[linux-cifs-client] Improving auto.smb for user mounts
Joe Krahn
krahn at niehs.nih.gov
Tue Jan 29 16:29:08 GMT 2008
simo wrote:
> On Mon, 2008-01-28 at 16:47 -0500, Joe Krahn wrote:
>
>> Linux support for krb5 is good. I didn't know about the new sec= feature
>> in mount.cifs. I'll experiment with using krb5.
>>
>> The complication of transparent authentication is that file permissions
>> can't just be mapped to POSIX user+group.
>
> We have id mapping.
>
>> If one user accesses a share,
>> how do you manage another user accessing the same share?
>
> New session setup, the server enforces access.
>
>> Do they also
>> need a password to access the already-mounted directory?
>
> They will need cached kerberos credentials, or a password, they get
> retrieved via an upcall mechnism.
>
>> It sort of
>> needs something like PAM for file access control.
>
> I don't get what this means exactly.
>
>> Maybe some of the
>> NFSv4 features will make this possible?
>
> Dunno, but afaik we don't need anything fancy but find time to write
> code we already planned to write.
>
> Simo.
>
My understanding is that Windows shares are designed for user-level
network connections, rather than system level auto-mounting, which is
why a new user requires a new session. But, POSIX is designed around
system-level network mounts, which is why Samba created smbsh in order
to emulate a user-level virtual network file system.
Don't you need to implement either a user-level virtual file system, or
user-level access for files in the same system-level network mount
point? Or, is the plan for each user to have their own "/smb" automount
base? All of these seem a bit 'fancy' to me. If it is already planned,
is there documentation somewhere discussing the design?
Thanks,
Joe Krahn
More information about the linux-cifs-client
mailing list