2 files changed, 26 insertions, 5 deletions
diff --git a/fs/Kconfig b/fs/Kconfig
index d3873583360b..f0427105a619 100644
--- a/fs/Kconfig
+++ b/fs/Kconfig
@@ -1984,7 +1984,6 @@ config CIFS_EXPERIMENTAL
 config CIFS_UPCALL
          bool "Kerberos/SPNEGO advanced session setup (EXPERIMENTAL)"
-          depends on CIFS_EXPERIMENTAL
          depends on KEYS
          help
            Enables an upcall mechanism for CIFS which accesses
diff --git a/fs/cifs/README b/fs/cifs/README
index 2bd6fe556f88..68b5c1169d9d 100644
--- a/fs/cifs/README
+++ b/fs/cifs/README
@@ -642,8 +642,30 @@ The statistics for the number of total SMBs and oplock breaks are different in
 that they represent all for that share, not just those for which the server
 returned success.
        
-Also note that "cat /proc/fs/cifs/DebugData" will display information about 
+Also note that "cat /proc/fs/cifs/DebugData" will display information about
 the active sessions and the shares that are mounted.
-Enabling Kerberos (extended security) works when CONFIG_CIFS_EXPERIMENTAL is
-on but requires a user space helper (from the Samba project). NTLM and NTLMv2 and
+Enabling Kerberos (extended security) works but requires version 1.2 or later
-LANMAN support do not require this helper.
+of the helper program cifs.upcall to be present and to be configured in the
+/etc/request-key.conf file.  The cifs.upcall helper program is from the Samba
+project(http://www.samba.org). NTLM and NTLMv2 and LANMAN support do not
+require this helper. Note that NTLMv2 security (which does not require the
+cifs.upcall helper program), instead of using Kerberos, is sufficient for
+some use cases.
+Enabling DFS support (used to access shares transparently in an MS-DFS
+global name space) requires that CONFIG_CIFS_EXPERIMENTAL be enabled.  In
+addition, DFS support for target shares which are specified as UNC
+names which begin with host names (rather than IP addresses) requires
+a user space helper (such as cifs.upcall) to be present in order to
+translate host names to ip address, and the user space helper must also
+be configured in the file /etc/request-key.conf
+To use cifs Kerberos and DFS support, the Linux keyutils package should be
+installed and something like the following lines should be added to the
+/etc/request-key.conf file:
+create cifs.spnego * * /usr/local/sbin/cifs.upcall %k
+create dns_resolver * * /usr/local/sbin/cifs.upcall %k

diff --git a/fs/Kconfig b/fs/Kconfig index d3873583360b..f0427105a619 100644 --- a/fs/Kconfig +++ b/fs/Kconfig
@@ -1984,7 +1984,6 @@ config CIFS_EXPERIMENTAL
1984		1984
1985	config CIFS_UPCALL	1985	config CIFS_UPCALL
1986	bool "Kerberos/SPNEGO advanced session setup (EXPERIMENTAL)"	1986	bool "Kerberos/SPNEGO advanced session setup (EXPERIMENTAL)"
1987	depends on CIFS_EXPERIMENTAL
1988	depends on KEYS	1987	depends on KEYS
1989	help	1988	help
1990	Enables an upcall mechanism for CIFS which accesses	1989	Enables an upcall mechanism for CIFS which accesses


diff --git a/fs/cifs/README b/fs/cifs/README index 2bd6fe556f88..68b5c1169d9d 100644 --- a/fs/cifs/README +++ b/fs/cifs/README
@@ -642,8 +642,30 @@ The statistics for the number of total SMBs and oplock breaks are different in
642	that they represent all for that share, not just those for which the server	642	that they represent all for that share, not just those for which the server
643	returned success.	643	returned success.
644		644
645	Also note that "cat /proc/fs/cifs/DebugData" will display information about	645	Also note that "cat /proc/fs/cifs/DebugData" will display information about
646	the active sessions and the shares that are mounted.	646	the active sessions and the shares that are mounted.
647	Enabling Kerberos (extended security) works when CONFIG_CIFS_EXPERIMENTAL is	647
648	on but requires a user space helper (from the Samba project). NTLM and NTLMv2 and	648	Enabling Kerberos (extended security) works but requires version 1.2 or later
649	LANMAN support do not require this helper.	649	of the helper program cifs.upcall to be present and to be configured in the
		650	/etc/request-key.conf file. The cifs.upcall helper program is from the Samba
		651	project(http://www.samba.org). NTLM and NTLMv2 and LANMAN support do not
		652	require this helper. Note that NTLMv2 security (which does not require the
		653	cifs.upcall helper program), instead of using Kerberos, is sufficient for
		654	some use cases.
		655
		656	Enabling DFS support (used to access shares transparently in an MS-DFS
		657	global name space) requires that CONFIG_CIFS_EXPERIMENTAL be enabled. In
		658	addition, DFS support for target shares which are specified as UNC
		659	names which begin with host names (rather than IP addresses) requires
		660	a user space helper (such as cifs.upcall) to be present in order to
		661	translate host names to ip address, and the user space helper must also
		662	be configured in the file /etc/request-key.conf
		663
		664	To use cifs Kerberos and DFS support, the Linux keyutils package should be
		665	installed and something like the following lines should be added to the
		666	/etc/request-key.conf file:
		667
		668	create cifs.spnego * * /usr/local/sbin/cifs.upcall %k
		669	create dns_resolver * * /usr/local/sbin/cifs.upcall %k
		670
		671