On Sat, 13 Apr 2013 16:27:46 +0200 steve <steve@xxxxxxxxxxxx> wrote: > Ubuntu 12.10 clients in a Samba4 domain. > > Hi > We are automounting cifs using: > -osec=krb5,multiuser. > > It seems that unless the root cache: > /tmp/krb5cc_0 > is present, users cannot enter the share even if they have a ticket with > their own cache under /tmp > > Is this the correct behavior? > > If so, how to go about maintaining the cache alive. I thought about > creating s domain user, say autofs-user and extracting his keytab. I > would then run a script as root that calls k5start to maintain the > ticket cache. But then, it could be overwritten if, say, Administrator > logs in from a root account. Would that matter? So long as the root > cache is present, does it matter which principal it has? > > Cheers, > Steve You do need a krb5 ticket somewhere to use as root's credentials. If you set the cruid= mount option that can be a credcache owned by a different user. Alternately, you can set up the system-wide keytab in /etc/krb5.keytab with the correct credentials for root. -- Jeff Layton <jlayton@xxxxxxxxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe linux-cifs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
