|  | config CIFS | 
|  | tristate "SMB3 and CIFS support (advanced network filesystem)" | 
|  | depends on INET | 
|  | select NLS | 
|  | select CRYPTO | 
|  | select CRYPTO_MD4 | 
|  | select CRYPTO_MD5 | 
|  | select CRYPTO_SHA256 | 
|  | select CRYPTO_CMAC | 
|  | select CRYPTO_HMAC | 
|  | select CRYPTO_ARC4 | 
|  | select CRYPTO_AEAD2 | 
|  | select CRYPTO_CCM | 
|  | select CRYPTO_ECB | 
|  | select CRYPTO_AES | 
|  | select CRYPTO_DES | 
|  | help | 
|  | This is the client VFS module for the SMB3 family of NAS protocols, | 
|  | as well as for earlier dialects such as SMB2.1, SMB2 and the | 
|  | Common Internet File System (CIFS) protocol.  CIFS was the successor | 
|  | to the original dialect, the Server Message Block (SMB) protocol, the | 
|  | native file sharing mechanism for most early PC operating systems. | 
|  |  | 
|  | The SMB3 protocol is supported by most modern operating systems and | 
|  | NAS appliances (e.g. Samba, Windows 8, Windows 2012, MacOS). | 
|  | The older CIFS protocol was included in Windows NT4, 2000 and XP (and | 
|  | later) as well by Samba (which provides excellent CIFS and SMB3 | 
|  | server support for Linux and many other operating systems). Limited | 
|  | support for OS/2 and Windows ME and similar very old servers is | 
|  | provided as well. | 
|  |  | 
|  | The cifs module provides an advanced network file system client | 
|  | for mounting to SMB3 (and CIFS) compliant servers.  It includes | 
|  | support for DFS (hierarchical name space), secure per-user | 
|  | session establishment via Kerberos or NTLM or NTLMv2, | 
|  | safe distributed caching (oplock), optional packet | 
|  | signing, Unicode and other internationalization improvements. | 
|  |  | 
|  | In general, the default dialects, SMB3 and later, enable better | 
|  | performance, security and features, than would be possible with CIFS. | 
|  | Note that when mounting to Samba, due to the CIFS POSIX extensions, | 
|  | CIFS mounts can provide slightly better POSIX compatibility | 
|  | than SMB3 mounts. SMB2/SMB3 mount options are also | 
|  | slightly simpler (compared to CIFS) due to protocol improvements. | 
|  |  | 
|  | If you need to mount to Samba, Macs or Windows from this machine, say Y. | 
|  |  | 
|  | config CIFS_STATS | 
|  | bool "CIFS statistics" | 
|  | depends on CIFS | 
|  | help | 
|  | Enabling this option will cause statistics for each server share | 
|  | mounted by the cifs client to be displayed in /proc/fs/cifs/Stats | 
|  |  | 
|  | config CIFS_STATS2 | 
|  | bool "Extended statistics" | 
|  | depends on CIFS_STATS | 
|  | help | 
|  | Enabling this option will allow more detailed statistics on SMB | 
|  | request timing to be displayed in /proc/fs/cifs/DebugData and also | 
|  | allow optional logging of slow responses to dmesg (depending on the | 
|  | value of /proc/fs/cifs/cifsFYI, see fs/cifs/README for more details). | 
|  | These additional statistics may have a minor effect on performance | 
|  | and memory utilization. | 
|  |  | 
|  | Unless you are a developer or are doing network performance analysis | 
|  | or tuning, say N. | 
|  |  | 
|  | config CIFS_WEAK_PW_HASH | 
|  | bool "Support legacy servers which use weaker LANMAN security" | 
|  | depends on CIFS | 
|  | help | 
|  | Modern CIFS servers including Samba and most Windows versions | 
|  | (since 1997) support stronger NTLM (and even NTLMv2 and Kerberos) | 
|  | security mechanisms. These hash the password more securely | 
|  | than the mechanisms used in the older LANMAN version of the | 
|  | SMB protocol but LANMAN based authentication is needed to | 
|  | establish sessions with some old SMB servers. | 
|  |  | 
|  | Enabling this option allows the cifs module to mount to older | 
|  | LANMAN based servers such as OS/2 and Windows 95, but such | 
|  | mounts may be less secure than mounts using NTLM or more recent | 
|  | security mechanisms if you are on a public network.  Unless you | 
|  | have a need to access old SMB servers (and are on a private | 
|  | network) you probably want to say N.  Even if this support | 
|  | is enabled in the kernel build, LANMAN authentication will not be | 
|  | used automatically. At runtime LANMAN mounts are disabled but | 
|  | can be set to required (or optional) either in | 
|  | /proc/fs/cifs (see fs/cifs/README for more detail) or via an | 
|  | option on the mount command. This support is disabled by | 
|  | default in order to reduce the possibility of a downgrade | 
|  | attack. | 
|  |  | 
|  | If unsure, say N. | 
|  |  | 
|  | config CIFS_UPCALL | 
|  | bool "Kerberos/SPNEGO advanced session setup" | 
|  | depends on CIFS && KEYS | 
|  | select DNS_RESOLVER | 
|  | help | 
|  | Enables an upcall mechanism for CIFS which accesses userspace helper | 
|  | utilities to provide SPNEGO packaged (RFC 4178) Kerberos tickets | 
|  | which are needed to mount to certain secure servers (for which more | 
|  | secure Kerberos authentication is required). If unsure, say Y. | 
|  |  | 
|  | config CIFS_XATTR | 
|  | bool "CIFS extended attributes" | 
|  | depends on CIFS | 
|  | help | 
|  | Extended attributes are name:value pairs associated with inodes by | 
|  | the kernel or by users (see the attr(5) manual page, or visit | 
|  | <http://acl.bestbits.at/> for details).  CIFS maps the name of | 
|  | extended attributes beginning with the user namespace prefix | 
|  | to SMB/CIFS EAs. EAs are stored on Windows servers without the | 
|  | user namespace prefix, but their names are seen by Linux cifs clients | 
|  | prefaced by the user namespace prefix. The system namespace | 
|  | (used by some filesystems to store ACLs) is not supported at | 
|  | this time. | 
|  |  | 
|  | If unsure, say Y. | 
|  |  | 
|  | config CIFS_POSIX | 
|  | bool "CIFS POSIX Extensions" | 
|  | depends on CIFS_XATTR | 
|  | help | 
|  | Enabling this option will cause the cifs client to attempt to | 
|  | negotiate a newer dialect with servers, such as Samba 3.0.5 | 
|  | or later, that optionally can handle more POSIX like (rather | 
|  | than Windows like) file behavior.  It also enables | 
|  | support for POSIX ACLs (getfacl and setfacl) to servers | 
|  | (such as Samba 3.10 and later) which can negotiate | 
|  | CIFS POSIX ACL support.  If unsure, say N. | 
|  |  | 
|  | config CIFS_ACL | 
|  | bool "Provide CIFS ACL support" | 
|  | depends on CIFS_XATTR && KEYS | 
|  | help | 
|  | Allows fetching CIFS/NTFS ACL from the server.  The DACL blob | 
|  | is handed over to the application/caller.  See the man | 
|  | page for getcifsacl for more information.  If unsure, say Y. | 
|  |  | 
|  | config CIFS_DEBUG | 
|  | bool "Enable CIFS debugging routines" | 
|  | default y | 
|  | depends on CIFS | 
|  | help | 
|  | Enabling this option adds helpful debugging messages to | 
|  | the cifs code which increases the size of the cifs module. | 
|  | If unsure, say Y. | 
|  | config CIFS_DEBUG2 | 
|  | bool "Enable additional CIFS debugging routines" | 
|  | depends on CIFS_DEBUG | 
|  | help | 
|  | Enabling this option adds a few more debugging routines | 
|  | to the cifs code which slightly increases the size of | 
|  | the cifs module and can cause additional logging of debug | 
|  | messages in some error paths, slowing performance. This | 
|  | option can be turned off unless you are debugging | 
|  | cifs problems.  If unsure, say N. | 
|  |  | 
|  | config CIFS_DEBUG_DUMP_KEYS | 
|  | bool "Dump encryption keys for offline decryption (Unsafe)" | 
|  | depends on CIFS_DEBUG | 
|  | help | 
|  | Enabling this will dump the encryption and decryption keys | 
|  | used to communicate on an encrypted share connection on the | 
|  | console. This allows Wireshark to decrypt and dissect | 
|  | encrypted network captures. Enable this carefully. | 
|  | If unsure, say N. | 
|  |  | 
|  | config CIFS_DFS_UPCALL | 
|  | bool "DFS feature support" | 
|  | depends on CIFS && KEYS | 
|  | select DNS_RESOLVER | 
|  | help | 
|  | Distributed File System (DFS) support is used to access shares | 
|  | transparently in an enterprise name space, even if the share | 
|  | moves to a different server.  This feature also enables | 
|  | an upcall mechanism for CIFS which contacts userspace helper | 
|  | utilities to provide server name resolution (host names to | 
|  | IP addresses) which is needed for implicit mounts of DFS junction | 
|  | points. If unsure, say Y. | 
|  |  | 
|  | config CIFS_NFSD_EXPORT | 
|  | bool "Allow nfsd to export CIFS file system" | 
|  | depends on CIFS && BROKEN | 
|  | help | 
|  | Allows NFS server to export a CIFS mounted share (nfsd over cifs) | 
|  |  | 
|  | config CIFS_SMB311 | 
|  | bool "SMB3.1.1 network file system support (Experimental)" | 
|  | depends on CIFS | 
|  |  | 
|  | help | 
|  | This enables experimental support for the newest, SMB3.1.1, dialect. | 
|  | This dialect includes improved security negotiation features. | 
|  | If unsure, say N | 
|  |  | 
|  | config CIFS_FSCACHE | 
|  | bool "Provide CIFS client caching support" | 
|  | depends on CIFS=m && FSCACHE || CIFS=y && FSCACHE=y | 
|  | help | 
|  | Makes CIFS FS-Cache capable. Say Y here if you want your CIFS data | 
|  | to be cached locally on disk through the general filesystem cache | 
|  | manager. If unsure, say N. | 
|  |  |