[PATCH][SMB3] mount.cifs integration with PAM
aaptel at suse.com
Wed Sep 9 14:13:16 UTC 2020
Shyam Prasad N <nspmangalore at gmail.com> writes:
You are reaching the limits of my poor understanding of this kerberos
stuff. What is the difference between keytab and credential cache?
So IIUC you are proposing 2 ways to go about it:
a) - do PAM login in mount.cifs (which in turns calls into sssd/winbind)
- implement umount.cifs for PAM logoff
b) - ignore PAM and winbind/sssd and do kinit in mount.cifs manually
- would this requires umount.cifs as well?
I like (b) because it feels we have more control and don't require a big
external program like winbind *but* if (b) doesn't do the refreshing of
the tickets then the mount will always stop working after they
expire. This seems only useful for quick one-off mounting or
testing/debugging. Real end users will find it unreliable unless they
setup something like what winbind does essentially.
So ultimately, to me, (a) seems like the better choice. Let me know if I
Aurélien Aptel / SUSE Labs Samba Team
GPG: 1839 CB5F 9F5B FB9B AA97 8C99 03C8 A49B 521B D5D3
SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg, DE
GF: Felix Imendörffer, Mary Higgins, Sri Rasiah HRB 247165 (AG München)
More information about the samba-technical