kerberos keyring ccache

Steve French smfltc at
Mon Jan 23 22:26:23 GMT 2006

This discussion on using the infrastructure for caching kerberos tickets 
sounds promising, but I am missing some background information on what 
has been added.   Are there pointers to background information on the topic?

The needs for cifs client (and presumably non-kernel samba client code 
eventually) would be:
1) identify whether current (perhaps current->fsuid) already has a krb5 
service ticket for a particular server/service
2) if no service ticket, request a service ticket for current
3) if ticket is expired, refresh the service ticket
4) upcall to samba tooling (similar to Samba's ntlm_auth used by some 
apache modules etc.) to SPNEGO authenticate with that ticket if SMB/CIFS 
session is not authenticated

Parts of the first three items seem like they relate to the earlier 
discussion thread - but I am not sure where to look to get up to speed 
on what has been done already for the somewhat similar cases for nfsv4 
and afs on the first three items

More information about the samba-technical mailing list