[PATCH][SMB3] mount.cifs integration with PAM

Aurélien Aptel aaptel at suse.com
Wed Sep 9 14:13:16 UTC 2020

Shyam Prasad N <nspmangalore at gmail.com> writes:
> Thoughts?

You are reaching the limits of my poor understanding of this kerberos
stuff. What is the difference between keytab and credential cache?

So IIUC you are proposing 2 ways to go about it:

a) - do PAM login in mount.cifs (which in turns calls into sssd/winbind)
   - implement umount.cifs for PAM logoff
b) - ignore PAM and winbind/sssd and do kinit in mount.cifs manually
   - would this requires umount.cifs as well?

I like (b) because it feels we have more control and don't require a big
external program like winbind *but* if (b) doesn't do the refreshing of
the tickets then the mount will always stop working after they
expire. This seems only useful for quick one-off mounting or
testing/debugging. Real end users will find it unreliable unless they
setup something like what winbind does essentially.

So ultimately, to me, (a) seems like the better choice. Let me know if I
misunderstood something.

Aurélien Aptel / SUSE Labs Samba Team
GPG: 1839 CB5F 9F5B FB9B AA97  8C99 03C8 A49B 521B D5D3
SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg, DE
GF: Felix Imendörffer, Mary Higgins, Sri Rasiah HRB 247165 (AG München)

More information about the samba-technical mailing list