12-11-2013 07:54 AM
We are currently migrating some server from HP-UX to Oralce Linux. On HP-UX we use the cifs client software to mount and access cifs shares. The client is really great. Root mounts the share. Root can access the share, but it is not necessary. No other user can access the share. So each user that needs access uses cifslogin and store a windows account and password that is tied to that user. When the user access the share via the mount, the cifs client provides the access credentials.
Well, It's not the same on Linux. Go figure! I am looking for a way to replicate this on Linux. There are not really any users on the machine. There are mainly just service accounts for different oracle datababses. Each account needs to be tied to a certain windows account to allow only certain access to folders on the windows share. I have been messing around with the multiuser mount option and kerberos, but it's pretty ugly. I have added service accounts to a keytab and use the keytab to authenticate. That's fine until the ticket expires. So I have had to setup per user crontabs to get new tickets. Pain!!!
I did see that there are later versions of cifs-utils that has a program called cifscreds. It uses a keyring and does not need kerberos to authenticate. I have done a ton of googling, but cannot find reference to one person that this is working for. I am curious if any one else has run into this same situation, and if you have found a solution for it.