From mboxrd@z Thu Jan  1 00:00:00 1970
From: steve <steve-dZ4O0aZtNmBWk0Htik3J/w@public.gmane.org>
Subject: kerberised cifs must have root krb5cc_0 cache?
Date: Sat, 13 Apr 2013 16:27:46 +0200
Message-ID: <51696B62.7060103@steve-ss.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
To: linux-cifs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Return-path: <linux-cifs-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>
Sender: linux-cifs-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
List-ID: <linux-cifs.vger.kernel.org>

Ubuntu 12.10 clients in a Samba4 domain.

Hi
We are automounting cifs using:
-osec=krb5,multiuser.

It seems that unless the root cache:
/tmp/krb5cc_0
is present, users cannot enter the share even if they have a ticket with 
their own cache under /tmp

Is this the correct behavior?

If so, how to go about maintaining the cache alive. I thought about 
creating s domain user, say autofs-user and extracting his keytab. I 
would then run a script as root that calls k5start to maintain the 
ticket cache. But then, it could be overwritten if, say, Administrator 
logs in from a root account. Would that matter? So long as the root 
cache is present, does it matter which principal it has?

Cheers,
Steve