On Fri, Nov 4, 2011 at 9:02 AM, Jeff Layton <[email protected]> wrote: > On Fri, 4 Nov 2011 00:56:16 -0500 > Steve French <[email protected]> wrote: > >> On Fri, Nov 4, 2011 at 12:34 AM, Suresh Jayaraman <[email protected]> >> wrote: >> > On 11/01/2011 03:34 PM, Jeff Layton wrote: >> >> On Tue, 1 Nov 2011 00:12:21 +0100 >> >> Stef Bon <[email protected]> wrote: >> >> >> >>> Hi, >> >>> >> >>> I would like to test the multiusermounts? >> >>> >> >>> I know to set: >> >>> >> >>> echo 1 > /proc/fs/cifs/MultiuserMount >> >>> >> >>> and add an option to the mount command, but I can remember/read somewhere >> >>> that one have to add some mapping somehwere: >> >>> >> >>> local user : remote user >> >>> ... >> >>> >> >>> Is this correct? >> >>> >> >> >> >> No. The MultiuserMount code that the above switch activates is >> >> basically deprecated (and never worked very well in the first place). >> > >> > So, time for planning its good riddance? >> >> Mainly waiting for some way to have ntlmv2 enablement of multiuser >> mount (krb5 only is too restrictive). >> > > Right. The new multiuser code only works with krb5 so far. I > think in order to deprecate the old code, we need to do the following: > > 1) the cifscreds program in cifs-utils will need to be cleaned up and > completed. This would allow users to stash their NTLM creds in the > kernel's keyring. This includes username and password, and some info > about which creds should be used with which servers (or NT domains). > The existing format for stashing those creds is probably not what we > need so this is a bit of work and redesign I think. > > 2) code will need to be added to the kernel to fetch NTLM auth info out > of the kernel keyring for establishing new sessions. > > 3) better documentation for multiuser mounts. This is always an issue, > but multiuser is more complicated so we'll really need this. > > At that point, I think we can schedule the old multiuser code for > deprecation.
Yes. Also note probable need for optional winbind integration to fetch creds (or winbind -> kernel keyring tie so we can get at these creds as needed) -- Thanks, Steve -- To unsubscribe from this list: send the line "unsubscribe linux-cifs" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
