Dear Mantas, thank you very much for your reply. At least on my system (CentOS7) this does not work. The mount process tries to mount the share as root even when specifying "multiuser": From /etc/fstab: //cifs_filer/share /mount_point cifs sec=krb5,multiuser,x-systemd.automount 0 0
From "journalctl -xf": Apr 07 10:31:03 <hostname> cifs.upcall[78691]: sec=1 Apr 07 10:31:03 <hostname> cifs.upcall[78691]: uid=0 Apr 07 10:31:03 <hostname> cifs.upcall[78691]: creduid=0 Apr 07 10:31:03 <hostname> cifs.upcall[78691]: user=root Apr 07 10:31:03 <hostname> cifs.upcall[78691]: pid=78686 Apr 07 10:31:03 <hostname> cifs.upcall[78691]: find_krb5_cc: considering /tmp/krb5cc_1861017645 Apr 07 10:31:03 <hostname> cifs.upcall[78691]: find_krb5_cc: /tmp/krb5cc_1861017645 is owned by 1861017645, not 0 Apr 07 10:31:03 <hostname> cifs.upcall[78691]: find_krb5_cc: considering /tmp/krb5cc_1860718904_nEIDDll408 Apr 07 10:31:03 <hostname> cifs.upcall[78691]: find_krb5_cc: /tmp/krb5cc_1860718904_nEIDDll408 is owned by 1860718904, not 0 Apr 07 10:31:03 <hostname> cifs.upcall[78691]: find_krb5_cc: considering /tmp/krb5cc_1860718904 Apr 07 10:31:03 <hostname> cifs.upcall[78691]: find_krb5_cc: /tmp/krb5cc_1860718904 is owned by 1860718904, not 0 Apr 07 10:31:03 <hostname> cifs.upcall[78691]: krb5_get_init_creds_keytab: -1765328203 Is that intended behavior or not? Best regards, Sebastian Am 06.04.2017 um 19:58 schrieb Mantas Mikulėnas: > On Wed, Apr 5, 2017 at 5:28 PM, Sebastian Treiber > <[email protected] > <mailto:[email protected]>> wrote: > > Dear members of the Systemd mailing list, > > for a long time I have been struggling with a problem which sounds > relatively easy: > I have a cifs file server and a Linux (CentOS 7) client. On the > client I want to mount a share from the file server using Kerberos. > Only the root user can perform the mount but typically it has no > Kerberos ticket. A user, on the other hand, has a Kerberos ticket > but must not mount anything. > That means the mount has to be done by the root user and the uid > of a user who has a valid Kerberos ticket has to be used as an > option. For example: > > > cifs supports `-o multiuser`, which allows each UID to use a separate > session. So you can perform the mount as root using the machine > credentials (keytab) or another dedicated account, and each user will > automatically use their own credentials when accessing the share. > > -- > Mantas Mikulėnas <[email protected] <mailto:[email protected]>> -- Mit freundlichen Grüßen *Dr. Sebastian Treiber* | Systemanalytiker GNS Systems - IT Dienstleistungen für Engineering <http://www.gns-systems.de> GNS Systems GmbH Fronäckerstraße 36/1 71063 Sindelfingen Tel.: +49 (0)7031/68838-66 Fax: +49 (0)7031/68838-11 Geschäftsführer: Christopher Woll Sitz des Unternehmens: Braunschweig Registergericht: Amtsgericht Braunschweig Registernummer: HRB 4890 gns-systems.de <http://www.gns-systems.de>
signature.asc
Description: OpenPGP digital signature
_______________________________________________ systemd-devel mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/systemd-devel
