-
Bug
-
Resolution: Unresolved
-
Undefined
-
None
-
rhel-9.5.z, rhel-9.6, rhel-10.0
-
None
-
No
-
None
-
rhel-fs
-
None
-
False
-
False
-
-
None
-
None
-
None
-
None
-
Unspecified
-
Unspecified
-
Unspecified
-
All
-
None
Issue: cifs.upcall program in the cifs-utils package fails to use a
valid service ticket from the credential cache if the TGT is expired
or not exist
Description:
When mounting an SMB file share on Linux using the kernel client with
Kerberos authentication, the Linux kernel's cifs.ko module makes an
upcall to user space during the session setup phase to retrieve the
Kerberos service ticket from the credential cache. However, the
current cifs.upcall fails to retrieve the service ticket even if it is
valid, but instead it makes a check to TGT to see if its valid and
then retrieve the service ticket, but if we already have valid service
ticket we shouldn't need to check for TGT.
i.e In cases where the kernel handles upcalls for SMB session setup
requests with Kerberos authentication, if the credential cache already
contains a valid service ticket, it should be used directly without
needing to check the TGT again.
Fixed commits:
https://git.samba.org/?p=cifs-utils.git;a=commit;h=af76bf2a11a060afdfd97104617a701d19d5890d
https://git.samba.org/?p=cifs-utils.git;a=commit;h=dc013738ec1f2e67598b264fe2eabf94c5a34570
Please help backporting this commit to existing RHEL
distro cifs-utils.
