From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jeff Layton Subject: Re: How to test multiusermount? Date: Fri, 4 Nov 2011 20:46:25 -0400 Message-ID: <20111104204625.3d47fd26@corrin.poochiereds.net> References: <20111101060428.5d474bb9@tlielax.poochiereds.net> <4EB37983.3080607@suse.com> <20111104100231.57ad94d6@tlielax.poochiereds.net> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: QUOTED-PRINTABLE Cc: Suresh Jayaraman , Stef Bon , linux-cifs , David Howells To: Steve French Return-path: In-Reply-To: Sender: linux-cifs-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org List-ID: On Fri, 4 Nov 2011 11:25:43 -0500 Steve French wrote: > On Fri, Nov 4, 2011 at 9:02 AM, Jeff Layton wrote= : > > On Fri, 4 Nov 2011 00:56:16 -0500 > > Steve French wrote: > > > >> On Fri, Nov 4, 2011 at 12:34 AM, Suresh Jayaraman wrote: > >> > On 11/01/2011 03:34 PM, Jeff Layton wrote: > >> >> On Tue, 1 Nov 2011 00:12:21 +0100 > >> >> Stef Bon wrote: > >> >> > >> >>> Hi, > >> >>> > >> >>> I would like to test the multiusermounts? > >> >>> > >> >>> I know to set: > >> >>> > >> >>> =C2=A0echo 1 > /proc/fs/cifs/MultiuserMount > >> >>> > >> >>> and add an option to the mount command, but I can remember/rea= d somewhere > >> >>> that one have to add some mapping somehwere: > >> >>> > >> >>> local user : remote user > >> >>> ... > >> >>> > >> >>> Is this correct? > >> >>> > >> >> > >> >> No. The MultiuserMount code that the above switch activates is > >> >> basically deprecated (and never worked very well in the first p= lace). > >> > > >> > So, time for planning its good riddance? > >> > >> Mainly waiting for some way to have ntlmv2 enablement of multiuser > >> mount (krb5 only is too restrictive). > >> > > > > Right. The new multiuser code only works with krb5 so far. I > > think in order to deprecate the old code, we need to do the followi= ng: > > > > 1) the cifscreds program in cifs-utils will need to be cleaned up a= nd > > completed. This would allow users to stash their NTLM creds in the > > kernel's keyring. This includes username and password, and some inf= o > > about which creds should be used with which servers (or NT domains)= =2E > > The existing format for stashing those creds is probably not what w= e > > need so this is a bit of work and redesign I think. > > > > 2) code will need to be added to the kernel to fetch NTLM auth info= out > > of the kernel keyring for establishing new sessions. > > > > 3) better documentation for multiuser mounts. This is always an iss= ue, > > but multiuser is more complicated so we'll really need this. > > > > At that point, I think we can schedule the old multiuser code for > > deprecation. >=20 > Yes. Also note probable need for optional winbind integration > to fetch creds (or winbind -> kernel keyring tie so we can get > at these creds as needed) >=20 That's a nice-to-have, and something that can be added after we have basic support for NTLM credential stashing in the kernel. Cheers, --=20 Jeff Layton