[PATCH][SMB3] mount.cifs integration with PAM
Aurélien Aptel
aaptel at suse.com
Mon Feb 1 10:51:32 UTC 2021
Shyam Prasad N <nspmangalore at gmail.com> writes:
> It just occurred to me that integrating with mount.cifs will not
> suffice for a multiuser scenario.
> It sounds like we need to modify cifscreds command to have a switch
> for cifscreds command; if used in krb5 context, instead of dealing
> with kernel keyring, we authenticate with PAM (for add) and call PAM
> logoff (for clear).
> If users are then missing krb5 tickets (logged in to ssh using private
> keys), they can call cifscreds to get the tickets.
>
> @Pavel Shilovsky @Aurélien Aptel Please let me know what you think
> about this approach.
> If you agree, I'll start working on the patch.
Hm what happens where there are multiple mounts with different auth type
on the same machine. e.g.
//host/share1 as userA in /mnt/1 via ntlmssp
//host/share2 as userA in /mnt/2 via krb
cifscreds should change both no?
Cheers,
--
Aurélien Aptel / SUSE Labs Samba Team
GPG: 1839 CB5F 9F5B FB9B AA97 8C99 03C8 A49B 521B D5D3
SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg, DE
GF: Felix Imendörffer, Mary Higgins, Sri Rasiah HRB 247165 (AG München)
More information about the samba-technical
mailing list