Comment 21 for bug 236830
Revision history for this message
| Steve Langasek (vorlon) wrote Re: [Bug 236830] Re: cifs does not support kerberos authentication | #21 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
67d34a1
(Get the code!)
On Thu, Jul 24, 2008 at 08:59:56AM -0000, wzzrd wrote:
> I followed your instructions above (the request-key.conf stuff) and I am
> now able to mount a cifs share on my machine. So the kernel patch works,
> that's for sure; at least for a Kerberos cache generated during Likewise
> login (I use Likewise Open).
Great! So we can consider the kernel part successfully verified.
> What does surprise me a bit is the fact that if I klist, I can see my
> TGT and, directly after mount, the host ticket from the fileserver.
> After a while though, the latter disappears, even though I still have
> the cifs share mounted and accessible. Maybe that has something to do
> with Likewise; I'm more used to using pam_krb5, which does not purge
> tickets this soon.
I suspect that you're seeing a periodic TGT refresh from Likewise; pam_krb5
doesn't provide infrastructure to refresh tickets automatically for you, but
winbind/likewise do.
> Apart from that, I can only mount the cifs share with sec=krb, not with
> sec=krb5i. During debugging this, I found that cifs.spnego segfaults
> horribly when started on it's own. As said, mounting seems to work
> though. I'll try downloading the Intrepid samba source deb at home
> tonight, maybe you guys have applied some patches on it?
I haven't gotten krb5i working yet here either.
Cheers,
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://
<email address hidden> <email address hidden>