Information on how to get kerberos ticket of the user in VFS/shell during conneciton

[Volker Lendecke]

On Wed, Feb 21, 2018 at 12:23:38PM +0100, Manfred Furuholmen via samba-technical wrote:
> We are actually trying to build a bridge between Windows and AFS,
> because we need to replace the native AFS client(that is no longer
> supported). We want to exporting with Samba the /afs/cell_name path
> mounted on a Linux node.
> 
> One of the major problem is the token for the AFS cell, we want to
> avoid to forge the token inside of the samba machine, and also we
> don't have Kaserver anymore (If I understood is also removed from
> Samba), for this reason i have a couple of questions:
> 
> Is it possible to have the user kerberos ticket during the execution
> of the prexec during the connection to the share? (to have as a file)?
> 
> or is it possible to have in the VFS layer for the same operation (I
> didn't see any call for that in the vfs) ?

The fake kaserver code is still around. I have not looked at that in
-- I don't know actually how many years, so it's more likely to be
broken than working. Also, this is the old krb4 stuff faking tokens.
AFS should have moved on since then, right? Is core RX still based on
krb4, or is that proper gssapi by now?

Volker

-- 
Besuchen Sie die verinice.XP 2018 in Berlin,
Anwenderkonferenz für Informationssicherheit
vom 21.-23.03.2018 im Sofitel Kurfürstendamm
Info & Anmeldung hier: http://veriniceXP.org

SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de