FSTAB CIFS kerberos

Question

How can I force fstab to mount CIFS with machine account kerberos? From logs it shows that cifs.upcall goes to: cifs.upcall: get_cachename_from_process_env: cachename = FILE:/tmp/krb5cc

and not on /etc/krb5.keytab which has the computer account ticket.

Any thoughts?

FSTAB cfg:

//server_name/test /rw_share cifs cruid=machine_user_id,multiuser,sec=krb5,vers=3.0 0 0

Thanks, Nick

With the `multiuser` mount option every user needs a Kerberos ticket to access the files. `/etc/krb5.keytab` does not contain the Kerberos ticket, just the credentials to obtain one. When lookup for a credentials cache fails, the keytab **might** be used to obtain one. — Piotr P. Karwasz, Feb 09 '20 at 19:25

score 0 · Answer 1 · answered Feb 10 '20 at 20:07

Finally I found a work around on it. I made a script to run as a service and as root kinit user machine account using /etc/krb5.keytab. Then I ve add a line in FSTAB to use root's cache with machine accounts ticket and also add multiuser option and it works. so the main part is to use CRUID option of CIFS and put the id of root user. So cifs will go and check the ticket in root's cache.

FSTAB CIFS kerberos

1 Answers1

Linked