Mount CIFS as user using sign in credentials

Hi,

At my company, we implemented jupyterhub through k8s. We had to adjust it some to make it work in openshift, which we managed.

The most complicated part was getting CIFS shares to work inside the user space. We want to let users mount their network home folder and a public folder, but as their specific user.

Right now, what I did was allow enough rights for the user to sudo mount and make the users create credentials files to maintain their user/password.

The trouble is that we have a 90 day password change policy, which makes this break more often than we’d like.

Is there anyone who knows how to get the CIFS mounts to bind using the credentials used during the jupyterhub login process?

At the moment, we’re using an Azure AD authenticator which gives a web-like SSO experience, but best I can tell, there’s not a clear way to make those creds available in a jupyterhub hook to mount the drive for the user.

We implemented 0.9.1, which I know is out of date, but reading the changelog, I do not see anything which makes me think that it will be any easier to implement in a newer version. If I’m wrong, please let me know, but if not, I prefer not to get side tracked on a discussion of why I should upgrade.

Thanks,

John

We also use AzureAD as login and have the jupyterhub servers joined in AD. Having the servers joined makes it possible to use autofs to mount the home dirs on demand by using getent to fish out the needed user info like uids and gids and samba mount the home dir with the right permissions. We are not using k8s though, just regular old fashioned VMs in Azure as we could never figure out how to join a container in AD.
(we have a semi automatic setup in azure based on terraform/ansible for the VMs, and use the Web Application Firewall for load-balancing and traffic monitoring)
I can provide more technical details if anyone is interested.
Roy