Skip to content

L
linux-davinci
Commit 3d2af346 authored by Steve French's avatar Steve French
Browse files
Options

[CIFS] Kerberos support not considered experimental anymore 

Acked-by: default avatarJeff Layton <jlayton@redhat.com>
Signed-off-by: default avatarSteve French <sfrench@us.ibm.com>
parent c16fefa5
Hide whitespace changes
Inline Side-by-side
Showing with 26 additions and 5 deletions
fs/Kconfig
View file @ 3d2af346
...@@ -1984,7 +1984,6 @@ config CIFS_EXPERIMENTAL ...@@ -1984,7 +1984,6 @@ config CIFS_EXPERIMENTAL
config CIFS_UPCALL config CIFS_UPCALL
bool "Kerberos/SPNEGO advanced session setup (EXPERIMENTAL)" bool "Kerberos/SPNEGO advanced session setup (EXPERIMENTAL)"
depends on CIFS_EXPERIMENTAL
depends on KEYS depends on KEYS
help help
Enables an upcall mechanism for CIFS which accesses Enables an upcall mechanism for CIFS which accesses
......
fs/cifs/README
View file @ 3d2af346
...@@ -642,8 +642,30 @@ The statistics for the number of total SMBs and oplock breaks are different in ...@@ -642,8 +642,30 @@ The statistics for the number of total SMBs and oplock breaks are different in
that they represent all for that share, not just those for which the server that they represent all for that share, not just those for which the server
returned success. returned success.
Also note that "cat /proc/fs/cifs/DebugData" will display information about Also note that "cat /proc/fs/cifs/DebugData" will display information about
the active sessions and the shares that are mounted. the active sessions and the shares that are mounted.
Enabling Kerberos (extended security) works when CONFIG_CIFS_EXPERIMENTAL is
on but requires a user space helper (from the Samba project). NTLM and NTLMv2 and Enabling Kerberos (extended security) works but requires version 1.2 or later
LANMAN support do not require this helper. of the helper program cifs.upcall to be present and to be configured in the
/etc/request-key.conf file. The cifs.upcall helper program is from the Samba
project(http://www.samba.org). NTLM and NTLMv2 and LANMAN support do not
require this helper. Note that NTLMv2 security (which does not require the
cifs.upcall helper program), instead of using Kerberos, is sufficient for
some use cases.
Enabling DFS support (used to access shares transparently in an MS-DFS
global name space) requires that CONFIG_CIFS_EXPERIMENTAL be enabled. In
addition, DFS support for target shares which are specified as UNC
names which begin with host names (rather than IP addresses) requires
a user space helper (such as cifs.upcall) to be present in order to
translate host names to ip address, and the user space helper must also
be configured in the file /etc/request-key.conf
To use cifs Kerberos and DFS support, the Linux keyutils package should be
installed and something like the following lines should be added to the
/etc/request-key.conf file:
create cifs.spnego * * /usr/local/sbin/cifs.upcall %k
create dns_resolver * * /usr/local/sbin/cifs.upcall %k
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment