2
.\" Author: [see the "AUTHOR" section]
3
.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
5
.\" Manual: System Administration tools
9
.TH "CIFS\&.UPCALL" "8" "10/29/2009" "Samba 3\&.4" "System Administration tools"
10
.\" -----------------------------------------------------------------
11
.\" * (re)Define some macros
12
.\" -----------------------------------------------------------------
13
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
14
.\" toupper - uppercase a string (locale-aware)
15
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
17
.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
19
.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
21
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
22
.\" SH-xref - format a cross-reference to an SH section
23
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
32
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
33
.\" SH - level-one heading that works better for non-TTY output
34
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
36
.\" put an extra blank line of space above the head in non-TTY output
43
.nr an-prevailing-indent \\n[IN]
47
.HTML-TAG ".NH \\n[an-level]"
49
.nr an-no-space-flag 1
51
\." make the size of the head bigger
56
.\" if n (TTY output), use uppercase
61
.\" if not n (not TTY), use normal case (not uppercase)
65
.\" if not n (not TTY), put a border/line under subheading
70
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
71
.\" SS - level-two heading that works better for non-TTY output
72
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
77
.nr an-prevailing-indent \\n[IN]
82
.nr an-no-space-flag 1
85
\." make the size of the head bigger
91
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
92
.\" BB/BE - put background/screen (filled box) around block of text
93
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
106
.if "\\$2"adjust-for-leading-newline" \{\
114
.nr BW \\n(.lu-\\n(.i
117
.ie "\\$2"adjust-for-leading-newline" \{\
118
\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
121
\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
132
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
133
.\" BM/EM - put colored marker in margin next to block of text
134
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
151
\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
159
.\" -----------------------------------------------------------------
160
.\" * set default formatting
161
.\" -----------------------------------------------------------------
162
.\" disable hyphenation
164
.\" disable justification (adjust text to left margin only)
166
.\" -----------------------------------------------------------------
167
.\" * MAIN CONTENT STARTS HERE *
168
.\" -----------------------------------------------------------------
170
cifs.upcall \- Userspace upcall helper for Common Internet File System (CIFS)
174
\FCcifs\&.upcall\F[] [\-\-trust\-dns|\-t] [\-\-version|\-v] {keyid}
178
This tool is part of the
182
cifs\&.upcall is a userspace helper program for the linux CIFS client filesystem\&. There are a number of activities that the kernel cannot easily do itself\&. This program is a callout program that does these things for the kernel and then returns the result\&.
184
cifs\&.upcall is generally intended to be run when the kernel calls request\-key(8)
185
for a particular key type\&. While it can be run directly from the command\-line, it\'s not generally intended to be run that way\&.
190
This option is deprecated and is currently ignored\&.
195
With krb5 upcalls, the name used as the host portion of the service principal defaults to the hostname portion of the UNC\&. This option allows the upcall program to reverse resolve the network address of the server in order to get the hostname\&.
197
This is less secure than not trusting DNS\&. When using this option, it\'s possible that an attacker could get control of DNS and trick the client into mounting a different server altogether\&. It\'s preferable to instead add server principals to the KDC for every possible hostname, but this option exists for cases where that isn\'t possible\&. The default is to not trust reverse hostname lookups in this fashion\&.
202
Print version number and exit\&.
204
.SH "CONFIGURATION FOR KEYCTL"
206
cifs\&.upcall is designed to be called from the kernel via the request\-key callout program\&. This requires that request\-key be told where and how to call this program\&. The current cifs\&.upcall program handles two different key types:
210
This keytype is for retrieving kerberos session keys
215
This key type is for resolving hostnames into IP addresses
218
To make this program useful for CIFS, you\'ll need to set up entries for them in request\-key\&.conf(5)\&. Here\'s an example of an entry for each key type:
229
.BB lightgray adjust-for-leading-newline
232
#OPERATION TYPE D C PROGRAM ARG1 ARG2\&.\&.\&.
233
#========= ============= = = ================================
234
create cifs\&.spnego * * /usr/local/sbin/cifs\&.upcall %k
235
create dns_resolver * * /usr/local/sbin/cifs\&.upcall %k
236
.EB lightgray adjust-for-leading-newline
248
\fBrequest-key.conf5\fR()
249
for more info on each field\&.
253
\fBrequest-key.conf\fR(5),
257
Igor Mammedov wrote the cifs\&.upcall program\&.
259
Jeff Layton authored this manpage\&.
261
The maintainer of the Linux CIFS VFS is Steve French\&.
264
Linux CIFS Mailing list
265
is the preferred place to ask questions regarding these programs\&.