kerberos keyring ccache
Steve French
smfltc at us.ibm.com
Mon Jan 23 22:26:23 GMT 2006
This discussion on using the infrastructure for caching kerberos tickets
sounds promising, but I am missing some background information on what
has been added. Are there pointers to background information on the topic?
The needs for cifs client (and presumably non-kernel samba client code
eventually) would be:
1) identify whether current (perhaps current->fsuid) already has a krb5
service ticket for a particular server/service
2) if no service ticket, request a service ticket for current
3) if ticket is expired, refresh the service ticket
4) upcall to samba tooling (similar to Samba's ntlm_auth used by some
apache modules etc.) to SPNEGO authenticate with that ticket if SMB/CIFS
session is not authenticated
Parts of the first three items seem like they relate to the earlier
discussion thread - but I am not sure where to look to get up to speed
on what has been done already for the somewhat similar cases for nfsv4
and afs on the first three items
More information about the samba-technical
mailing list