cifscreds (1)

Manage ntlm credentials in kernel keyring

  1. Carta.tech
  2. Man Pages
  3. Executable programs or shell commands
  4. cifscreds: Manage ntlm credentials in kernel keyring
  1. Carta.tech
  2. Packages
  3. cifs-utils
  4. cifscreds: Manage ntlm credentials in kernel keyring

SYNOPSIS

cifscreds add|clear|clearall|update [-u username] [-d] host|domain

DESCRIPTION

The cifscreds program is a tool for managing credentials (username and password) for the purpose of establishing sessions in multiuser mounts.

When a cifs filesystem is mounted with the \*(L"multiuser\*(R" option, and does not use krb5 authentication, it needs to be able to get the credentials for each user from somewhere. The cifscreds program is the tool used to provide these credentials to the kernel.

The first non-option argument to cifscreds is a command (see the \s-1COMMANDS\s0 section below). The second non-option argument is a hostname or address, or an \s-1NT\s0 domain name.

COMMANDS

add

Add credentials to the kernel to be used for connecting to the given server, or servers in the given domain.

clear

Clear credentials for a particular host or domain from the kernel.

clearall

Clear all cifs credentials from the kernel.

update

Update stored credentials in the kernel with a new username and password.

OPTIONS

-d, --domain

The provided host/domain argument is a \s-1NT\s0 domainname. Ordinarily the second argument provided to cifscreds is treated as a hostname or \s-1IP\s0 address. This option causes the cifscreds program to treat that argument as an \s-1NT\s0 domainname instead. If there are not host specific credentials for the mounted server, then the kernel will next look for a set of domain credentials equivalent to the domain= option provided at mount time.

-u, --username

Ordinarily, the username is derived from the unix username of the user adding the credentials. This option allows the user to substitute a different username.

NOTES

The cifscreds utility requires a kernel built with support for the login key type. That key type was added in v3.3 in mainline Linux kernels.

Since cifscreds adds keys to the session keyring, it is highly recommended that one use pam_keyinit to ensure that a session keyring is established at login time.

RELATED TO cifscreds…

pam_keyinit\|(8)

AUTHORS

The cifscreds program was originally developed by Igor Druzhinin <[email protected]>. This manpage and a redesign of the code was done by Jeff Layton <[email protected]>.