Kerberized CIFS client?

[Derek Taylor]

On Thu, 22 May 2008, Hartmut Brandt wrote:
>Derek Taylor wrote:
>> This question was previously posed of the freebsd-questions list, but
>> with no response for a week, I'd like to try my luck here.  If there's
>> any more information I should include, please speak up: I would be glad
>> to oblige.
>> 
>> I would like to use smb/cifs with kerberos auth, but mount_smbfs doesn't
>> seem to support this.
>> 
>> Is anyone aware of an alternate means of performing a mount via smb/cifs
>> or any patches to provide such functionality?
>> 
>> I already have smbclient working with -k, but I am also interested in a
>> mount.
>
>Try smbnetfs from ports. It's fuse based and seems to work very nice. If 
>you have a large amount of shares floating in your network you want to 
>restrict it to mount only the needed shares via the config file. 
>Otherwise it will mount what it can find...
>
>It plays nicely with kerberors. When your ticket expires you immediately 
>loose access; when you renew it you gain access again. All without the 
>need to unmount/mount. Just call smbnetfs once you have your ticket. You 
>may even do this from your .profile.
>
>harti

Sorry for not replying sooner.

Initial tests here are promising (I can see some mount paths being
exported from the server), but it's not fully working (I don't see all
of the mount paths that *should* be exported and I get permission denied
errors).  My thoughts are leaning towards an issue in negotiating auth
with the server -- perhaps my krb creds aren't being used?

Before trying to work out any issues over the list, there's a lot of
things we need to check internally.  The thing is that we're so crunched
for time, I'm not sure when we'll have the chance to do this.

Thanks for the heads up -- this is certainly closer than I was before.

If we have the chance to work more on this, I'll follow up on this
thread.  Until then ...

-Derek.