Hi, On Mon, Mar 29, 2021 at 06:25:49PM +0200, Aurélien Aptel wrote:
When you use a password you're actually not using krb5 (even in smbclient), you're using NTLMSSP authentication.
As far as I understand, you (can) use a password to obtain a krb5-token, which is then used for sec=krb5. From a users point of view, you enter username and password and get access. Whether this is using krb5 and a token or some other mechanism is usually something a user doesn't even want to know about. What they know is a username/password combination and a share name on some remote machine. If the mechanism happens to be krb5 (isn't that even the default on Windows shares?), you might need a temporary token, but I wonder if that "technicality" couldn't be made transparent to the user by default. This would make mounting Windows shares a lot less 'messy' to users.
4. Currently, trying sec=krb5 without token cache files results in therather obscure error "mount error(2): No such file or directory". Could this me changed into something that points users to the actual cause of the error?Sadly we don't have much to work with. Mounting is done with a single system call mount() which can only return 1 error code from the list of errno codes https://man7.org/linux/man-pages/man3/errno.3.html
That is unfortunate. However, not even verbose mounting gave me any indication of what it was that is actually failing. Maybe, before returning ENOENT, cifs you print something else, possibly at least with
high verbosity/debugging enabled.
I think you are :) thanks for reporting.
Thanks for your time responding. :) Frank
Attachment:
signature.asc
Description: PGP signature
