[linux-cifs-client] mount.cifs + kerberos + pam_mount

Jeff Layton jlayton at redhat.com
Tue Jan 29 00:13:59 GMT 2008


On Mon, 28 Jan 2008 14:25:18 -0700
Doug Kelly <dougk at dougk-ff7.net> wrote:

> On Mon, Jan 28, 2008 at 03:47:27PM -0500, Lynn Zhang wrote:
> > Hi Simo,
> > 
> > Which kernel version  and mount.cifs begins to support sec=krb5?
> > What is the limited kerberos support?
> > 
> I'm in the same boat, but as far as I know, it's only what currently
> exists in the cifs branch of the kernel's git tree.  Specifically,
> linux/kernel/git/sfrench/cifs-2.6.git from git.kernel.org.
> 
> I don't believe much of the required support has been merged into the
> current development kernel. 
>


I believe all of the relevant kernel patches have now been merged into Linus'
tree. mount.cifs just needed minor changes to make this work, but there is an upcall program that was recently added to the client dir of the samba source tree. That program is required for kerberos auth. I'm not sure exactly what release of samba added it, but it should be in anything relatively recent. Distro maintainers will need to add it to their packages however so you'll probably need to build samba from sources in order to use it.

> I believe I'm in the same boat as you,
> except I also have DFS to worry about... fortunately, we've at least
> got a workable solution using pam_mount without sec=krb5 (it seems to
> behave just fine, from what I've noticed).
> 
> If you need help getting that going, feel free to ask me.  I'll
> provide as much help as I can. 
> 


-- 
Jeff Layton <jlayton at redhat.com>


More information about the linux-cifs-client mailing list