[CIFS] Kerberos support not considered experimental anymore

Acked-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
author: Steve French <sfrench@us.ibm.com> 2008-08-19 16:51:09 -0400
committer: Steve French <sfrench@us.ibm.com> 2008-08-19 16:51:09 -0400
commit: 3d2af3465e91335bd1dbf36b19e92079d901409f (patch)
tree: 828c313011e8f70f030ef872012f63238fc14362 /fs/cifs/README
parent: c16fefa56334e8d0197492607e473fdbb813073f (diff)
1 files changed, 26 insertions, 4 deletions
diff --git a/fs/cifs/README b/fs/cifs/README
index 2bd6fe556f88..68b5c1169d9d 100644
--- a/fs/cifs/README
+++ b/fs/cifs/README
@@ -642,8 +642,30 @@ The statistics for the number of total SMBs and oplock breaks are different in
 that they represent all for that share, not just those for which the server
 returned success.
        
-Also note that "cat /proc/fs/cifs/DebugData" will display information about 
+Also note that "cat /proc/fs/cifs/DebugData" will display information about
 the active sessions and the shares that are mounted.
-Enabling Kerberos (extended security) works when CONFIG_CIFS_EXPERIMENTAL is
-on but requires a user space helper (from the Samba project). NTLM and NTLMv2 and
+Enabling Kerberos (extended security) works but requires version 1.2 or later
-LANMAN support do not require this helper.
+of the helper program cifs.upcall to be present and to be configured in the
+/etc/request-key.conf file.  The cifs.upcall helper program is from the Samba
+project(http://www.samba.org). NTLM and NTLMv2 and LANMAN support do not
+require this helper. Note that NTLMv2 security (which does not require the
+cifs.upcall helper program), instead of using Kerberos, is sufficient for
+some use cases.
+Enabling DFS support (used to access shares transparently in an MS-DFS
+global name space) requires that CONFIG_CIFS_EXPERIMENTAL be enabled.  In
+addition, DFS support for target shares which are specified as UNC
+names which begin with host names (rather than IP addresses) requires
+a user space helper (such as cifs.upcall) to be present in order to
+translate host names to ip address, and the user space helper must also
+be configured in the file /etc/request-key.conf
+To use cifs Kerberos and DFS support, the Linux keyutils package should be
+installed and something like the following lines should be added to the
+/etc/request-key.conf file:
+create cifs.spnego * * /usr/local/sbin/cifs.upcall %k
+create dns_resolver * * /usr/local/sbin/cifs.upcall %k
author	Steve French <sfrench@us.ibm.com>	2008-08-19 16:51:09 -0400
committer	Steve French <sfrench@us.ibm.com>	2008-08-19 16:51:09 -0400
commit	3d2af3465e91335bd1dbf36b19e92079d901409f (patch)
tree	828c313011e8f70f030ef872012f63238fc14362 /fs/cifs/README
parent	c16fefa56334e8d0197492607e473fdbb813073f (diff)

diff --git a/fs/cifs/README b/fs/cifs/README index 2bd6fe556f88..68b5c1169d9d 100644 --- a/fs/cifs/README +++ b/fs/cifs/README
@@ -642,8 +642,30 @@ The statistics for the number of total SMBs and oplock breaks are different in
642	that they represent all for that share, not just those for which the server	642	that they represent all for that share, not just those for which the server
643	returned success.	643	returned success.
644		644
645	Also note that "cat /proc/fs/cifs/DebugData" will display information about	645	Also note that "cat /proc/fs/cifs/DebugData" will display information about
646	the active sessions and the shares that are mounted.	646	the active sessions and the shares that are mounted.
647	Enabling Kerberos (extended security) works when CONFIG_CIFS_EXPERIMENTAL is	647
648	on but requires a user space helper (from the Samba project). NTLM and NTLMv2 and	648	Enabling Kerberos (extended security) works but requires version 1.2 or later
649	LANMAN support do not require this helper.	649	of the helper program cifs.upcall to be present and to be configured in the
		650	/etc/request-key.conf file. The cifs.upcall helper program is from the Samba
		651	project(http://www.samba.org). NTLM and NTLMv2 and LANMAN support do not
		652	require this helper. Note that NTLMv2 security (which does not require the
		653	cifs.upcall helper program), instead of using Kerberos, is sufficient for
		654	some use cases.
		655
		656	Enabling DFS support (used to access shares transparently in an MS-DFS
		657	global name space) requires that CONFIG_CIFS_EXPERIMENTAL be enabled. In
		658	addition, DFS support for target shares which are specified as UNC
		659	names which begin with host names (rather than IP addresses) requires
		660	a user space helper (such as cifs.upcall) to be present in order to
		661	translate host names to ip address, and the user space helper must also
		662	be configured in the file /etc/request-key.conf
		663
		664	To use cifs Kerberos and DFS support, the Linux keyutils package should be
		665	installed and something like the following lines should be added to the
		666	/etc/request-key.conf file:
		667
		668	create cifs.spnego * * /usr/local/sbin/cifs.upcall %k
		669	create dns_resolver * * /usr/local/sbin/cifs.upcall %k
		670
		671