
> how do you manage another user accessing the same share?

New session setup, the server enforces access.

>  Do they also
> need a password to access the already-mounted directory?

They will need cached kerberos credentials, or a password, they get
retrieved via an upcall mechnism.

>  It sort of
> needs something like PAM for file access control.

I don't get what this means exactly.

>  Maybe some of the
> NFSv4 features will make this possible?

Dunno, but afaik we don't need anything fancy but find time to write
code we already planned to write.

Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Senior Software Engineer at Red Hat Inc. <ssorce at redhat.com>



More information about the linux-cifs-client mailing list