diff options
| author | Steve French <stfrench@microsoft.com> | 2025-01-28 01:04:23 -0600 |
|---|---|---|
| committer | Steve French <stfrench@microsoft.com> | 2025-01-31 12:51:44 -0600 |
| commit | eea5119fa5979c350af5783a8148eacdd4219715 (patch) | |
| tree | 86d874d324b904c3553ed155121d9bc2863db832 /fs/smb/client/smb2pdu.c | |
| parent | 021840c1426c012a812f8b8d9413f3cf9d3e0b9b (diff) | |
smb3: add support for IAKerb
There are now more servers which advertise support for IAKerb (passthrough
Kerberos authentication via proxy). IAKerb is a public extension industry
standard Kerberos protocol that allows a client without line-of-sight
to a Domain Controller to authenticate. There can be cases where we
would fail to mount if the server only advertises the OID for IAKerb
in SPNEGO/GSSAPI. Add code to allow us to still upcall to userspace
in these cases to obtain the Kerberos ticket.
Signed-off-by: Steve French <stfrench@microsoft.com>
Diffstat (limited to 'fs/smb/client/smb2pdu.c')
| -rw-r--r-- | fs/smb/client/smb2pdu.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/smb/client/smb2pdu.c b/fs/smb/client/smb2pdu.c index 9f54596a6866..40ad9e79437a 100644 --- a/fs/smb/client/smb2pdu.c +++ b/fs/smb/client/smb2pdu.c @@ -1429,7 +1429,7 @@ smb2_select_sectype(struct TCP_Server_Info *server, enum securityEnum requested) if (server->sec_ntlmssp && (global_secflags & CIFSSEC_MAY_NTLMSSP)) return RawNTLMSSP; - if ((server->sec_kerberos || server->sec_mskerberos) && + if ((server->sec_kerberos || server->sec_mskerberos || server->sec_iakerb) && (global_secflags & CIFSSEC_MAY_KRB5)) return Kerberos; fallthrough; |