Manualshelf

HP CIFS Client A.02.02.03 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software
21222324252627282930
Ticket Lifetime
Maximum ticket lifetime is controlled by the configuration of the KDC. For cifslogin, the CIFS
client requests a lifetime of 30 days for a TGT. Thus, the actual lifetime of a TGT issued to a CIFS
client is the lesser of 30 days and the configured maximum at the KDC. For automatic login, the
expiration time of a user's ST is equal to the expiration time of the TGT in the system cache.
Packet Signing
The purpose of the CIFS packet signatures is prevention of man-in-the middle attacks: the client
and server are mutually assured of the other's identity by requiring an unique signature on each
SMB packet. The following terms are equivalent and are used interchangeably:
security signatures
packet signing
packet signatures
digital signatures
message integrity
message authentication codes (MACs)
Packet signing is performed on a per-server-connection basis. Once packet signing has been
negotiated with a server, the first user login request and all subsequent SMB packets must be
signed.
Configuring Packet Signing with HP CIFS Client
The configuration parameter, smbPacketSigning, specified in the HP CIFS Client configuration
file indicates how the CIFS Client performs packet signing. Valid entries for this parameter are
enabled, required and disabled. By default, this parameter is set to enabled.
Packet signing is negotiated between the client and server when their initial connection is set up.
The server's configuration can also be either enabled, required, or disabled. The client and server
settings must be synchronized for the connection to succeed, as shown in Table 3-1.
Configuration Options
Table 3 Configuration Options For smbPacketSigning
DescriptionValid Option
HP CIFS Client connects with the CIFS server and signs packets if the server
supports signing. HP CIFS Client connects with the CIFS server, but does not
sign packets if the CIFS server does not support signing.
enabled
The CIFS server must support signing. The CIFS Client refuses to establish the
connection with the CIFS server if the server does not support packet signing.
required
HP CIFS Client disables packet signing. If the CIFS server requires signing,
the client is unable to connect with the server.
disabled
Packet Signing 27