[{"id":3674837,"web_url":"http://patchwork.ozlabs.org/comment/3674837/","msgid":"<CAH2r5mvPOSP2VMSHfZbDyQFx1fqzSyMqxB203+4FG9vFf5dMTw@mail.gmail.com>","list_archive_url":null,"date":"2026-04-08T15:59:06","subject":"Re: PATCH: cifs.upcall: Retry krb5 TGS request with uppercase service\n name","submitter":{"id":510,"url":"http://patchwork.ozlabs.org/api/people/510/","name":"Steve French","email":"smfrench@gmail.com"},"content":"merged into cifs-utils for-next pending additional review\n\nOn Wed, Apr 8, 2026 at 7:03 AM Samuel Cabrero <scabrero@suse.com> wrote:\n>\n> This patch allows to mount Azure Files shares using KRB5 authentication\n> provided by Entra KDC for native Entra accounts, like:\n>\n>    auser@tw:~> sudo mount -v -t cifs \\\n>        //astorageaccount.file.core.windows.net/share1 /mnt/azfiles/ \\\n>        -osec=krb5,cruid=auser,username=auser\n>\n>\n> After logging in with Himmelblau there will be a TGT in the user's\n> credential cache:\n>\n>    auser@tw:~> klist\n>    Ticket cache: KEYRING:persistent:1333365971:1333365971\n>    Default principal:\n>    auser\\@adomain.onmicrosoft.com@KERBEROS.MICROSOFTONLINE.COM\n>\n>    Valid starting     Expires            Service principal\n>    08/04/26 13:29:52  08/04/26 23:29:52\n>    krbtgt/KERBEROS.MICROSOFTONLINE.COM@KERBEROS.MICROSOFTONLINE.COM\n>         renew until 15/04/26 13:29:52\n>\n>\n> But when trying to mount the Azure Files share it will fail because the\n> Entra KDC always issues CIFS service tickets with uppercase 'CIFS'\n> service name even when the request is for lowercase 'cifs', causing the\n> TGS response validation to fail.\n>\n> This patch retries the TGS exchange with uppercase CIFS service name so\n> the service ticket is accepted and then used to mount the share.\n>\n>    auser@tw:~> klist\n>    Ticket cache: KEYRING:persistent:1333365971:1333365971\n>    Default principal:\n>    auser\\@adomain.onmicrosoft.com@KERBEROS.MICROSOFTONLINE.COM\n>\n>    Valid starting     Expires            Service principal\n>    08/04/26 13:30:06  08/04/26 14:30:06\n>    CIFS/astorageaccount.file.core.windows.net@KERBEROS.MICROSOFTONLINE.COM\n>    08/04/26 13:29:52  08/04/26 23:29:52\n>    krbtgt/KERBEROS.MICROSOFTONLINE.COM@KERBEROS.MICROSOFTONLINE.COM\n>         renew until 15/04/26 13:29:52","headers":{"Return-Path":"\n <linux-cifs+bounces-10724-incoming=patchwork.ozlabs.org@vger.kernel.org>","X-Original-To":["incoming@patchwork.ozlabs.org","linux-cifs@vger.kernel.org"],"Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256\n header.s=20251104 header.b=MismDL9P;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=2600:3c09:e001:a7::12fc:5321; helo=sto.lore.kernel.org;\n envelope-from=linux-cifs+bounces-10724-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)","smtp.subspace.kernel.org;\n\tdkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com\n header.b=\"MismDL9P\"","smtp.subspace.kernel.org;\n arc=pass smtp.client-ip=209.85.219.54","smtp.subspace.kernel.org;\n dmarc=pass (p=none dis=none) header.from=gmail.com","smtp.subspace.kernel.org;\n spf=pass smtp.mailfrom=gmail.com"],"Received":["from sto.lore.kernel.org (sto.lore.kernel.org\n [IPv6:2600:3c09:e001:a7::12fc:5321])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4frSSk6Gkyz1xv0\n\tfor <incoming@patchwork.ozlabs.org>; Thu, 09 Apr 2026 02:00:06 +1000 (AEST)","from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby sto.lore.kernel.org (Postfix) with ESMTP id 1C5CA3001FE7\n\tfor <incoming@patchwork.ozlabs.org>; Wed,  8 Apr 2026 15:59:23 +0000 (UTC)","from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id D0AE52D7DD4;\n\tWed,  8 Apr 2026 15:59:20 +0000 (UTC)","from mail-qv1-f54.google.com (mail-qv1-f54.google.com\n [209.85.219.54])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id 875A42EAD1B\n\tfor <linux-cifs@vger.kernel.org>; Wed,  8 Apr 2026 15:59:19 +0000 (UTC)","by mail-qv1-f54.google.com with SMTP id\n 6a1803df08f44-899a5db525cso58544936d6.3\n        for <linux-cifs@vger.kernel.org>;\n Wed, 08 Apr 2026 08:59:19 -0700 (PDT)"],"ARC-Seal":["i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1775663960; cv=pass;\n b=fvxFLKNXJfLaAGqqZFHbz71MevWPPlO3juEpVeLscCQNTrKgPTqH+ZeH9j7DFP090KWPF4tC+AN/VxAttz9jxQHpFfwPdkwjVP22jcD+5QO8Y0fY33WxXmdGP2OOXe7nbE8N5w7f3m5sg+XzmbT7ECi+Bh0Xystc8KVhkX0kVAo=","i=1; a=rsa-sha256; t=1775663958; cv=none;\n        d=google.com; s=arc-20240605;\n        b=lrux/c1Nf1d0PANgmsbdq18Kfvfa94LwGvWTQTO2LSlaboTg3NP7nJIgjK30nNFNq6\n         wro6stPnSh/1MyERFxwcnZtN19NCCNazGFWAd6NOWtUzoyGrRPi12wnPlT7OTA4wtz7j\n         1CpaRoLlAIhuNpGckDzD8T6aX4JG64VejP27jjRGM2m3dsguWP5N4+z6Q8mtKHfwL7h1\n         mRjS0CZXiJM0JfsEvcmR5yLlL6CrmCw6OJaWqlNdaFwzzPluxZj0w5pn8wyb6NSMnvi7\n         UPOLnqT4Oi6t3i9WqxRH2pIP/GU9mUF7KlOmkaThI1ReUkLRgL9LEME7Tr4Xf2wScB4I\n         /8jg=="],"ARC-Message-Signature":["i=2; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1775663960; c=relaxed/simple;\n\tbh=CpD45yIP+ZJp9cyUhANdN6Nn6j/5cSIE5D4iZnxwDCE=;\n\th=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject:\n\t To:Cc:Content-Type;\n b=AOv48xrGgWY4H5pEXxtKskHbmhkx7CuMM4zpRK/dm4K2nJBtbIEg/amvWpLWmpgyPpSfHE2+DZ9hQR5OQNq5tm57npSjf+j4STZmfIFHJa7YmxwU+rJifTgfpMZh4o7mOLGDcu1TN9TD19VB6Q3v6yHbmTwYe1/UPOQyIkg5NVU=","i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;\n s=arc-20240605;\n        h=content-transfer-encoding:cc:to:subject:message-id:date:from\n         :in-reply-to:references:mime-version:dkim-signature;\n        bh=KCXbYFEmPv0b9c+kdxCzTg+D7VxvMLGOfoeiAugqIMg=;\n        fh=7CUFWSGKpk5x5VKdYf2Uwc+No7AblJ3SQ9xw9nCFAf4=;\n        b=FBIdTH1G70sc2C/VVi6WThxNI4Wu1VqDabr1xYc+xrOMmNFscf6VKl1zfDH8+yDV14\n         Lo5OvjRxpkCrm1zq3ILiXqrXXoOoI2Zcrp/b3SEXE2wBVGIRuT+rhAOt5FgiHGbz/USy\n         RM20+2hOkjYdFrZnKKRiGINOgd7hn0nN3VIGobiJzHAuifaRhahXbd3dXyRfRv4Mna6R\n         zav5SfGKpPf7+dQajgC7Jo8Jsjf5sp/+vdRZgbchpkhCp9nVr5G0h8rzhQR9q3b0whTn\n         +VVA95eC6Sd8HiRrfcJncWCy8U/evR0kZfjwtXmKRgP1OEzXzy/F1JucM7Xiy9xO72nm\n         Lsvw==;\n        darn=vger.kernel.org"],"ARC-Authentication-Results":["i=2; smtp.subspace.kernel.org;\n dmarc=pass (p=none dis=none) header.from=gmail.com;\n spf=pass smtp.mailfrom=gmail.com;\n dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com\n header.b=MismDL9P; arc=pass smtp.client-ip=209.85.219.54","i=1; mx.google.com; arc=none"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n        d=gmail.com; s=20251104; t=1775663958; x=1776268758;\n darn=vger.kernel.org;\n        h=content-transfer-encoding:cc:to:subject:message-id:date:from\n         :in-reply-to:references:mime-version:from:to:cc:subject:date\n         :message-id:reply-to;\n        bh=KCXbYFEmPv0b9c+kdxCzTg+D7VxvMLGOfoeiAugqIMg=;\n        b=MismDL9PYCQJuR9K3AN15ngbUHV++m6QnYCQWyw0jUfFThqwieR9eT03ZPWtON75pR\n         +UpPzxMZnlHuJKnMgZsUfSC6M6tHyxqeJUlUBU6UN+fw1IFSJzehaxGvv3Ok6XySrhWr\n         EwI6Db81XrTTbX96HtKCLpZkrOrzCACDYqX/FG3kUJeYCzPW02xSo8hIIt+/ktuo6rrF\n         8CRBYv8Q5lGpV9A9ZvcvD7+kwxlWWmYU31pYIL+ZMHAk2062QxPxPF1wVPUantQ87WZM\n         7DgXFAu1Mqab6IOTkTaYhhPofgI38EGqaBuOUluw+ECTzyZyi5q/A/5WBCvenK0+xUC1\n         /vpg==","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n        d=1e100.net; s=20251104; t=1775663958; x=1776268758;\n        h=content-transfer-encoding:cc:to:subject:message-id:date:from\n         :in-reply-to:references:mime-version:x-gm-gg:x-gm-message-state:from\n         :to:cc:subject:date:message-id:reply-to;\n        bh=KCXbYFEmPv0b9c+kdxCzTg+D7VxvMLGOfoeiAugqIMg=;\n        b=TdviFVHESEbk/svvlN+uayRVuZ665vXjUSNFGyKnXoBkOWl/GT+cmE+Jo8g4+Ctnmt\n         TmYjNjeRRCQSWivlQ0mhWEnPcQVdk9AuNJteKXicRkzZU0yMx7y4936gQ2qYxGqj6bo7\n         /Zbw2Leqrdj6qyxeLSj90VdGpHewtuxQoAxA9bggdhy6gZupyaGQnoUK0UvUfJyf9TQM\n         RaRKeiVIGAFl75Rbn8dN7swaFh9y/0jBTxLoOhbC5DT63mW577duhDQA2AYBwXy6GEzC\n         4yi1CfqdAEAQNZtuQcX65cGiP9gSxtyT7PJQt63vZ7V0yNBEfq3AQWNZACuT1IAaH4Za\n         585g==","X-Gm-Message-State":"AOJu0YzswdUosL5W2Mhae8YEtXYJzNHVEh/KeCeIwAaseVMU3pz2w2H7\n\tVRa4Ho/uogKUJeQCl0CrwCvw2QN9oIizUFvmuXKUyqDcQx4RupbFXrFQJ9zc0v4rkfFjzPIzvsP\n\tNnYUGNjVLcQYiRGfjQG3OF9emIBpeVtM=","X-Gm-Gg":"AeBDievvqEzBO+YWcRD/X9XMfQpEko15rKWbuw468r1fd8Isz3AuroP/bok8wCrG97T\n\tgvfjR2EJJy3dHsHwVf4r0VZjG3bgOL4pwnV4AXUHhucubj1l0EUI/QSxaKa45bes99/tCUDuyqT\n\tNbmXUvZPzyGUR7Rh6Bzzu4GrhJrr+a0pnYE0GU56CfwjAosjfjsxVhD5GmfwweI5e8mxez9MnNZ\n\tL5EWtwN/qjoFKE6WvC0uhitxcLzMowIxWit0QSFf9S80rbhsyuraQaeN+ryPsU2WbU8OKfvcdSD\n\t/3Q2LFpihJuxRrfjqjwX9yr+wigm0J+7WbnbiJYWbazxQXyCBXIIp2tGQBwEifhZ38S8RXtUEZd\n\tBKFdcz7yYoG9OiLxkUPMrqGc9yDqCfAXJOGNjMYtwVK4OCvuzXqGIVgtRFwd5JdI=","X-Received":"by 2002:ad4:5bee:0:b0:8a1:42f5:2c8 with SMTP id\n 6a1803df08f44-8a702e838efmr343203086d6.16.1775663958237; Wed, 08 Apr 2026\n 08:59:18 -0700 (PDT)","Precedence":"bulk","X-Mailing-List":"linux-cifs@vger.kernel.org","List-Id":"<linux-cifs.vger.kernel.org>","List-Subscribe":"<mailto:linux-cifs+subscribe@vger.kernel.org>","List-Unsubscribe":"<mailto:linux-cifs+unsubscribe@vger.kernel.org>","MIME-Version":"1.0","References":"<4d96fd377f12876438f33a09d4342edc6151ec28.camel@suse.com>","In-Reply-To":"<4d96fd377f12876438f33a09d4342edc6151ec28.camel@suse.com>","From":"Steve French <smfrench@gmail.com>","Date":"Wed, 8 Apr 2026 10:59:06 -0500","X-Gm-Features":"AQROBzB2uk51O57A4MJM1FuhuehMKV4wnT4vx8k4u_qZct8vrS2Z6rG7MvxEoJc","Message-ID":"\n <CAH2r5mvPOSP2VMSHfZbDyQFx1fqzSyMqxB203+4FG9vFf5dMTw@mail.gmail.com>","Subject":"Re: PATCH: cifs.upcall: Retry krb5 TGS request with uppercase service\n name","To":"scabrero@suse.com","Cc":"linux-cifs@vger.kernel.org","Content-Type":"text/plain; charset=\"UTF-8\"","Content-Transfer-Encoding":"quoted-printable"}}]