[Bug 676525] Re: mount.cifs cannot mount with kerberos

Fri Jul 11 09:04:19 UTC 2014

To mcguire:

I haven't been updating this bug report as my circumstances have
changed, but I'll just chip in with my thoughts.

The mount options you specify (specifically cruid) look like they are
there specifically to solve the issue, and they most definitely were not
around for the Maverick release of mount.cifs when I filed this report.
To my eyes it looks like quite inelegant, not least because sudo passes
all the relevant information for mount.cifs to use in the first place so
it shouldn't be needed at all, but if it works, then who am I to
complain?

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to cifs-utils in Ubuntu.
https://bugs.launchpad.net/bugs/676525

Title:
  mount.cifs cannot mount with kerberos

Status in “cifs-utils” package in Ubuntu:
  Confirmed

Bug description:
  Binary package hint: cifs-utils

  Please tell me if this is the wrong channel.  I have put this in the
  ubuntu forum with no reply here:

  http://ubuntuforums.org/showthread.php?t=1623107

  From the thread:

  mount.cifs used to be able to work with kerberos tickets so long as I
  changed the binary to suid root. I understand why this may have fallen
  out of favour but since Meerkat, I am unable to get mount.cifs to
  mount using kerberos and sudo.

  # Non sudo mount.cifs with/without suid root
  $ mount.cifs //server/share/directory ~/central -o sec=krb5
  mount.cifs: permission denied: no match for /home/CauserC/central found in /etc/fstab

  # Sudo mount.cifs with/without suid root
  $ sudo mount.cifs  //server/share/directory ~/central -o sec=krb5
  mount error(126): Required key not available

  I do definitely have a kerberos ticket, and both klist and "sudo
  klist" show it to me.

  Now, it does work if I do a "sudo kinit $USERNAME." Then a sudo
  mount.cifs mounts the share no problem. This is obviously less than
  ideal because it involves typing in a password again, and subsequent
  non sudo klists result in:

  $ klist
  klist: Credentials cache permissions incorrect while setting cache flags (ticket cache FILE:/tmp/krb5cc_10009_8ZePnt)

  I'm tempted to file this as a bug report but wanted to check in here
  first to make sure that I'm not doing anything stupid. As I say, I
  never tried this in Lucid as suid root worked fine.

  Any help appreciated

  Chris

  ProblemType: Bug
  DistroRelease: Ubuntu 10.10
  Package: smbfs 2:4.5-2
  ProcVersionSignature: Ubuntu 2.6.35-22.35-generic-pae 2.6.35.4
  Uname: Linux 2.6.35-22-generic-pae i686
  NonfreeKernelModules: nvidia
  Architecture: i386
  Date: Wed Nov 17 15:20:14 2010
  InstallationMedia: Ubuntu 10.04 LTS "Lucid Lynx" - Release i386 (20100429)
  ProcEnviron:
   PATH=(custom, user)
   LANG=en_GB.UTF-8
   SHELL=/bin/bash
  SourcePackage: cifs-utils

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cifs-utils/+bug/676525/+subscriptions