HP CIFS Client A.02.02 Administrator's Guide
CIFS Security and Authentication
User Login Procedures
Chapter 3 45
User Login Procedures
• Explicit Login (cifslogin)
Users on the CIFS Client can authenticate themselves to CIFS
servers explicitly with the cifslogin command. Please see the
cifslogin man page in Commandline Utilities Chapter.
• Automatic Login
The CIFS Client provides methods for accessing mounted CIFS file
servers automatically. The initial request for access to a CIFS
mountpoint (cd, ls, etc.) causes the CIFS Client to log the user in, in
the background. If the background login succeeds, the user’s request
for access succeeds, and the cifslogin command is not required.
The CIFS Client’s automatic login policy follows:
1. Kerberos: integration with kinit and PAM Kerberos
If Kerberos authentication has been configured and the user has
a Ticket-Granting Ticket (TGT) in the system Kerberos
credentials cache (created explicitly with the kinit(1) command
or automatically by PAM Kerberos), and the use of Kerberos has
been negotiated with the mounted CIFS server, the CIFS Client
will use the TGT to perform an automatic login. For more
information on how to use Kerberos Authentication with the
CIFS Client, see “Using Kerberos with the HP CIFS Client” on
page 48.
2. Integration with PAM NTLM
If PAM NTLM has been configured on the system (in
/etc/pam.conf) and the user has logged into the CIFS Client
HP-UX host with PAM NTLM, the CIFS Client will attempt to
use the user’s cached PAM NTLM credentials to authenticate the
user to the CIFS server. Please see Chapter 8 for more
information on PAM NTLM.
3. User Database
If no PAM NTLM credentials are found, but the user has an
entry in the CIFS Client user database, the CIFS Client will
attempt to log the user into the CIFS server using the encrypted
password in the user database. You must first successfully