On Fri, Feb 16, 2024 at 8:41 AM Paulo Alcantara <pc@xxxxxxxxxxxxx> wrote: > > Shyam Prasad N <nspmangalore@xxxxxxxxx> writes: > > > need_recon would also be true in other cases, for example when the > > network is temporarily disconnected. This patch will allow changing of > > password even then. > > We could setup a special flag when the server returns a > > STATUS_LOGON_FAILURE for SessionSetup. We can make the check for that > > flag and then allow password change on remount. > > Yes. Allowing password change over remount simply because network is > disconnected is not a good idea. The user could mistype the password > when performing a remount and then everything would stop working. I agree - will change patch to do that. > Not to mention that this patch is only handling a specfic case where a > mount would have a single SMB session, which isn't true for a DFS mount. We should do a patch for that too. Agreed. > > Another option is to extend the multiuser keyring mechanism for single > > user use case as well, and use that for password update. > > Ideally, we should be able to setup multiple passwords in that keyring > > and iterate through them once to see if SessionSetup goes through. > > Yes, sounds like the best approach so far. It would allow users to > update their passwords in keyring and sysadmins could drop existing SMB > sessions from server side and then the client would reconnect by using > new password from keyring. This wouldn't even require a remount. Yes - I was discussing this with David Howells, and having a backup password in keyring is helpful in long run (and better solution for some) but we also need remount because that is what user's would intuitively try first. > Besides, marking this for -stable makes no sense. Problem we have is that it can be (and has sometimes been) a big problem for user when password keys rotate and no way to fix it other than unmount - so we will need the "easy and low risk" solution available for distros since keyring won't work for some use cases (although helpful for others) -- Thanks, Steve
