[linux-cifs-client] [RFC PATCH] CIFS posix acl permission checking
Volker Lendecke
Volker.Lendecke at SerNet.DE
Fri Mar 12 06:03:06 MST 2010
On Fri, Mar 12, 2010 at 07:58:03AM -0500, simo wrote:
> > The reason why my customer wants to get away from NFS is the
> > 16 groups limit. Different question: Why is s4u2proxy more
> > secure than allowing "su - <user>" over cifs?
>
> Because you can control at the KDC level which tickets the server is
> allowed to get. And without giving out user credentials or even root
> credentials. And because this way you don't change the security model.
Ok. Which KDCs support this?
Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://lists.samba.org/pipermail/linux-cifs-client/attachments/20100312/0a9d49d3/attachment.pgp>
More information about the linux-cifs-client
mailing list