Manualshelf

HP CIFS Client A.02.02.03 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software
21222324252627282930
If you attempt to use the traditional Windows NT LAN Manager (NTLM) protocol, set the
authenticationMethod parameter to ntlm. In this case, the CIFS Client determines which
NTLM version to use based on the ntlmEncryptionVersion configuration.
Valid entries for the ntlmEncryptionVersion parameter are ntlm or ntlmv2. For CIFS servers
with which Kerberos is not used, if you want to use only NTLMv2 password encryption, set the
ntlmEncryptionVersion parameter to ntlmv2. Otherwise, if you want to use only NTLM
password encryption, set this parameter to ntlm. By default, the ntlmEncryptionVersion
parameter is set to ntlm.
Server-Specific Configuration
The CIFS Client provides a method for over-riding global settings on a server-specific basis. For
example, if you set ntlmEncryptionVersion globally to NTLM, but you want to ensure that
server buildsys uses only NTLMv2, you can create the following section (within the enclosing "cifs"
section, see also the example at the end of the CIFS Client configuration file):
buildsys = {
ntlmEncryptionVersion = ntlmv2;
};
User Login Procedures
Explicit Login (cifslogin)
Users on the CIFS Client can authenticate themselves to CIFS servers explicitly with the cifslogin
command. Please see the cifslogin man page in Commandline Utilities Chapter.
Automatic Login
The CIFS Client provides methods for accessing mounted CIFS file servers automatically. The
initial request for access to a CIFS mountpoint (cd, ls, etc.) causes the CIFS Client to log the
user in, in the background. If the background login succeeds, the user's request for access
succeeds, and the cifslogin command is not required.
The CIFS Client's automatic login policy follows:
1. Kerberos: integration with kinit and PAM Kerberos
If Kerberos authentication has been configured and the user has a Ticket-Granting Ticket
(TGT) in the system Kerberos credentials cache (created explicitly with the kinit(1)
command or automatically by PAM Kerberos), and the use of Kerberos has been
negotiated with the mounted CIFS server, the CIFS Client will use the TGT to perform an
automatic login. For more information on how to use Kerberos Authentication with the
CIFS Client, see “Using Kerberos with the HP CIFS Client” (page 24).
2. Integration with PAM NTLM
If PAM NTLM has been configured on the system (in /etc/pam.conf) and the user has
logged into the CIFS Client HP-UX host with PAM NTLM, the CIFS Client will attempt to
use the user's cached PAM NTLM credentials to authenticate the user to the CIFS server.
Please see Chapter 8 for more information on PAM NTLM.
3. User Database
If no PAM NTLM credentials are found, but the user has an entry in the CIFS Client user
database, the CIFS Client will attempt to log the user into the CIFS server using the
encrypted password in the user database. You must first successfully perform a manual
login in order to store the encrypted passsword. You can use the cifslogin -s or
cifsdb command to save an entry in the user database or use the cifsdb -d command
to delete an entry from the user database. Please see man pages cifslogin, cifsdb in
“Commandline Utilities” (page 34) for details.
User Login Procedures 23