From 5e30595bd713eb4dbe59f77534d8d81f1dbd12b4 Mon Sep 17 00:00:00 2001 From: Steve French Date: Tue, 19 Aug 2008 20:51:09 +0000 Subject: [PATCH] --- yaml --- r: 109159 b: refs/heads/master c: 3d2af3465e91335bd1dbf36b19e92079d901409f h: refs/heads/master i: 109157: dd61765477117894e71782fd7756bff936a4c8c9 109155: b39fd6f47294bae1e6a79f0639fa591082c1d37c 109151: 5f865ac74fa3ed9fe0500c6d65e949f66452e59d v: v3 --- [refs] | 2 +- trunk/fs/Kconfig | 1 - trunk/fs/cifs/README | 30 ++++++++++++++++++++++++++---- 3 files changed, 27 insertions(+), 6 deletions(-) diff --git a/[refs] b/[refs] index 13f3aabe5cd4..b1b9f66faee2 100644 --- a/[refs] +++ b/[refs] @@ -1,2 +1,2 @@ --- -refs/heads/master: c16fefa56334e8d0197492607e473fdbb813073f +refs/heads/master: 3d2af3465e91335bd1dbf36b19e92079d901409f diff --git a/trunk/fs/Kconfig b/trunk/fs/Kconfig index d3873583360b..f0427105a619 100644 --- a/trunk/fs/Kconfig +++ b/trunk/fs/Kconfig @@ -1984,7 +1984,6 @@ config CIFS_EXPERIMENTAL config CIFS_UPCALL bool "Kerberos/SPNEGO advanced session setup (EXPERIMENTAL)" - depends on CIFS_EXPERIMENTAL depends on KEYS help Enables an upcall mechanism for CIFS which accesses diff --git a/trunk/fs/cifs/README b/trunk/fs/cifs/README index 2bd6fe556f88..68b5c1169d9d 100644 --- a/trunk/fs/cifs/README +++ b/trunk/fs/cifs/README @@ -642,8 +642,30 @@ The statistics for the number of total SMBs and oplock breaks are different in that they represent all for that share, not just those for which the server returned success. -Also note that "cat /proc/fs/cifs/DebugData" will display information about +Also note that "cat /proc/fs/cifs/DebugData" will display information about the active sessions and the shares that are mounted. -Enabling Kerberos (extended security) works when CONFIG_CIFS_EXPERIMENTAL is -on but requires a user space helper (from the Samba project). NTLM and NTLMv2 and -LANMAN support do not require this helper. + +Enabling Kerberos (extended security) works but requires version 1.2 or later +of the helper program cifs.upcall to be present and to be configured in the +/etc/request-key.conf file. The cifs.upcall helper program is from the Samba +project(http://www.samba.org). NTLM and NTLMv2 and LANMAN support do not +require this helper. Note that NTLMv2 security (which does not require the +cifs.upcall helper program), instead of using Kerberos, is sufficient for +some use cases. + +Enabling DFS support (used to access shares transparently in an MS-DFS +global name space) requires that CONFIG_CIFS_EXPERIMENTAL be enabled. In +addition, DFS support for target shares which are specified as UNC +names which begin with host names (rather than IP addresses) requires +a user space helper (such as cifs.upcall) to be present in order to +translate host names to ip address, and the user space helper must also +be configured in the file /etc/request-key.conf + +To use cifs Kerberos and DFS support, the Linux keyutils package should be +installed and something like the following lines should be added to the +/etc/request-key.conf file: + +create cifs.spnego * * /usr/local/sbin/cifs.upcall %k +create dns_resolver * * /usr/local/sbin/cifs.upcall %k + +