Manualshelf

HP CIFS Client A.01.09 Administrator's Guide, August 2003

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software
31323334353637383940
CIFS Security and Authentication
User Authentication Methods
Chapter 3 39
User Authentication Methods
Explicit Login (cifslogin)
Users on the CIFS Client can authenticate themselves to CIFS
servers explicitly with the cifslogin command. Please see the
cifslogin man page in Commandline Utilities Chapter.
Automatic Login
The CIFS Client provides methods for accessing CIFS mountpoints
automatically. The initial request for access to a CIFS mountpoint
(cd, ls, etc.) causes the CIFS Client to log the user in, in the
background. If the background login succeeds, the user’s request for
access succeeds, and the cifslogin command is not required.
The CIFS Client’s automatic login policy follows:
1. Kerberos: integration with kinit and PAM Kerberos
If Kerberos authentication has been configured and the user has
a Ticket-Granting Ticket (TGT) in the system Kerberos
credentials cache (created explicitly with the kinit(1) command
or automatically by PAM Kerberos), the CIFS Client will use the
TGT to perform an automatic login.Please refer Chapter 4 for
more information on using Kerberos Authentication with the
CIFS Client.
2. Integration with PAM NTLM
If PAM NTLM has been configured on the system (in
/etc/pam.conf) and the user has logged into the CIFS Client
HP-UX host with PAM NTLM, the CIFS Client will attempt to
reuse the user’s cached PAM NTLM credentials to authenticate
the user to the CIFS server. Please see Chapter 8 for more
information on PAM NTLM.
3. User Database
If no PAM NTLM credentials are found, but the user has an
entry in the CIFS Client user database, the CIFS Client will
attempt to log the user into the CIFS server using the encrypted
password in the user’s database entry. You can use the
cifslogin -s command to save an entry in the user database or