Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

cifscreds(1) [centos man page]

CIFSCREDS(1)															      CIFSCREDS(1)

cifscreds - manage NTLM credentials in kernel keyring SYNOPSIS
cifscreds add|clear|clearall|update [-u username] [-d] host|domain DESCRIPTION
The cifscreds program is a tool for managing credentials (username and password) for the purpose of establishing sessions in multiuser mounts. When a cifs filesystem is mounted with the "multiuser" option, and does not use krb5 authentication, it needs to be able to get the credentials for each user from somewhere. The cifscreds program is the tool used to provide these credentials to the kernel. The first non-option argument to cifscreds is a command (see the COMMANDS section below). The second non-option argument is a hostname or address, or an NT domain name. COMMANDS
add Add credentials to the kernel to be used for connecting to the given server, or servers in the given domain. clear Clear credentials for a particular host or domain from the kernel. clearall Clear all cifs credentials from the kernel. update Update stored credentials in the kernel with a new username and password. OPTIONS
-d, --domain The provided host/domain argument is a NT domainname. Ordinarily the second argument provided to cifscreds is treated as a hostname or IP address. This option causes the cifscreds program to treat that argument as an NT domainname instead. If there are not host specific credentials for the mounted server, then the kernel will next look for a set of domain credentials equivalent to the domain= option provided at mount time. -u, --username Ordinarily, the username is derived from the unix username of the user adding the credentials. This option allows the user to substitute a different username. NOTES
The cifscreds utility requires a kernel built with support for the login key type. That key type was added in v3.3 in mainline Linux kernels. Since cifscreds adds keys to the session keyring, it is highly recommended that one use pam_keyinit to ensure that a session keyring is established at login time. SEE ALSO
pam_keyinit(8) AUTHORS
The cifscreds program was originally developed by Igor Druzhinin <>. This manpage and a redesign of the code was done by Jeff Layton <>. 2012-07-17 CIFSCREDS(1)

Check Out this Related Man Page

GETPEEREID(3)						   BSD Library Functions Manual 					     GETPEEREID(3)

getpeereid -- get the effective credentials of a UNIX-domain peer LIBRARY
Standard C Library (libc, -lc) SYNOPSIS
#include <sys/types.h> #include <unistd.h> int getpeereid(int s, uid_t *euid, gid_t *egid); DESCRIPTION
The getpeereid() function returns the effective user and group IDs of the peer connected to a UNIX-domain socket. The argument s must be a UNIX-domain socket (unix(4)) of type SOCK_STREAM on which either connect(2) or listen(2) have been called. The effective used ID is placed in euid, and the effective group ID in egid. The credentials returned to the listen(2) caller are those of its peer at the time it called connect(2); the credentials returned to the connect(2) caller are those of its peer at the time it called listen(2). This mechanism is reliable; there is no way for either side to influence the credentials returned to its peer except by calling the appropriate system call (i.e., either connect(2) or listen(2)) under different effective credentials. One common use of this routine is for a UNIX-domain server to verify the credentials of its client. Likewise, the client can verify the cre- dentials of the server. IMPLEMENTATION NOTES
On FreeBSD, getpeereid() is implemented in terms of the LOCAL_PEERCRED unix(4) socket option. RETURN VALUES
The getpeereid() function returns the value 0 if successful; otherwise the value -1 is returned and the global variable errno is set to indi- cate the error. ERRORS
The getpeereid() function fails if: [EBADF] The argument s is not a valid descriptor. [ENOTSOCK] The argument s is a file, not a socket. [ENOTCONN] The argument s does not refer to a socket on which connect(2) or listen(2) have been called. [EINVAL] The argument s does not refer to a socket of type SOCK_STREAM, or the kernel returned invalid data. SEE ALSO
connect(2), getpeername(2), getsockname(2), getsockopt(2), listen(2), unix(4) HISTORY
The getpeereid() function appeared in FreeBSD 4.6. BSD
July 15, 2001 BSD
Man Page