[linux-cifs-client] Question on current state of sec=krb5* integration in cifs.ko
Holger Rauch
holger.rauch at empic.de
Fri Oct 23 09:46:02 MDT 2009
Hi Jeff,
thanks again for replying that quickly. I tried sec=krb5 and it indeed
worked (even in conjunction with autofs5). Strangely enough, it even
continued to work when the credentials cache was empty (having run
"kdestroy" deliberately in order to test Kerberos security).
I could add files even though there were no tickets left in the cache.
This shouldn't be the case, I think (at least that's how it works on
NFSv4; i.e. on NFSv4 I would get "permission denied" when tickets are
either expired or not present). Is CIFS different in this regard?
On Fri, 23 Oct 2009, Jeff Layton wrote:
> [...]
> > [8046557.008389] fs/cifs/cifssmb.c: Must sign - secFlags 0x1009
> > [8046557.015170] CIFS VFS: signing required but server lacks support
>
>
> I think this message explains the problem ^^^^
>
> You've request krb5i, but your server doesn't support signing. You
> might want to try sec=krb5 and see if that works.
What exactly is meant by "server" (Samba software, MIT Kerberos
software, etc.)? Do I need a more recent Samba, MIT Kerberos, anything
else?
Thanks again & kind regards,
Holger
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://lists.samba.org/pipermail/linux-cifs-client/attachments/20091023/91c6f0f5/attachment.pgp>
More information about the linux-cifs-client
mailing list