Automatic Login
The CIFS Client provides methods for accessing CIFS
mountpoints automatically. The initial request for access to a CIFS
mountpoint (cd, ls, etc.) causes the CIFS Client to log the user
in, in the background. If the background login succeeds, the user’s
request for access succeeds, and the cifslogin command
is not required.
The CIFS Client’s automatic login policy follows:
Kerberos: integration
with kinit and PAM Kerberos
If Kerberos authentication has been configured and
the user has a Ticket-Granting Ticket (TGT) in the system Kerberos credentials
cache (created explicitly with the kinit(1) command or
automatically by PAM Kerberos), the CIFS Client will use the TGT
to perform an automatic login.Please refer Chapter 4 for more information
on using Kerberos Authentication with the CIFS Client.
Integration with PAM NTLM
If PAM NTLM has been configured on the system (in /etc/pam.conf)
and the user has logged into the CIFS Client HP-UX host with PAM
NTLM, the CIFS Client will attempt to reuse the user’s
cached PAM NTLM credentials to authenticate the user to the CIFS
server. Please see Chapter 8 for more information on PAM NTLM.
User Database
If no PAM NTLM credentials are found, but the user
has an entry in the CIFS Client user database, the CIFS Client will attempt
to log the user into the CIFS server using the encrypted password
in the user’s database entry. You can use the cifslogin -s command
to save an entry in the user database or use the cifslogout -d command to delete an
entry from the user database. Please see man pages cifslogin, cifslogout for details.
 |
| |
|
 | NOTE: Automatic login using user database is not supported
with Kerberos |
|
| |
|
Guest User
This feature enables all users on the HP CIFS Client
host who are not logged into a mounted CIFS server to access the
server’s mountpoints, with the privileges of a guest user.
Please also see the detailed information on the guestUser parameter
in Chapter 7.
The following example explains how to set up guest user capabilities.
In this example, we use arbitrary names for users, systems, directories,
and shares. You can use any legal names. Perform the following steps
as root:
In the CIFS
Client configuration file, set the guestUser parameter
to cifsunix:
guestUser = “cifsunix”
We recommend that you set
up a generic HP-UX account for this purpose. Create the user cifsunix on the CIFS Client HP-UX
host. For security reasons, set any legal password for this user:
$useradd cifsunix
$passwd cifsunix
On the CIFS server ntsrv01, create the user cifsguest with password cifspass, and create the share cifspub for some directory.
On the CIFS Client host,
mount the shared directory cifspub on
the CIFS server ntsrv01, at
the local mountpoint, /mnt/cifs01:
$ mount -F cifs ntsrv01:/cifspub
/mnt/cifs01
As the HP-UX user cifsunix, log in to ntsrv01 as cifspub:
$ su cifsunix -c “cifslogin
ntsrv01 cifsguest -s”
Remote user cifsguest’s
password:cifspass
Now, when any other UNIX users on the CIFS Client HP-UX host
who have not logged into the CIFS server ntsrv01 try
to access the mountpoint, /tmnt/cifs01, they
will automatically access it as if they were UNIX user cifsunix and CIFS server user cifsguest. The -s option
to cifslogin (step e) saves
the username/password pair in the CIFS Client user database. This allows
all future guest users access to occur without any user having to
previously invoke cifslogin as
user cifsunix.
Printable version
