Manualshelf

HP CIFS Client A.02.02.03 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software
21222324252627282930
NOTE: Automatic login using user database is not supported with Kerberos
4. Guest User
This feature enables all users on the HP CIFS Client host who are not logged into a mounted
CIFS server to access the server's mountpoints, with the privileges of a guest user. Please
also see the detailed information on the guestRemoteUser parameter in Chapter 7.
To set up guest user capabilities, set the configuration parameters guestRemoteUser
and guestPassword to those of a valid account on the server. HP recommends setting
up a generic guest user account on the server, so that access rights of guest users can be
limited. Now, when any UNIX users on the CIFS Client HP-UX host who have not logged
into the CIFS server try to access its mounted share, they will automatically access them
as the guest user without doing an explicit cifslogin.
Introduction To Kerberos
Kerberos is a distributed authentication service that allows a process (a client) running on behalf
of a principal (a user) to prove its identity to a verifier (an application server, or only a server)
without sending data across the network that might allow an attacker or the verifier to subsequently
impersonate the principal. Kerberos optionally provides integrity and confidentiality for data sent
between the client and server. [B. Clifford Neuman,Theadore Ts'o: Kerberos: An Authentication
Service for Computer Networks]
Kerberos was developed at the Massachusetts Institute of Technology (MIT).
Use of Kerberos in the CIFS environment provides significant security improvements over the older
NT LanManager (NTLM) protocol traditionally used by CIFS Clients and Servers.
Requirements and Limitations Using Kerberos
Kerberos Key Distribution Center and CIFS Servers
The HP CIFS Client supports only Windows 2000 and Windows 2003 Key Distribution Centers
(KDCs).
Tickets Not Acquired
For this release, the following ticket types are not acquired by the HP CIFS Client:
Renewable
Proxiable
Forwardable
NOTE: Cross-realm authentication is not supported in this release.
Using Kerberos with the HP CIFS Client
These procedures should be followed to use Kerberos with the HP CIFS Client:
Step 1. Review fundamental Kerberos operating principals
Step 2. Set up and verify the Kerberos infrastructure
Step 3. Configure Kerberos in the HP CIFS Client
Step 1. Review fundamental Kerberos Operating Principals
If you are not familiar with the fundamental features and operation of Kerberos, consult one or
more of the following references.
24 CIFS Security and Authentication