On 2022-07-21 23:45, Nick Guenther wrote:
[...]
I see in this old thread https://www.spinics.net/lists/linux-cifs/msg18249.html that you actually want to go the _other_ direction, and isolate your sessions even more:
multiuser SMB connections should also be initiated per session, same like the
keyring. Currently the cifs SMB connections are accessible also from other all
sessions.
That needs to be implemented indeed.
but that doesn't sound like it would make my users happy. In their perspective, tmux should be the same environment as ssh or as the GUI, just more persistent. And I tend to agree.
Anyway, I hope this isn't too intricate or confusing for you. I would really appreciate a second opinion, and maybe a consideration of that patch, if that patch is actually the right answer.
As another user, I'd expect the keyring search to be done recursively --
start from the session keyring as now, but follow the link into the user
keyring, which is usually present (and isn't that its whole purpose?)
Then pam_cifscreds could be told which one to insert keys to, allowing
it to be used both ways depending on needs -- just like how Kerberos or
AFS can also have either isolated credentials or user-wide ones.
