On Fri, 4 Nov 2011 11:25:43 -0500 Steve French <smfrench@xxxxxxxxx> wrote: > On Fri, Nov 4, 2011 at 9:02 AM, Jeff Layton <jlayton@xxxxxxxxx> wrote: > > On Fri, 4 Nov 2011 00:56:16 -0500 > > Steve French <smfrench@xxxxxxxxx> wrote: > > > >> On Fri, Nov 4, 2011 at 12:34 AM, Suresh Jayaraman <sjayaraman@xxxxxxxx> wrote: > >> > On 11/01/2011 03:34 PM, Jeff Layton wrote: > >> >> On Tue, 1 Nov 2011 00:12:21 +0100 > >> >> Stef Bon <stefbon@xxxxxxxxx> wrote: > >> >> > >> >>> Hi, > >> >>> > >> >>> I would like to test the multiusermounts? > >> >>> > >> >>> I know to set: > >> >>> > >> >>> echo 1 > /proc/fs/cifs/MultiuserMount > >> >>> > >> >>> and add an option to the mount command, but I can remember/read somewhere > >> >>> that one have to add some mapping somehwere: > >> >>> > >> >>> local user : remote user > >> >>> ... > >> >>> > >> >>> Is this correct? > >> >>> > >> >> > >> >> No. The MultiuserMount code that the above switch activates is > >> >> basically deprecated (and never worked very well in the first place). > >> > > >> > So, time for planning its good riddance? > >> > >> Mainly waiting for some way to have ntlmv2 enablement of multiuser > >> mount (krb5 only is too restrictive). > >> > > > > Right. The new multiuser code only works with krb5 so far. I > > think in order to deprecate the old code, we need to do the following: > > > > 1) the cifscreds program in cifs-utils will need to be cleaned up and > > completed. This would allow users to stash their NTLM creds in the > > kernel's keyring. This includes username and password, and some info > > about which creds should be used with which servers (or NT domains). > > The existing format for stashing those creds is probably not what we > > need so this is a bit of work and redesign I think. > > > > 2) code will need to be added to the kernel to fetch NTLM auth info out > > of the kernel keyring for establishing new sessions. > > > > 3) better documentation for multiuser mounts. This is always an issue, > > but multiuser is more complicated so we'll really need this. > > > > At that point, I think we can schedule the old multiuser code for > > deprecation. > > Yes. Also note probable need for optional winbind integration > to fetch creds (or winbind -> kernel keyring tie so we can get > at these creds as needed) > That's a nice-to-have, and something that can be added after we have basic support for NTLM credential stashing in the kernel. Cheers, -- Jeff Layton <jlayton@xxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe linux-cifs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
