Shyam Prasad N <nspmangalore@xxxxxxxxx> writes: > Thoughts? You are reaching the limits of my poor understanding of this kerberos stuff. What is the difference between keytab and credential cache? So IIUC you are proposing 2 ways to go about it: a) - do PAM login in mount.cifs (which in turns calls into sssd/winbind) - implement umount.cifs for PAM logoff b) - ignore PAM and winbind/sssd and do kinit in mount.cifs manually - would this requires umount.cifs as well? I like (b) because it feels we have more control and don't require a big external program like winbind *but* if (b) doesn't do the refreshing of the tickets then the mount will always stop working after they expire. This seems only useful for quick one-off mounting or testing/debugging. Real end users will find it unreliable unless they setup something like what winbind does essentially. So ultimately, to me, (a) seems like the better choice. Let me know if I misunderstood something. Cheers, -- Aurélien Aptel / SUSE Labs Samba Team GPG: 1839 CB5F 9F5B FB9B AA97 8C99 03C8 A49B 521B D5D3 SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg, DE GF: Felix Imendörffer, Mary Higgins, Sri Rasiah HRB 247165 (AG München)
