Re: Build infrastructure for storing NTLM creds in kernel keyring

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,
After small research I was defined with a key format. It is a "user" key
type with the description in next format
ntlminit:host_ip_addr:username:domain for everyone host_ip_addr returned by
getaddrinfo() from host entered by the user. The domain field can be empty
and payload consists of plain password.

Now I am puting my keys directly in the session keyring. Whether it is
necessary to create separate keyring or it is possible to do without it?

Also I have thought over algorithm of addition of a key in session keyring.
If at least for one of the host's IP addresses there is a key with it in the
description (with the same username and domain name of course) new keys are
not will be added. Whether it is correct?

Regards,
Igor Druzhinin

----- Original Message ----- From: "Jeff Layton" <jlayton@xxxxxxxxx>
To: "Jeff Layton" <jlayton@xxxxxxxxx>
Cc: "Igor Druzhinin" <jaxbrigs@xxxxxxxxx>; <linux-cifs@xxxxxxxxxxxxxxx>
Sent: Tuesday, July 06, 2010 3:09 PM
Subject: Re: Build infrastructure for storing NTLM creds in kernel keyring


On Tue, 6 Jul 2010 07:00:56 -0400
Jeff Layton <jlayton@xxxxxxxxx> wrote:

On Tue, 6 Jul 2010 14:04:44 +0400
"Igor Druzhinin" <jaxbrigs@xxxxxxxxx> wrote:

> As I saw current kernel code had no method for checking from userspace
> is
> the entered credentials are wrong without mount. Is it's right?

Correct. You really can't check without connecting to the server.

We certainly could have this tool use libsmbclient to connect to the
server and authenticate to test the creds. I wouldn't bother with that
for the initial implementation though -- keep it simple. Still it's
something to keep in mind while you're coding this up.


> But if user want to update them there are should be a mechanism for
> clearing
> old or wrong creds. As my opinion it may be something like --clear
> option.

Sounds good. You will want to be able to update or clear invalid creds.

> Besides, is it right to store multiple identical creds in keyring or
> creds
> with the same user and domain_host name?

Not sure that I see any point in multiple creds per user@host or
user@domain. Only one will ever be valid for each combination. Why
would you want multiple sets? How would you know which ones to use?



--
Jeff Layton <jlayton@xxxxxxxxx>

--
To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux