cifscreds

cifscreds { add | clear | update } [-u username] [-d domain] [-h server] [-v version] [-t type]

add
    Adds a new set of credentials to the keyring.

clear
    Removes an existing set of credentials from the keyring.

update
    Updates an existing set of credentials in the keyring.

-u username
    Specifies the username for the credentials. If not specified, it may prompt the user.

-d domain
    Specifies the domain name for the credentials. If not set it will try to use the user’s default kerberos realm

-h server
    Specifies the server name or IP address to associate with the credentials.

-v version
    Specifies the SMB version to use. (e.g., 1, 2.1, 3).

-t type
    Specifies the credential type (user or machine). If not specified it will use 'user'

The cifscreds utility manages credentials used for accessing Common Internet File System (CIFS) or Server Message Block (SMB) network shares. It allows users to securely store usernames and passwords for specific servers, enabling seamless authentication without requiring manual input each time a connection is established. It stores the credentials in kernel keyring allowing the credentials to be securely used from user space. The credentials can be stored as part of the user session or with a specified identifier (e.g. IP address). Using the tool, users can add, modify or remove credentials for particular servers.

This is crucial for automating tasks, scripting, and accessing network resources that require authentication without embedding sensitive information directly into scripts or configuration files. The keyring support used by `cifscreds` is also leveraged by other utilities and services, contributing to a consistent and secure authentication infrastructure.

Requires root privileges to manage credentials for other users or the system. The credentials are encrypted in the keyring, but access to the keyring itself must be properly secured.

The use of `cifscreds` enhances security compared to storing usernames and passwords in scripts. However, it is essential to protect the keyring itself from unauthorized access. Ensure proper permissions and access controls are in place for the keyring to prevent credential theft.

The `cifscreds` utility was developed as part of the Samba project to provide a more secure and streamlined way to manage authentication credentials for CIFS/SMB network shares. It was introduced to address the security risks associated with storing credentials in plain text and to simplify the process of authenticating to network shares, especially in automated environments. It leverages the Linux kernel keyring for secure storage.

mount.cifs(8), keyctl(1)