Free Knowledge Resources


Linux Manual Pages


Free Software * Books

Source Code

Free Media

Linux

cifs.upcall(8)


NAME

   cifs.upcall - Userspace upcall helper for Common Internet File System
   (CIFS)

SYNOPSIS

   cifs.upcall [--trust-dns|-t] [--version|-v] [--legacy-uid|-l]
    [--krb5conf=/path/to/krb5.conf|-k /path/to/krb5.conf]
    [--keytab=/path/to/keytab|-K /path/to/keytab] {keyid}

DESCRIPTION

   This tool is part of the cifs-utils suite.

   cifs.upcall is a userspace helper program for the linux CIFS client
   filesystem. There are a number of activities that the kernel cannot
   easily do itself. This program is a callout program that does these
   things for the kernel and then returns the result.

   cifs.upcall is generally intended to be run when the kernel calls
   request-key(8) for a particular key type. While it can be run directly
   from the command-line, its not generally intended to be run that way.

OPTIONS

   -c
       This option is deprecated and is currently ignored.

   --krb5conf=/path/to/krb5.conf|-k /path/to/krb5.conf
       This option allows administrators to set an alternate location for
       the krb5.conf file that cifs.upcall will use.

   --keytab=/path/to/keytab|-K /path/to/keytab
       This option allows administrators to specify a keytab file to be
       used. When a user has no credential cache already established,
       cifs.upcall will attempt to use this keytab to acquire them. The
       default is the system-wide keytab /etc/krb5.keytab.

   --trust-dns|-t
       With krb5 upcalls, the name used as the host portion of the service
       principal defaults to the hostname portion of the UNC. This option
       allows the upcall program to reverse resolve the network address of
       the server in order to get the hostname.

       This is less secure than not trusting DNS. When using this option,
       its possible that an attacker could get control of DNS and trick
       the client into mounting a different server altogether. Its
       preferable to instead add server principals to the KDC for every
       possible hostname, but this option exists for cases where that
       isnt possible. The default is to not trust reverse hostname
       lookups in this fashion.

   --legacy-uid|-l
       Traditionally, the kernel has sent only a single uid= parameter to
       the upcall for the SPNEGO upcall thats used to determine what
       user's credential cache to use. This parameter is affected by the
       uid= mount option, which also governs the ownership of files on the
       mount.

       Newer kernels send a creduid= option as well, which contains what
       uid it thinks actually owns the credentials that its looking for.
       At mount time, this is generally set to the real uid of the user
       doing the mount. For multisession mounts, it's set to the fsuid of
       the mount user. Set this option if you want cifs.upcall to use the
       older uid= parameter instead of the creduid= parameter.

   --version|-v
       Print version number and exit.

CONFIGURATION FOR KEYCTL

   cifs.upcall is designed to be called from the kernel via the
   request-key callout program. This requires that request-key be told
   where and how to call this program. The current cifs.upcall program
   handles two different key types:

   cifs.spnego
       This keytype is for retrieving kerberos session keys

   dns_resolver
       This key type is for resolving hostnames into IP addresses. Support
       for this key type may eventually be deprecated (see below).

   To make this program useful for CIFS, youll need to set up entries for
   them in request-key.conf(5). Heres an example of an entry for each key
   type:

       #OPERATION  TYPE           D C PROGRAM ARG1 ARG2...
       #=========  =============  = = ================================
       create      cifs.spnego    * * /usr/sbin/cifs.upcall %k
       create      dns_resolver   * * /usr/sbin/cifs.upcall %k

   See request-key.conf(5) for more info on each field.

   The keyutils package has also started including a dns_resolver handling
   program as well that is preferred over the one in cifs.upcall. If you
   are using a keyutils version equal to or greater than 1.5, you should
   use key.dns_resolver to handle the dns_resolver keytype instead of
   cifs.upcall. See key.dns_resolver(8) for more info.

SEE ALSO

   request-key.conf(5), mount.cifs(8), key.dns_resolver(8)

AUTHOR

   Igor Mammedov wrote the cifs.upcall program.

   Jeff Layton authored this manpage.

   The maintainer of the Linux CIFS VFS is Steve French.

   The Linux CIFS Mailing list is the preferred place to ask questions
   regarding these programs.



Opportunity


Personal Opportunity - Free software gives you access to billions of dollars of software at no cost. Use this software for your business, personal use or to develop a profitable skill. Access to source code provides access to a level of capabilities/information that companies protect though copyrights. Open source is a core component of the Internet and it is available to you. Leverage the billions of dollars in resources and capabilities to build a career, establish a business or change the world. The potential is endless for those who understand the opportunity.

Business Opportunity - Goldman Sachs, IBM and countless large corporations are leveraging open source to reduce costs, develop products and increase their bottom lines. Learn what these companies know about open source and how open source can give you the advantage.



Free Software


Free Software provides computer programs and capabilities at no cost but more importantly, it provides the freedom to run, edit, contribute to, and share the software. The importance of free software is a matter of access, not price. Software at no cost is a benefit but ownership rights to the software and source code is far more significant.

Free Office Software - The Libre Office suite provides top desktop productivity tools for free. This includes, a word processor, spreadsheet, presentation engine, drawing and flowcharting, database and math applications. Libre Office is available for Linux or Windows.



Free Books


The Free Books Library is a collection of thousands of the most popular public domain books in an online readable format. The collection includes great classical literature and more recent works where the U.S. copyright has expired. These books are yours to read and use without restrictions.

Source Code - Want to change a program or know how it works? Open Source provides the source code for its programs so that anyone can use, modify or learn how to write those programs themselves. Visit the GNU source code repositories to download the source.



Education


Study at Harvard, Stanford or MIT - Open edX provides free online courses from Harvard, MIT, Columbia, UC Berkeley and other top Universities. Hundreds of courses for almost all major subjects and course levels. Open edx also offers some paid courses and selected certifications.

Linux Manual Pages - A man or manual page is a form of software documentation found on Linux/Unix operating systems. Topics covered include computer programs (including library and system calls), formal standards and conventions, and even abstract concepts.


birds banner