[linux-cifs-client] [RFC PATCH] CIFS posix acl permission checking
Volker Lendecke
Volker.Lendecke at SerNet.DE
Fri Mar 12 05:50:32 MST 2010
On Fri, Mar 12, 2010 at 07:35:42AM -0500, simo wrote:
> > Ok, then we rule out batch machines where there are no user
> > credentials. NFS does this fine. I know this is REALLY ugly,
> > but I have customers who need this. If you have a good
> > solution for that problem, I would really be happy to hear
> > this. Something like constrained delegation in Kerberos to
> > me sounds pretty much like the exact same hack in a
> > different place.
>
> The solution in those case is probably S4U2PROXY, or NFS.
The reason why my customer wants to get away from NFS is the
16 groups limit. Different question: Why is s4u2proxy more
secure than allowing "su - <user>" over cifs?
Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://lists.samba.org/pipermail/linux-cifs-client/attachments/20100312/17037719/attachment.pgp>
More information about the linux-cifs-client
mailing list