[Pkg-samba-maint] Bug#967972: cifs-utils: fails to mount filesystem when keyutils is not installed

Jonathon Reinhart jonathon.reinhart at gmail.com
Mon Jun 7 05:33:05 BST 2021


Some sources incorrectly indicate that keyutils is only needed with
DFS, but keyutils is also needed when using CIFS w/ Kerberos
authentication.

When trying to mount a CIFS share using kerberos (sec=krb5), the
kernel invokes /sbin/request-key to request a key from userspace. Then
cifs.upcall (from cifs-utils) is executed to handle the SPNEGO
authentication.

If keyutils is not installed, then /sbin/request-key is absent, and
the kernel is completely silent about this.

[  +0.497021] CIFS VFS: Send error in SessSetup = -2
[  +0.000992] CIFS VFS: cifs_mount failed w/return code = -2

Thus, I strongly agree with the proposal for cifs-utils to *Recommend*
keyutils, rather than merely *Suggesting* it.



More information about the Pkg-samba-maint mailing list