В Mon, 16 Jun 2014 13:18:34 +0200
lynn
On Mon, 2014-06-16 at 07:02 +0400, Andrey Borzenkov wrote:
В Mon, 09 Jun 2014 18:30:15 +0200 lynn
пишет: mount(generic): calling mount -t cifs -s -o sec=krb5,username=cifsuser,multiuser //altea/users/julie /home/users/julie ^^^^^^^^^
I wonder - on behalf of which user does it connect? I.e. - it needs Kerberos ticket, right? When this ticket is acquired?
The user is already a ticket holder at the time she makes the request for the cifs/ service. cifsuser is a domain user with just enough privileges to make the mount on behalf of whoever requests it. The upcall obtains the service ticket on behalf of the user at the time of the mount request. This is invisible to the user as the cifsuser key is made available via the keytab.
Maybe this is not the best way to do it?
Oh, I really do not know. I just try to more or less randomly poke around at possible issues. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org