r11471: Describe how kerberos forwarding works with the ntvfs.

author Andrew Bartlett <abartlet@samba.org>

Wed, 2 Nov 2005 04:24:04 +0000 (04:24 +0000)

committer Gerald (Jerry) Carter <jerry@samba.org>

Wed, 10 Oct 2007 18:45:41 +0000 (13:45 -0500)
author Andrew Bartlett <abartlet@samba.org>
Wed, 2 Nov 2005 04:24:04 +0000 (04:24 +0000)
committer Gerald (Jerry) Carter <jerry@samba.org>
Wed, 10 Oct 2007 18:45:41 +0000 (13:45 -0500)
diff --git a/source/ntvfs/cifs/README b/source/ntvfs/cifs/README

index c6232fe2db3c24a4d709a7d9ee26ea8e07b82109..31720612c207ca55675e01c1ab90e6f7a790a735 100644 (file)
--- a/source/ntvfs/cifs/README
+++ b/source/ntvfs/cifs/README
@@ -3,8 +3,13 @@ backend that talks to a remote CIFS server. The primary aim of this
  backend is for debugging and development, although some poeple may
  find it useful as a CIFS gateway.
  
+There are two modes of operation: Password specified and delegated
+credentials.
  
-Here is a typical config:
+Password specified:
+-------------------
+
+This uses a static username/password in the config file, example:
  
  [myshare]
         ntvfs handler = cifs
@@ -14,3 +19,22 @@ Here is a typical config:
         cifs:domain = TESTDOM
         cifs:share = test
  
+
+Delegated credentials:
+----------------------
+
+If your incoming user is authenticated with Kerberos, and the machine
+account for this Samba4 proxy server is 'trusted for delegation', then
+the Samba4 proxy can forward the client's credentials to the target.
+
+You must be joined to the domain (net join <domain> member).
+
+To set 'trusted for delegation' with MMC, see the checkbox in the
+Computer account property page under Users and Computers.
+
+[myshare]
+       ntvfs handler = cifs
+       cifs:server = myserver
+       cifs:share = test
+
+
author	Andrew Bartlett <abartlet@samba.org>
	Wed, 2 Nov 2005 04:24:04 +0000 (04:24 +0000)
committer	Gerald (Jerry) Carter <jerry@samba.org>
	Wed, 10 Oct 2007 18:45:41 +0000 (13:45 -0500)