Comment 3 for bug 236830

I'm afraid you'll find that sec=krb5 consistently gives the following results:

$ mount.cifs //borges/pub /tmp/testmount -osec=krb5
Password:
mount error 38 = Function not implemented
Refer to the mount.cifs(8) manual page (e.g.man mount.cifs)
$

Of course, mount.cifs(8) doesn't give any information about the implementation status of krb5 authentication.

And unfortunately, krb5 authentication support in mount.cifs was never tested prior to migrating the packages away from smbfs; since there were no indications to the contrary in any of the documentation, I assumed that it was implemented and never thought to double-check this since none of my normal test servers are joined to AD. This is frustrating for me as well, as this is consequently the single biggest problem with the kernel cifs implementation -- far more relevant than incompatibilites with OS/2 or old Windows 9x servers -- but there had been virtually no discussion of this on the relevant lists when laying out the plans for dropping smbfs support (which has now been done completely in the upstream kernel).

It appears, according to fs/cifs/README in the kernel tree, that kerberos authentication is possible if the kernel is built with CONFIG_CIFS_EXPERIMENTAL. It's probably too late to enable this for 8.04.1 now, but we could talk to the kernel team about getting this enabled for .2. But even with that, it appears that the Kerberos userspace upcall helper needed for this is only available as part of samba 3.2, which is not yet released and certainly not shipped in 8.04.