Manualshelf

HP CIFS Client A.02.02 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software
51525354555657585960
CIFS Security and Authentication
CIFS Client Kerberos Authentication Policies
Chapter 352
CIFS Client Kerberos Authentication Policies
This section assumes that the CIFS server and client have negotiated
the use of Kerberos.
Explicit login: cifslogin
Kerberos authentication is implemented transparently in this command.
Required Kerberos credentials (TGT and ST) are acquired from the KDC
on behalf of the user and the Service Ticket (ST) is sent to the CIFS
server within a SESSION_SETUP request. No special action is
performed by the user.
Automatic login: Integration with System Kerberos
Cache (kinit(1) and PAM Kerberos)
This feature allows users to access mounted CIFS servers without uisng
cifslogin. If you have a pre-existing Ticket-Granting Ticket (TGT) in
the system Kerberos cache, established with kinit(1) or PAM Kerberos,
you can attempt to access the CIFS mountpoint directly (cd, ls, etc.).
The CIFS Client uses the TGT to acquire a Service Ticket (ST) for the
mounted CIFS server and performs a CIFS login, all in the background.
It is unnecessary for you to explicitly invoke cifslogin this case.
Ticket Lifetime
Maximum ticket lifetime is controlled by the configuration of the KDC.
For cifslogin, the CIFS client requests a lifetime of 30 days for a TGT.
Thus, the actual lifetime of a TGT issued to a CIFS client is the lesser of
30 days and the configured maximum at the KDC. For automatic login,
the expiration time of a user’s ST is equal to the expiration time of the
TGT in the system cache.