[PATCH 0/2] cifs: pass credcache name to upcall when doing krb5 auth (RFC)

Jeff Layton jlayton at redhat.com
Tue Apr 21 12:28:29 GMT 2009

The problem: cifs.upcall doesn't handle the case where we have a
non-default credcache name. This is common when pam_krb5 is used. The
credcache will usually have a name with some random characters appended:

So we get a cache that's something like "FILE:/tmp/krb5cc_50001_nIiMF2"
instead of "FILE:/tmp/krb5cc_50001".

When this is the case, then cifs.upcall can't find the credcache and
mounts fail. What we need to do is to look for the $KRB5CCNAME env var
in mount.cifs and then pass it to the kernel so that it can pass it to

We could add a new field for this, but when using sec=krb5, we don't use
the "pass=" option anyway. This set (and the forthcoming kernel patch)
add this capability and allow krb5 mounts to work with credcaches given
by mount.cifs.

If this looks feasible, then I'll see about doing some other cleanups
to turn sesInfo->password into a more general "credinfo" field.

We'll also need to fix mount.cifs to handle the situation correctly
when someone specifies both pass= and sec=krb5 options.

Jeff Layton (2):
  cifs.upcall: allow use of alternate credcache name
  mount.cifs: stuff pass= option with $KRB5CCNAME when sec=krb5 is

 source3/client/cifs.upcall.c |   34 +++++++++++++++++++++++-----------
 source3/client/mount.cifs.c  |    9 +++++++--
 2 files changed, 30 insertions(+), 13 deletions(-)

More information about the samba-technical mailing list