summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2005-11-02 04:24:04 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:45:41 -0500
commite3b42c55ebd7e16853ceb7da73e8d4ccf74e3a13 (patch)
treeff412b7bd5453ded61086991a56284b027bec0af
parent20debaa289d7f035e74d2044f1fbea18ce85b1db (diff)
downloadsamba-e3b42c55ebd7e16853ceb7da73e8d4ccf74e3a13.tar.gz
samba-e3b42c55ebd7e16853ceb7da73e8d4ccf74e3a13.tar.bz2
samba-e3b42c55ebd7e16853ceb7da73e8d4ccf74e3a13.zip
r11471: Describe how kerberos forwarding works with the ntvfs.
Andrew Bartlett (This used to be commit 66d7a51394b26bf9e8737477af965d08d9efde6d)
-rw-r--r--source4/ntvfs/cifs/README26
1 files changed, 25 insertions, 1 deletions
diff --git a/source4/ntvfs/cifs/README b/source4/ntvfs/cifs/README
index c6232fe2db..31720612c2 100644
--- a/source4/ntvfs/cifs/README
+++ b/source4/ntvfs/cifs/README
@@ -3,8 +3,13 @@ backend that talks to a remote CIFS server. The primary aim of this
backend is for debugging and development, although some poeple may
find it useful as a CIFS gateway.
+There are two modes of operation: Password specified and delegated
+credentials.
-Here is a typical config:
+Password specified:
+-------------------
+
+This uses a static username/password in the config file, example:
[myshare]
ntvfs handler = cifs
@@ -14,3 +19,22 @@ Here is a typical config:
cifs:domain = TESTDOM
cifs:share = test
+
+Delegated credentials:
+----------------------
+
+If your incoming user is authenticated with Kerberos, and the machine
+account for this Samba4 proxy server is 'trusted for delegation', then
+the Samba4 proxy can forward the client's credentials to the target.
+
+You must be joined to the domain (net join <domain> member).
+
+To set 'trusted for delegation' with MMC, see the checkbox in the
+Computer account property page under Users and Computers.
+
+[myshare]
+ ntvfs handler = cifs
+ cifs:server = myserver
+ cifs:share = test
+
+