<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<font face="Trebuchet MS">Dear Mantas,<br>
<br>
thank you very much for your reply.<br>
At least on my system (CentOS7) this does not work. The mount
process tries to mount the share as root even when specifying
"multiuser":<br>
From /etc/fstab:<br>
//cifs_filer/share /mount_point cifs
sec=krb5,multiuser,x-systemd.automount 0 0<br>
<br>
From "journalctl -xf":<br>
Apr 07 10:31:03 <hostname> cifs.upcall[78691]: sec=1<br>
Apr 07 10:31:03 <hostname> cifs.upcall[78691]: uid=0<br>
Apr 07 10:31:03 <hostname> cifs.upcall[78691]: creduid=0<br>
Apr 07 10:31:03 <hostname> cifs.upcall[78691]: user=root<br>
Apr 07 10:31:03 <hostname> cifs.upcall[78691]: pid=78686<br>
Apr 07 10:31:03 <hostname> cifs.upcall[78691]: find_krb5_cc:
considering /tmp/krb5cc_1861017645<br>
Apr 07 10:31:03 <hostname> cifs.upcall[78691]: find_krb5_cc:
/tmp/krb5cc_1861017645 is owned by 1861017645, not 0<br>
Apr 07 10:31:03 <hostname> cifs.upcall[78691]: find_krb5_cc:
considering /tmp/krb5cc_1860718904_nEIDDll408<br>
Apr 07 10:31:03 <hostname> cifs.upcall[78691]: find_krb5_cc:
/tmp/krb5cc_1860718904_nEIDDll408 is owned by 1860718904, not 0<br>
Apr 07 10:31:03 <hostname> cifs.upcall[78691]: find_krb5_cc:
considering /tmp/krb5cc_1860718904<br>
Apr 07 10:31:03 <hostname> cifs.upcall[78691]: find_krb5_cc:
/tmp/krb5cc_1860718904 is owned by 1860718904, not 0<br>
Apr 07 10:31:03 <hostname> cifs.upcall[78691]:
krb5_get_init_creds_keytab: -1765328203<br>
<br>
Is that intended behavior or not?<br>
<br>
Best regards,<br>
<br>
Sebastian<br>
</font><br>
<div class="moz-cite-prefix">Am 06.04.2017 um 19:58 schrieb Mantas
Mikulėnas:<br>
</div>
<blockquote
cite="mid:CAPWNY8XnAic-Sd4HMZyYmUKN8rN_YcG78Kuc+XKpuxriugRnJw@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_extra">
<div class="gmail_quote">On Wed, Apr 5, 2017 at 5:28 PM,
Sebastian Treiber <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:sebastian.treiber@gns-systems.de"
target="_blank">sebastian.treiber@gns-systems.de</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF"> <font face="Trebuchet MS">Dear
members of the Systemd mailing list,<br>
<br>
for a long time I have been struggling with a problem
which sounds relatively easy:<br>
I have a cifs file server and a Linux (CentOS 7)
client. On the client I want to mount a share from the
file server using Kerberos.<br>
Only the root user can perform the mount but typically
it has no Kerberos ticket. A user, on the other hand,
has a Kerberos ticket but must not mount anything. <br>
That means the mount has to be done by the root user
and the uid of a user who has a valid Kerberos ticket
has to be used as an option. For example:</font></div>
</blockquote>
<div><br>
</div>
<div>cifs supports `-o multiuser`, which allows each UID to
use a separate session. So you can perform the mount as
root using the machine credentials (keytab) or another
dedicated account, and each user will automatically use
their own credentials when accessing the share.</div>
</div>
<div><br>
</div>
-- <br>
<div class="gmail_signature">
<div dir="ltr">Mantas Mikulėnas <<a
moz-do-not-send="true" href="mailto:grawity@gmail.com"
target="_blank">grawity@gmail.com</a>></div>
</div>
</div>
</div>
</blockquote>
<br>
<div class="moz-signature">-- <br>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="viewport" content="width=device-width">
<style type="text/css">
p {
margin: 0px;
}
.gns-systems-link:visited {
color: #ffb400 !important;
}
.gns-systems-link {
color: #ffb400 !important;
}
</style>
<div>
<p><span style="font-size:10.0pt;font-family:"Trebuchet
MS",sans-serif"> Mit freundlichen Grüßen<br>
<b>Dr. Sebastian Treiber</b> | Systemanalytiker<br>
</span></p>
</div>
<br>
<div> <a href="http://www.gns-systems.de"><img alt="GNS Systems -
IT Dienstleistungen für Engineering"
src="cid:part3.CF61F513.E1FED519@gns-systems.de" height="59"
width="235"></a><br>
<img src="cid:part5.B0CBB731.2322C299@gns-systems.de"
height="33" width="235"><br>
</div>
<div>
<p><span style="font-size:10.0pt;font-family:"Trebuchet
MS",sans-serif"> GNS Systems GmbH<br>
Fronäckerstraße 36/1<br>
71063 Sindelfingen<br>
Tel.: +49 (0)7031/68838-66<br>
Fax: +49 (0)7031/68838-11 </span></p>
</div>
<br>
<div>
<p><span style="font-size:10.0pt;font-family:"Trebuchet
MS",sans-serif"> Geschäftsführer: Christopher Woll<br>
Sitz des Unternehmens: Braunschweig<br>
Registergericht: Amtsgericht Braunschweig<br>
Registernummer: HRB 4890<br>
<a style="color:#FFB400" href="http://www.gns-systems.de"><span
style="color:#FFB400">gns-systems.de</span></a> </span></p>
</div>
<br>
<br>
</div>
</body>
</html>