Home Explore Help
Register Sign In
phyus
/
linux-vybrid_public
8
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

[CIFS] Kerberos support not considered experimental anymore

Acked-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
Steve French 16 years ago
parent
c16fefa563
commit
3d2af3465e
2 changed files with 26 additions and 5 deletions
Unified View Show Diff Stats
  1. 0 1
      fs/Kconfig
  2. 26 4
      fs/cifs/README

+ 0 - 1
fs/Kconfig
View File 

@@ -1984,7 +1984,6 @@ config CIFS_EXPERIMENTAL
 
 
 
 config CIFS_UPCALL
 
 config CIFS_UPCALL
 
 	  bool "Kerberos/SPNEGO advanced session setup (EXPERIMENTAL)"
 
 	  bool "Kerberos/SPNEGO advanced session setup (EXPERIMENTAL)"
 
-	  depends on CIFS_EXPERIMENTAL
 
 	  depends on KEYS
 
 	  depends on KEYS
 
 	  help
 
 	  help
 
 	    Enables an upcall mechanism for CIFS which accesses
 
 	    Enables an upcall mechanism for CIFS which accesses

+ 26 - 4
fs/cifs/README
View File 

@@ -642,8 +642,30 @@ The statistics for the number of total SMBs and oplock breaks are different in
 
 that they represent all for that share, not just those for which the server
 
 that they represent all for that share, not just those for which the server
 
 returned success.
 
 returned success.
 
 	
 	
-Also note that "cat /proc/fs/cifs/DebugData" will display information about 
+Also note that "cat /proc/fs/cifs/DebugData" will display information about
 
 the active sessions and the shares that are mounted.
 
 the active sessions and the shares that are mounted.
 
-Enabling Kerberos (extended security) works when CONFIG_CIFS_EXPERIMENTAL is
 
-on but requires a user space helper (from the Samba project). NTLM and NTLMv2 and
 
-LANMAN support do not require this helper.
 
+
 
+Enabling Kerberos (extended security) works but requires version 1.2 or later
 
+of the helper program cifs.upcall to be present and to be configured in the
 
+/etc/request-key.conf file.  The cifs.upcall helper program is from the Samba
 
+project(http://www.samba.org). NTLM and NTLMv2 and LANMAN support do not
 
+require this helper. Note that NTLMv2 security (which does not require the
 
+cifs.upcall helper program), instead of using Kerberos, is sufficient for
 
+some use cases.
 
+
 
+Enabling DFS support (used to access shares transparently in an MS-DFS
 
+global name space) requires that CONFIG_CIFS_EXPERIMENTAL be enabled.  In
 
+addition, DFS support for target shares which are specified as UNC
 
+names which begin with host names (rather than IP addresses) requires
 
+a user space helper (such as cifs.upcall) to be present in order to
 
+translate host names to ip address, and the user space helper must also
 
+be configured in the file /etc/request-key.conf
 
+
 
+To use cifs Kerberos and DFS support, the Linux keyutils package should be
 
+installed and something like the following lines should be added to the
 
+/etc/request-key.conf file:
 
+
 
+create cifs.spnego * * /usr/local/sbin/cifs.upcall %k
 
+create dns_resolver * * /usr/local/sbin/cifs.upcall %k
 
+
 
+