* [PATCH][smb client] updating warning message for sec=krb5p
@ 2024-02-07 6:08 Steve French
2024-02-08 16:43 ` Shyam Prasad N
0 siblings, 1 reply; 2+ messages in thread
From: Steve French @ 2024-02-07 6:08 UTC (permalink / raw)
To: samba-technical, CIFS; +Cc: Shyam Prasad N
[-- Attachment #1: Type: text/plain, Size: 734 bytes --]
smb3: clarify mount warning
When a user tries to use the "sec=krb5p" mount parameter to encrypt
data on connection to a server (when authenticating with Kerberos), we
indicate that it is not supported, but do not note the equivalent
recommended mount parameter ("sec=krb5,seal") which turns on encryption
for that mount (and uses Kerberos for auth). Without an updated
mount warning
it could confuse some NFS users. Note that for SMB3+ we support
encryption,
but consider it ("seal") a distinct mount parameter since the same
user may choose
to encrypt to one share but not another from the same client.
Update the warning message
to reduce confusion.
See attached.
--
Thanks,
Steve
[-- Attachment #2: 0001-smb3-clarify-mount-warning.patch --]
[-- Type: text/x-patch, Size: 1251 bytes --]
From 608b0d580f917e02b6afd1be3e479b29587bb88a Mon Sep 17 00:00:00 2001
From: Steve French <stfrench@microsoft.com>
Date: Tue, 6 Feb 2024 23:57:18 -0600
Subject: [PATCH] smb3: clarify mount warning
When a user tries to use the "sec=krb5p" mount parameter to encrypt
data on connection to a server (when authenticating with Kerberos), we
indicate that it is not supported, but do not note the equivalent
recommended mount parameter ("sec=krb5,seal") which turns on encryption
for that mount (and uses Kerberos for auth). Update the warning message.
Signed-off-by: Steve French <stfrench@microsoft.com>
---
fs/smb/client/fs_context.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/smb/client/fs_context.c b/fs/smb/client/fs_context.c
index 600a77052c3b..6993cd358b94 100644
--- a/fs/smb/client/fs_context.c
+++ b/fs/smb/client/fs_context.c
@@ -211,7 +211,7 @@ cifs_parse_security_flavors(struct fs_context *fc, char *value, struct smb3_fs_c
switch (match_token(value, cifs_secflavor_tokens, args)) {
case Opt_sec_krb5p:
- cifs_errorf(fc, "sec=krb5p is not supported!\n");
+ cifs_errorf(fc, "sec=krb5p is not supported. Use sec=krb5,seal instead\n");
return 1;
case Opt_sec_krb5i:
ctx->sign = true;
--
2.40.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH][smb client] updating warning message for sec=krb5p
2024-02-07 6:08 [PATCH][smb client] updating warning message for sec=krb5p Steve French
@ 2024-02-08 16:43 ` Shyam Prasad N
0 siblings, 0 replies; 2+ messages in thread
From: Shyam Prasad N @ 2024-02-08 16:43 UTC (permalink / raw)
To: Steve French; +Cc: samba-technical, CIFS
On Wed, Feb 7, 2024 at 11:38 AM Steve French <smfrench@gmail.com> wrote:
>
> smb3: clarify mount warning
>
> When a user tries to use the "sec=krb5p" mount parameter to encrypt
> data on connection to a server (when authenticating with Kerberos), we
> indicate that it is not supported, but do not note the equivalent
> recommended mount parameter ("sec=krb5,seal") which turns on encryption
> for that mount (and uses Kerberos for auth). Without an updated
> mount warning
> it could confuse some NFS users. Note that for SMB3+ we support
> encryption,
> but consider it ("seal") a distinct mount parameter since the same
> user may choose
> to encrypt to one share but not another from the same client.
> Update the warning message
> to reduce confusion.
>
> See attached.
> --
> Thanks,
>
> Steve
Looks good to me.
--
Regards,
Shyam
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2024-02-08 16:44 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-02-07 6:08 [PATCH][smb client] updating warning message for sec=krb5p Steve French
2024-02-08 16:43 ` Shyam Prasad N
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).