diff options
| author | James Morris <jmorris@namei.org> | 2008-08-28 10:47:34 +1000 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2008-08-28 10:47:34 +1000 |
| commit | 86d688984deefa3ae5a802880c11f2b408b5d6cf (patch) | |
| tree | 7ea5e8189b0a774626d3ed7c3c87df2495a4c4a0 /fs/cifs/README | |
| parent | 93c06cbbf9fea5d5be1778febb7fa9ab1a74e5f5 (diff) | |
| parent | 4c246edd2550304df5b766cc841584b2bb058843 (diff) | |
| download | linux-3.10-86d688984deefa3ae5a802880c11f2b408b5d6cf.tar.gz linux-3.10-86d688984deefa3ae5a802880c11f2b408b5d6cf.tar.bz2 linux-3.10-86d688984deefa3ae5a802880c11f2b408b5d6cf.zip | |
Merge branch 'master' into next
Diffstat (limited to 'fs/cifs/README')
| -rw-r--r-- | fs/cifs/README | 30 |
1 files changed, 26 insertions, 4 deletions
diff --git a/fs/cifs/README b/fs/cifs/README index 2bd6fe556f8..68b5c1169d9 100644 --- a/fs/cifs/README +++ b/fs/cifs/README @@ -642,8 +642,30 @@ The statistics for the number of total SMBs and oplock breaks are different in that they represent all for that share, not just those for which the server returned success. -Also note that "cat /proc/fs/cifs/DebugData" will display information about +Also note that "cat /proc/fs/cifs/DebugData" will display information about the active sessions and the shares that are mounted. -Enabling Kerberos (extended security) works when CONFIG_CIFS_EXPERIMENTAL is -on but requires a user space helper (from the Samba project). NTLM and NTLMv2 and -LANMAN support do not require this helper. + +Enabling Kerberos (extended security) works but requires version 1.2 or later +of the helper program cifs.upcall to be present and to be configured in the +/etc/request-key.conf file. The cifs.upcall helper program is from the Samba +project(http://www.samba.org). NTLM and NTLMv2 and LANMAN support do not +require this helper. Note that NTLMv2 security (which does not require the +cifs.upcall helper program), instead of using Kerberos, is sufficient for +some use cases. + +Enabling DFS support (used to access shares transparently in an MS-DFS +global name space) requires that CONFIG_CIFS_EXPERIMENTAL be enabled. In +addition, DFS support for target shares which are specified as UNC +names which begin with host names (rather than IP addresses) requires +a user space helper (such as cifs.upcall) to be present in order to +translate host names to ip address, and the user space helper must also +be configured in the file /etc/request-key.conf + +To use cifs Kerberos and DFS support, the Linux keyutils package should be +installed and something like the following lines should be added to the +/etc/request-key.conf file: + +create cifs.spnego * * /usr/local/sbin/cifs.upcall %k +create dns_resolver * * /usr/local/sbin/cifs.upcall %k + + |