kerberized smbmount?

Mayers, Philip J p.mayers at ic.ac.uk
Wed Sep 26 06:25:15 GMT 2001 

It's doable. I made a start adding NTLMSSP-ExtendedSecurity into smbd and
libsmbclient, but the authentication rewrite was going on, and the codebase
just changed too quickly, plus other commitments meant I had a hard time
keeping up. I didn't look at smbmount, but in *theory* as long as the
SessSetup&X happens in the user-space code, it would be quite easy.

The kernel module would have to upcall out to the userspace code for
rekeying (although there are some interesting code-sharing possibilities
with the CITI NFSv4 work...). I suspect an architecture similar to CIPEs
would be best - convert the socket into "something else" by altering the
kernel vfs ops for it, only passing certain pseudo-packets back to SMBmount.
You could even implement signing and sealing in userspace that way.

Once extended-security negotiation works reliably with NTLMSSPv1/2, adding
in a Kerberos version would be relatively trivial. However, library license
issues (I prefer MIT kerberos over Heimdal) might be a problem. If someone
would like to assist me in trying this again, I'll have time in a couple of
weeks after the start of term has settled down to a simmer :o) I got stuck
getting NTLMSSP working, as I started to see NTLMSSP packets the like of
which have never been seen!

Regards,
Phil

+------------------------------------------+
| Phil Mayers                              |
| Network & Infrastructure Group           |
| Information & Communication Technologies |
| Imperial College                         |
+------------------------------------------+

-----Original Message-----
From: Andreas Boeckler [mailto:abo at netlands.de]
Sent: 26 September 2001 12:09
To: samba-ntdom at lists.samba.org
Subject: kerberized smbmount?


Hi,

is there any chance of kerberized smbmount-client in the near future.
Or is NTLM-Authentification the only way to mount a share?
it would be very neat to login via libpam_krb5.so or kinit and mount the
rest
via script.

greetings

Andy
-- 
Andreas Böckler				netlands edv consulting GbR
mailto:abo at netlands.de

BOFH excuse #358: struck by the Good Times virus

More information about the samba-technical mailing list