LinuxCIFS CredentialStashing: Difference between revisions

From SambaWiki
No edit summary
 
Line 7: Line 7:
At its core, we need this:
At its core, we need this:


* a userspace program that can stash the appropriate info in the keyctl keyring. The per-user keying is probably a good choice, but there may be an argument for doing this on a per-session basis.
* a userspace program that can stash the appropriate info in the keyctl keyring.
**The per-user keying is probably a good choice, but there may be an argument for doing this on a per-session basis.
* kernel code to get that info out of the keyring so that CIFS can use it
* kernel code to get that info out of the keyring so that CIFS can use it

Revision as of 07:14, 6 May 2010

Overview

This is a companion project to LinuxCIFS_MultisessionMount. With them, session setup is delayed and we cannot prompt for authentication info at session setup time. This effectively limits that work to using Kerberos auth.

It needn't be that way however. If we could stash authentication info on a per-user basis, then we could use any NTLM-based authentication scheme.

A breakdown of the project

At its core, we need this:

  • a userspace program that can stash the appropriate info in the keyctl keyring.
    • The per-user keying is probably a good choice, but there may be an argument for doing this on a per-session basis.
  • kernel code to get that info out of the keyring so that CIFS can use it
Retrieved from "https://wiki.samba.org/index.php?title=LinuxCIFS_CredentialStashing&oldid=5349"