[linux-cifs-client] [RFC PATCH] CIFS posix acl permission checking

[simo]

On Fri, 2010-03-12 at 14:03 +0100, Volker Lendecke wrote:
> On Fri, Mar 12, 2010 at 07:58:03AM -0500, simo wrote:
> > > The reason why my customer wants to get away from NFS is the
> > > 16 groups limit. Different question: Why is s4u2proxy more
> > > secure than allowing "su - <user>" over cifs?
> > 
> > Because you can control at the KDC level which tickets the server is
> > allowed to get. And without giving out user credentials or even root
> > credentials. And because this way you don't change the security model.
> 
> Ok. Which KDCs support this?

AD and MIT 1.8, although I the latter one may require so work to make
the delegation easier to manage.

Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Principal Software Engineer at Red Hat, Inc. <simo at redhat.com>