I have a newer version of the cifs-upcall patch which follows the linux coding standards. I have taken a look at the use of krb5_context through out all the code and reduced the usage of krb5_context to one call. John Dey On 8/22/16, 5:29 AM, "Jeff Layton" <jlayton@xxxxxxxxx> wrote: >The handling of krb5 in cifs.upcall has always been pretty klunky. It >rolls through /tmp, trying to find the latest credcache and has some >hacks to allow it to use DIR: caches as well, but none of that really >works for KEYRING:, which is pretty common these days. > >In practice, I doubt anyone relies on that behavior. What most people >want is for cifs.upcall to find the default credcache for a user given >krb5.conf -- full stop. > >This patchset rips out most of the unneeded machinery in cifs.upcall, >and just has it find the default credcache and verify that it has a >valid TGT. If not then we'll try to init it from the keytab as before. > >I think there's some more opportunity to clean up this code in the >future as well. Currently we pass around strings that represent the >credcache, and that could be made more efficient. It might also be >good to just reimplement the whole thing with gssapi calls instead. > >Still, this is a good step in that direction I think. > >Jeff Layton (3): > aclocal: fix typo in idmap.m4 > cifs.upcall: use krb5 routines to get default ccname > cifs.upcall: make the krb5_context a static global variable > > aclocal/idmap.m4 | 2 +- > cifs.upcall.c | 185 ++++++++++--------------------------------------------- > 2 files changed, 32 insertions(+), 155 deletions(-) > >-- >2.7.4 > ��.n��������+%������w��{.n�����{�����ܨ}���Ơz�j:+v�����w����ޙ��&�)ߡ�a����z�ޗ���ݢj��w�f