similar to: cifs-utils release 6.7 ready for download

On Fri, 2017-02-10 at 15:14 -0500, Simo Sorce wrote: > On Fri, 2017-02-10 at 14:29 -0500, Jeff Layton wrote: > > On Fri, 2017-02-10 at 14:14 -0500, Simo Sorce wrote: > > > On Fri, 2017-02-10 at 13:30 -0500, Jeff Layton wrote: > > > > On Fri, 2017-02-10 at 12:39 -0500, Jeff Layton wrote: > > > > > On Fri, 2017-02-10 at 11:15 -0600, Chad William Seys

On Fri, 2017-02-10 at 14:14 -0500, Simo Sorce wrote: > On Fri, 2017-02-10 at 13:30 -0500, Jeff Layton wrote: > > On Fri, 2017-02-10 at 12:39 -0500, Jeff Layton wrote: > > > On Fri, 2017-02-10 at 11:15 -0600, Chad William Seys wrote: > > > > Hi Jeff, > > > > > > > > > So we have a default credcache for the user for whom we are > > >

On Mon, 2017-02-13 at 05:02 -0500, Simo Sorce wrote: > On Sat, 2017-02-11 at 10:16 -0500, Jeff Layton wrote: > > On Sat, 2017-02-11 at 08:41 -0500, Jeff Layton wrote: > > > Chad reported that he was seeing a regression in cifs-utils-6.6. > > > Prior > > > to that, cifs.upcall was able to find credcaches in non-default > > > FILE: > > >

Time for a new cifs-utils release! The main change in this release is a set of cleanups to cifs.upcall to make it more efficient and work better with alternate style credcaches. No longer does it blithely stumble around in /tmp looking for credcaches. We now just use the default credcache that to which the krb5.conf points. Go forth and download!

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Again, nothing earth-shattering in this release. Mostly some minor bugfixes and cleanups. Some highlights: - - setcifsacl can now work without a plugin - - systemd-ask-password is found using $PATH now - - cifs.upcall now works with KEYRING: credcaches Go forth and download! webpage: https://wiki.samba.org/index.php/LinuxCIFS_utils tarball:

On Fri, 2017-02-10 at 11:15 -0600, Chad William Seys wrote: > Hi Jeff, > > > So we have a default credcache for the user for whom we are operating > > as, but we can't get the default principal name from it. My guess is > > that it's not finding the > > This mount is run by root UID=0 and seems to be find that credential > cache without problem (earlier

On Thu, 2017-02-09 at 14:45 -0600, Chad William Seys wrote: > Hi Jeff, > Could you look at the following mailing list posting? > > https://lists.samba.org/archive/samba/2017-February/206468.html > > It looks like cifs.upcall has changed its behavior. As described in > that post, I can mount with root / kerberos, but then cannot access with > another user who has

Chad reported that he was seeing a regression in cifs-utils-6.6. Prior to that, cifs.upcall was able to find credcaches in non-default FILE: locations, but with the rework of that code, that ability was lost. Unfortunately, the krb5 library design doesn't really take into account the fact that we might need to find a credcache in a process that isn't descended from the session. When the

Small respin of the patches that I posted a few days ago. The main difference is the reordering of the series to make it do the group and grouplist manipulation first, and then the patch that makes it grab the KRB5CCNAME from the initiating process. I think the code is sound, my main question is whether we really need the command-line switch for this. Should this just be the default mode of

Third respin of this series. Reordered for better safety for bisecting. The environment scraping is now on by default, but can be disabled with "-E" in environments where it's not needed. Also, I've added a patch to make cifs.upcall drop capabilities before doing most of its work. This may help reduce the attack surface of the program. Jeff Layton (4): cifs.upcall: convert

Apologies for v3 series, I had some extra patches in there. This is the one that should have been sent. Relabeled as v4 for clarity. Third respin of this series. Reordered for better safety for bisecting. The environment scraping is now on by default, but can be disabled with "-E" in environments where it's not needed. Also, I've added a patch to make cifs.upcall drop

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It has been a while since I've cut a new release for cifs-utils. This one has more visible changes than were in the last few releases. Major highlights: - - documentation additions for the fsc option - - mount.cifs deals with _netdev, mand and nomand options correctly now - - a change in how mount.cifs handles the MS_MANDLOCK flag. It used to

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Time for another cifs-utils release! Nothing terribly earth shattering here. Some distros (like Fedora) are moving krb5 credcaches out of /tmp by default. Users of these distros will definitely want to upgrade. Highlights: * Fixes for mounting with '/' in usernames with sec=krb5 * Support for DIR: type krb5 ccaches * support for

=================================================================== "If you?re ridin? ahead of the herd, take a look back every now and then to make sure it?s still there with ya." Cowboy Proverb =================================================================== Release Announcements ===================== This is the latest bugfix release of the Samba 3.3

=================================================================== "If you?re ridin? ahead of the herd, take a look back every now and then to make sure it?s still there with ya." Cowboy Proverb =================================================================== Release Announcements ===================== This is the latest bugfix release of the Samba 3.3

Hi Jeff, Could you look at the following mailing list posting? https://lists.samba.org/archive/samba/2017-February/206468.html It looks like cifs.upcall has changed its behavior. As described in that post, I can mount with root / kerberos, but then cannot access with another user who has credentials. The logs indicate that cifs.upcall cannot find the kerberos ticket for the non-root user.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The last release (4.7) was back in October. We've had a number of good fixes committed in the last few weeks, so it's a good time to cut a new release. Also, note that I've transplanted the cifs-utils manpage to the Samba Wiki. The old URL still works and redirects browsers to the new page. o hardcoded paths in the cifs.upcall manpage

It has been a few months since the last cifs-utils release, and again there's been almost no activity. Still, at some point we need to get the bugfixes into the field, no matter how minor they are. So, nothing much earth-shattering here, mostly just bugfixes, and one new feature to allow cifs.upcall to use a dedicated keytab. Go forth and download! webpage:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 With the overhaul of the cifscreds utility, I figured this would be a good time to do a new release. Highlights: * admins can now tell cifs.upcall to use an alternate krb5.conf file * on remount, mount.cifs no longer adds a duplicate mtab entry * the cifscreds utility has seen a major overhaul to allow for multiuser mounts without krb5 auth

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Things have been relatively quiet lately. Time for a release! Highlights: * A lot of manpage updates, additions and corrections * cifs.idmap can now map uid/gid to SID in addition to the other way around * getcifsacl/setcifsacl are now installed by default in /usr/bin instead of /usr/sbin. The manpages are now in section 1. * cifs.upcall has a