cifs: use krb5_kt_default() to determine default keytab location

[jlayton/cifs-utils.git] / cifscreds.1

.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.ie \nF \{\
.    de IX
.    tm Index:\\$1\t\\n%\t"\\$2"
..
.    nr % 0
.    rr F
.\}
.el \{\
.    de IX
..
.\}
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
.    \" fudge factors for nroff and troff
.if n \{\
.    ds #H 0
.    ds #V .8m
.    ds #F .3m
.    ds #[ \f1
.    ds #] \fP
.\}
.if t \{\
.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
.    ds #V .6m
.    ds #F 0
.    ds #[ \&
.    ds #] \&
.\}
.    \" simple accents for nroff and troff
.if n \{\
.    ds ' \&
.    ds ` \&
.    ds ^ \&
.    ds , \&
.    ds ~ ~
.    ds /
.\}
.if t \{\
.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
.    \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
.    \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
.    \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
.    ds : e
.    ds 8 ss
.    ds o a
.    ds d- d\h'-1'\(ga
.    ds D- D\h'-1'\(hy
.    ds th \o'bp'
.    ds Th \o'LP'
.    ds ae ae
.    ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "CIFSCREDS 1"
.TH CIFSCREDS 1 "2012-07-17" "" ""
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
cifscreds \- manage NTLM credentials in kernel keyring
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
cifscreds add|clear|clearall|update [\-u username] [\-d] host|domain
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \fBcifscreds\fR program is a tool for managing credentials (username
and password) for the purpose of establishing sessions in multiuser
mounts.
.PP
When a cifs filesystem is mounted with the \*(L"multiuser\*(R" option, and does
not use krb5 authentication, it needs to be able to get the credentials
for each user from somewhere. The \fBcifscreds\fR program is the tool used
to provide these credentials to the kernel.
.PP
The first non-option argument to cifscreds is a command (see the
\&\fB\s-1COMMANDS\s0\fR section below). The second non-option argument is a hostname
or address, or an \s-1NT\s0 domain name.
.SH "COMMANDS"
.IX Header "COMMANDS"
.IP "\fBadd\fR" 4
.IX Item "add"
Add credentials to the kernel to be used for connecting to the given server, or servers in the given domain.
.IP "\fBclear\fR" 4
.IX Item "clear"
Clear credentials for a particular host or domain from the kernel.
.IP "\fBclearall\fR" 4
.IX Item "clearall"
Clear all cifs credentials from the kernel.
.IP "\fBupdate\fR" 4
.IX Item "update"
Update stored credentials in the kernel with a new username and
password.
.SH "OPTIONS"
.IX Header "OPTIONS"
.IP "\fB\-d\fR, \fB\-\-domain\fR" 4
.IX Item "-d, --domain"
The provided host/domain argument is a \s-1NT\s0 domainname.
.Sp
Ordinarily the second argument provided to cifscreds is treated as a
hostname or \s-1IP\s0 address. This option causes the cifscreds program to
treat that argument as an \s-1NT\s0 domainname instead.
.Sp
If there are not host specific credentials for the mounted server, then
the kernel will next look for a set of domain credentials equivalent to
the domain= option provided at mount time.
.IP "\fB\-u\fR, \fB\-\-username\fR" 4
.IX Item "-u, --username"
Ordinarily, the username is derived from the unix username of the user
adding the credentials. This option allows the user to substitute a
different username.
.SH "NOTES"
.IX Header "NOTES"
The cifscreds utility requires a kernel built with support for the
\&\fBlogin\fR key type. That key type was added in v3.3 in mainline Linux
kernels.
.PP
Since \fBcifscreds\fR adds keys to the session keyring, it is highly
recommended that one use \fBpam_keyinit\fR to ensure that a session keyring
is established at login time.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIpam_keyinit\fR\|(8)
.SH "AUTHORS"
.IX Header "AUTHORS"
The cifscreds program was originally developed by Igor Druzhinin
<jaxbrigs@gmail.com>. This manpage and a redesign of the code was done
by Jeff Layton <jlayton@samba.org>.