[Bug 676525] Re: mount.cifs cannot mount with kerberos

Fri Jul 11 07:22:57 UTC 2014

>From what I have understood of the bug description, the original poster
is looking for a way to mount a remote network share using cifs and its
kerberos ticket as credential to authenticate on remote server.

The mount command requires root privileges so must be called as root in
some way. This could be achieved using sudo or using suid. From my point
of view, nothing kerberos related here.

The command line I have suggested to use in comment #11 does this: use
sudo to run mount as root and use the already acquired kerberos ticket
to authenticate on remote server to access cifs network share.

Also, I understand that what have changed is that it used to works with the user kerberos ticket before Meerkat release without any tricky option.
Probably that in version prior to Meerkat, cifs-utils what not restricting its credential ticket search based on ticket file owner.
However, the owner match can be configured using the uid option or cruid option for cifs-utils >=4.8) so there is a simple way to allow the use of the user owned kerberos ticket file.

As you pointed, I could be wrong in my understanding, so please tell me
on which point.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to cifs-utils in Ubuntu.
https://bugs.launchpad.net/bugs/676525

Title:
  mount.cifs cannot mount with kerberos

Status in “cifs-utils” package in Ubuntu:
  Confirmed

Bug description:
  Binary package hint: cifs-utils

  Please tell me if this is the wrong channel.  I have put this in the
  ubuntu forum with no reply here:

  http://ubuntuforums.org/showthread.php?t=1623107

  From the thread:

  mount.cifs used to be able to work with kerberos tickets so long as I
  changed the binary to suid root. I understand why this may have fallen
  out of favour but since Meerkat, I am unable to get mount.cifs to
  mount using kerberos and sudo.

  # Non sudo mount.cifs with/without suid root
  $ mount.cifs //server/share/directory ~/central -o sec=krb5
  mount.cifs: permission denied: no match for /home/CauserC/central found in /etc/fstab

  # Sudo mount.cifs with/without suid root
  $ sudo mount.cifs  //server/share/directory ~/central -o sec=krb5
  mount error(126): Required key not available

  I do definitely have a kerberos ticket, and both klist and "sudo
  klist" show it to me.

  Now, it does work if I do a "sudo kinit $USERNAME." Then a sudo
  mount.cifs mounts the share no problem. This is obviously less than
  ideal because it involves typing in a password again, and subsequent
  non sudo klists result in:

  $ klist
  klist: Credentials cache permissions incorrect while setting cache flags (ticket cache FILE:/tmp/krb5cc_10009_8ZePnt)

  I'm tempted to file this as a bug report but wanted to check in here
  first to make sure that I'm not doing anything stupid. As I say, I
  never tried this in Lucid as suid root worked fine.

  Any help appreciated

  Chris

  ProblemType: Bug
  DistroRelease: Ubuntu 10.10
  Package: smbfs 2:4.5-2
  ProcVersionSignature: Ubuntu 2.6.35-22.35-generic-pae 2.6.35.4
  Uname: Linux 2.6.35-22-generic-pae i686
  NonfreeKernelModules: nvidia
  Architecture: i386
  Date: Wed Nov 17 15:20:14 2010
  InstallationMedia: Ubuntu 10.04 LTS "Lucid Lynx" - Release i386 (20100429)
  ProcEnviron:
   PATH=(custom, user)
   LANG=en_GB.UTF-8
   SHELL=/bin/bash
  SourcePackage: cifs-utils

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cifs-utils/+bug/676525/+subscriptions