[PATCH][SMB3] mount.cifs integration with PAM

Aurélien Aptel aaptel at suse.com
Mon Feb 1 10:51:32 UTC 2021

Shyam Prasad N <nspmangalore at gmail.com> writes:
> It just occurred to me that integrating with mount.cifs will not
> suffice for a multiuser scenario.
> It sounds like we need to modify cifscreds command to have a switch
> for cifscreds command; if used in krb5 context, instead of dealing
> with kernel keyring, we authenticate with PAM (for add) and call PAM
> logoff (for clear).
> If users are then missing krb5 tickets (logged in to ssh using private
> keys), they can call cifscreds to get the tickets.
> @Pavel Shilovsky @Aurélien Aptel Please let me know what you think
> about this approach.
> If you agree, I'll start working on the patch.

Hm what happens where there are multiple mounts with different auth type
on the same machine. e.g.

//host/share1 as userA in /mnt/1 via ntlmssp
//host/share2 as userA in /mnt/2 via krb

cifscreds should change both no?

Aurélien Aptel / SUSE Labs Samba Team
GPG: 1839 CB5F 9F5B FB9B AA97  8C99 03C8 A49B 521B D5D3
SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg, DE
GF: Felix Imendörffer, Mary Higgins, Sri Rasiah HRB 247165 (AG München)

More information about the samba-technical mailing list