On Tue, 12 Mar 2019, Sumit Bose wrote:
If I understand the "multiuser" option correctly it should be possible to use Kerberos credentials stored during login if sec=krb5 or sec=krb5i is used. For NTLM there is pam_cifscreds which can be added to the PAM configuration. You might have to add the 'forward_pass' to pam_sss.so in the auth section as well to make sure pam_sss will put the password on the PAM stack for other modules.
You do indeed understand the option correctly. We use sec=krb5,multiuser quite happily that way, getcifsacl returns sensible information, and access is controlled using per-user krb5 as expected. jh _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
