This section assumes that the CIFS server and client have
negotiated the use of Kerberos.
Explicit
login: cifslogin |
 |
Kerberos authentication is implemented transparently into
this command. Required Kerberos credentials (TGT and ST) are acquired from
the KDC on behalf of the user and the Service Ticket (ST) is sent
to the CIFS server within a SESSION_SETUP request. No special action
is performed by the user.
Automatic
login: Integration with System Kerberos Cache (kinit(1) and PAM
Kerberos) |
|
This feature allows users to access mounted CIFS servers without
uisng cifslogin. If you have
a pre-existing Ticket-Granting Ticket (TGT) in the system Kerberos
cache, established with kinit(1) or
PAM Kerberos, you can attempt to access the CIFS mountpoint directly
(cd, ls, etc.). The CIFS Client
uses the TGT to acquire a Service Ticket (ST) for the mounted CIFS
server and performs a CIFS login, all in the background. It is unnecessary
for you to explicitly invoke cifslogin this
case.
Ticket
Lifetime |
|
Maximum ticket lifetime is controlled by the configuration
of the KDC. For cifslogin, the
CIFS client requests a lifetime of 30 days for a TGT. Thus, the
actual lifetime of a TGT issued to a CIFS client is the lesser of 30
days and the configured maximum at the KDC. For automatic login, the
expiration time of a user’s ST is equal to the expiration
time of the TGT in the system cache.
Printable version
