Public bug reported: cifs.upcall program in the cifs-utils package fails to use a valid service ticket from the credential cache if the TGT is expired or not exist
When mounting an SMB file share on Linux using the kernel client with Kerberos authentication, the Linux kernel's cifs.ko module makes an upcall to user space during the session setup phase to retrieve the Kerberos service ticket from the credential cache. However, the current cifs.upcall fails to retrieve the service ticket even if it is valid, but instead it makes check to TGT to see if its valid and then retrieve the service ticket, but if we already have valid service ticket we shouldn't need to check for TGT. i.e in cases where the kernel handles upcalls for SMB session setup requests with Kerberos authentication, if the credential cache already contains a valid service ticket, it should be used directly without needing to check the TGT again. Fixed commit: https://git.samba.org/?p=cifs-utils.git;a=commit;h=af76bf2a11a060afdfd97104617a701d19d5890d ** Affects: cifs-utils (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2099917 Title: cifs.upcall program in the cifs-utils package fails to use a valid service ticket from the credential cache if the TGT is expired or not exist To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cifs-utils/+bug/2099917/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
