[CIFS] Kerberos support not considered experimental anymore

Acked-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
This commit is contained in:
Steve French 2008-08-19 20:51:09 +00:00
parent c16fefa563
commit 3d2af3465e
2 changed files with 26 additions and 5 deletions

View file

@ -1984,7 +1984,6 @@ config CIFS_EXPERIMENTAL
config CIFS_UPCALL
bool "Kerberos/SPNEGO advanced session setup (EXPERIMENTAL)"
depends on CIFS_EXPERIMENTAL
depends on KEYS
help
Enables an upcall mechanism for CIFS which accesses

View file

@ -642,8 +642,30 @@ The statistics for the number of total SMBs and oplock breaks are different in
that they represent all for that share, not just those for which the server
returned success.
Also note that "cat /proc/fs/cifs/DebugData" will display information about
Also note that "cat /proc/fs/cifs/DebugData" will display information about
the active sessions and the shares that are mounted.
Enabling Kerberos (extended security) works when CONFIG_CIFS_EXPERIMENTAL is
on but requires a user space helper (from the Samba project). NTLM and NTLMv2 and
LANMAN support do not require this helper.
Enabling Kerberos (extended security) works but requires version 1.2 or later
of the helper program cifs.upcall to be present and to be configured in the
/etc/request-key.conf file. The cifs.upcall helper program is from the Samba
project(http://www.samba.org). NTLM and NTLMv2 and LANMAN support do not
require this helper. Note that NTLMv2 security (which does not require the
cifs.upcall helper program), instead of using Kerberos, is sufficient for
some use cases.
Enabling DFS support (used to access shares transparently in an MS-DFS
global name space) requires that CONFIG_CIFS_EXPERIMENTAL be enabled. In
addition, DFS support for target shares which are specified as UNC
names which begin with host names (rather than IP addresses) requires
a user space helper (such as cifs.upcall) to be present in order to
translate host names to ip address, and the user space helper must also
be configured in the file /etc/request-key.conf
To use cifs Kerberos and DFS support, the Linux keyutils package should be
installed and something like the following lines should be added to the
/etc/request-key.conf file:
create cifs.spnego * * /usr/local/sbin/cifs.upcall %k
create dns_resolver * * /usr/local/sbin/cifs.upcall %k