[RFC/PATCH] cifs.upcall: use kernel.provided principal name if available
Martin Wilck
martin.wilck at ts.fujitsu.com
Wed Sep 7 08:16:09 MDT 2011
Hi Jeff,
> (re-cc'ing linux-cifs and cc'ing samba-technical)
(Sorry, I can't currently post to linux-cifs, there seems to be general
problem resolving kernel.org host names, therefore I'm ommiting it).
> We've discussed this on the list many times before, but the most
> comprehensive discussion is here. I recommend reading over that as it
> explains the problems in detail:
>
> http://lists.samba.org/archive/linux-cifs-client/2008-August/003348.html
>
> Really, the best answer is not to rely on this. Windows clients never
> have, and recent windows servers don't even populate the field.
Forgive my ignorance ...
if Windows clients don't use this, how do the Windows machines obtain
the credentials to be able to use CIFS shares without password? I was
thinking this was done using Kerberos. Do Windows clients have some
other magic to obtain the SPN rather then via the server-supplied field?
In my environment, a host called "somehost.domain.net" uses a principal
like "c10102a$@DOMAIN.NET", where "c10102a.domain.net" appears to be the
result of the reverse DNS lookup of the IP address of
"somehost.domain.net". I have no idea if that's a general rule or just a
special property of this environment.
Martin
--
Dr. Martin Wilck
PRIMERGY System Software Engineer
x86 Server Engineering
FUJITSU
Fujitsu Technology Solutions GmbH
Heinz-Nixdorf-Ring 1
33106 Paderborn, Germany
Phone: ++49 5251 525 2796
Fax: ++49 5251 525 2820
Email: martin.wilck at ts.fujitsu.com
Internet: http://ts.fujitsu.com
Company Details: http://ts.fujitsu.com/imprint
More information about the samba-technical
mailing list