diff options
-rw-r--r-- | fs/Kconfig | 1 | ||||
-rw-r--r-- | fs/cifs/README | 30 |
2 files changed, 26 insertions, 5 deletions
diff --git a/fs/Kconfig b/fs/Kconfig index d3873583360b..f0427105a619 100644 --- a/fs/Kconfig +++ b/fs/Kconfig | |||
@@ -1984,7 +1984,6 @@ config CIFS_EXPERIMENTAL | |||
1984 | 1984 | ||
1985 | config CIFS_UPCALL | 1985 | config CIFS_UPCALL |
1986 | bool "Kerberos/SPNEGO advanced session setup (EXPERIMENTAL)" | 1986 | bool "Kerberos/SPNEGO advanced session setup (EXPERIMENTAL)" |
1987 | depends on CIFS_EXPERIMENTAL | ||
1988 | depends on KEYS | 1987 | depends on KEYS |
1989 | help | 1988 | help |
1990 | Enables an upcall mechanism for CIFS which accesses | 1989 | Enables an upcall mechanism for CIFS which accesses |
diff --git a/fs/cifs/README b/fs/cifs/README index 2bd6fe556f88..68b5c1169d9d 100644 --- a/fs/cifs/README +++ b/fs/cifs/README | |||
@@ -642,8 +642,30 @@ The statistics for the number of total SMBs and oplock breaks are different in | |||
642 | that they represent all for that share, not just those for which the server | 642 | that they represent all for that share, not just those for which the server |
643 | returned success. | 643 | returned success. |
644 | 644 | ||
645 | Also note that "cat /proc/fs/cifs/DebugData" will display information about | 645 | Also note that "cat /proc/fs/cifs/DebugData" will display information about |
646 | the active sessions and the shares that are mounted. | 646 | the active sessions and the shares that are mounted. |
647 | Enabling Kerberos (extended security) works when CONFIG_CIFS_EXPERIMENTAL is | 647 | |
648 | on but requires a user space helper (from the Samba project). NTLM and NTLMv2 and | 648 | Enabling Kerberos (extended security) works but requires version 1.2 or later |
649 | LANMAN support do not require this helper. | 649 | of the helper program cifs.upcall to be present and to be configured in the |
650 | /etc/request-key.conf file. The cifs.upcall helper program is from the Samba | ||
651 | project(http://www.samba.org). NTLM and NTLMv2 and LANMAN support do not | ||
652 | require this helper. Note that NTLMv2 security (which does not require the | ||
653 | cifs.upcall helper program), instead of using Kerberos, is sufficient for | ||
654 | some use cases. | ||
655 | |||
656 | Enabling DFS support (used to access shares transparently in an MS-DFS | ||
657 | global name space) requires that CONFIG_CIFS_EXPERIMENTAL be enabled. In | ||
658 | addition, DFS support for target shares which are specified as UNC | ||
659 | names which begin with host names (rather than IP addresses) requires | ||
660 | a user space helper (such as cifs.upcall) to be present in order to | ||
661 | translate host names to ip address, and the user space helper must also | ||
662 | be configured in the file /etc/request-key.conf | ||
663 | |||
664 | To use cifs Kerberos and DFS support, the Linux keyutils package should be | ||
665 | installed and something like the following lines should be added to the | ||
666 | /etc/request-key.conf file: | ||
667 | |||
668 | create cifs.spnego * * /usr/local/sbin/cifs.upcall %k | ||
669 | create dns_resolver * * /usr/local/sbin/cifs.upcall %k | ||
670 | |||
671 | |||