On Mon, 12 Sep 2011 11:01:58 +0200 Martin Wilck <martin.wilck@xxxxxxxxxxxxxx> wrote: > > For the record, I'm not 100% opposed to adding something like this as a > > workaround. What would probably be better would be a way for someone to > > specify the SPN in the mount options. The kernel could then pass that > > to the upcall and we wouldn't need to trust this string from the > > server. Admins would of course need to know what SPN to put in there > > however. Something like: > > > > -o spn=cifs/otherhostname.example.com > > Sounds good. In our AD environment, an admin can do > > ldapsearch "(cn=$COMPUTERNAME)" serviceprincipalname > > to get the supported principal name(s). > If that's the standard mechanism that windows machines use to determine this, we could consider doing something similar in cifs.upcall. Maybe add a new command-line option that tells it to query a particular LDAP server with krb5 auth to determine this? -- Jeff Layton <jlayton@xxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe linux-cifs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
