aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--fs/Kconfig1
-rw-r--r--fs/cifs/README30
2 files changed, 26 insertions, 5 deletions
diff --git a/fs/Kconfig b/fs/Kconfig
index d3873583360b..f0427105a619 100644
--- a/fs/Kconfig
+++ b/fs/Kconfig
@@ -1984,7 +1984,6 @@ config CIFS_EXPERIMENTAL
1984 1984
1985config CIFS_UPCALL 1985config CIFS_UPCALL
1986 bool "Kerberos/SPNEGO advanced session setup (EXPERIMENTAL)" 1986 bool "Kerberos/SPNEGO advanced session setup (EXPERIMENTAL)"
1987 depends on CIFS_EXPERIMENTAL
1988 depends on KEYS 1987 depends on KEYS
1989 help 1988 help
1990 Enables an upcall mechanism for CIFS which accesses 1989 Enables an upcall mechanism for CIFS which accesses
diff --git a/fs/cifs/README b/fs/cifs/README
index 2bd6fe556f88..68b5c1169d9d 100644
--- a/fs/cifs/README
+++ b/fs/cifs/README
@@ -642,8 +642,30 @@ The statistics for the number of total SMBs and oplock breaks are different in
642that they represent all for that share, not just those for which the server 642that they represent all for that share, not just those for which the server
643returned success. 643returned success.
644 644
645Also note that "cat /proc/fs/cifs/DebugData" will display information about 645Also note that "cat /proc/fs/cifs/DebugData" will display information about
646the active sessions and the shares that are mounted. 646the active sessions and the shares that are mounted.
647Enabling Kerberos (extended security) works when CONFIG_CIFS_EXPERIMENTAL is 647
648on but requires a user space helper (from the Samba project). NTLM and NTLMv2 and 648Enabling Kerberos (extended security) works but requires version 1.2 or later
649LANMAN support do not require this helper. 649of the helper program cifs.upcall to be present and to be configured in the
650/etc/request-key.conf file. The cifs.upcall helper program is from the Samba
651project(http://www.samba.org). NTLM and NTLMv2 and LANMAN support do not
652require this helper. Note that NTLMv2 security (which does not require the
653cifs.upcall helper program), instead of using Kerberos, is sufficient for
654some use cases.
655
656Enabling DFS support (used to access shares transparently in an MS-DFS
657global name space) requires that CONFIG_CIFS_EXPERIMENTAL be enabled. In
658addition, DFS support for target shares which are specified as UNC
659names which begin with host names (rather than IP addresses) requires
660a user space helper (such as cifs.upcall) to be present in order to
661translate host names to ip address, and the user space helper must also
662be configured in the file /etc/request-key.conf
663
664To use cifs Kerberos and DFS support, the Linux keyutils package should be
665installed and something like the following lines should be added to the
666/etc/request-key.conf file:
667
668create cifs.spnego * * /usr/local/sbin/cifs.upcall %k
669create dns_resolver * * /usr/local/sbin/cifs.upcall %k
670
671