From: Simo Sorce <ssorce@redhat.com>
To: NeilBrown <neilb@suse.de>
Cc: Chuck Lever <chuck.lever@oracle.com>,
"J. Bruce Fields" <bfields@fieldses.org>,
Steve Dickson <SteveD@redhat.com>,
Linux NFS Mailing List <linux-nfs@vger.kernel.org>,
Simo Sorce <simo@redhat.com>
Subject: Re: [PATCH/RFC: nfs-utils] Common systemd unit files for nfs-utils.
Date: Thu, 6 Feb 2014 07:15:10 -0500 (EST) [thread overview]
Message-ID: <1159251059.5418996.1391688910525.JavaMail.root@redhat.com> (raw)
In-Reply-To: <20140206122751.41b2fbf9@notabene.brown>
----- Original Message -----
> On Wed, 5 Feb 2014 10:56:39 -0500 Chuck Lever <chuck.lever@oracle.com> wrote:
>
> > Hi Neil!
> >
> >
> > On Feb 4, 2014, at 10:09 PM, NeilBrown <neilb@suse.de> wrote:
> >
> > > On Tue, 4 Feb 2014 11:20:52 -0500 "J. Bruce Fields"
> > > <bfields@fieldses.org>
> > > wrote:
> > >
> > >> On Tue, Feb 04, 2014 at 09:34:52AM +1100, NeilBrown wrote:
> > >>> Also, I've been wondering if we could avoid the need to explicitly
> > >>> enable
> > >>> the gss stuff by gating it on the existence of /etc/krb5.keytab.
> > >>> Do you think that would be reasonable?
> > >>
> > >> That would be great. I hate that people have to care about these
> > >> support daemons, they should just be started automatically when they're
> > >> needed.
> > >>
> > >> Is /etc/krb5.keytab the best indicator?
> > >
> > > I was hoping you would tell me. :-)
> >
> > rpc.gssd has to run in cases where there is no /etc/krb5.keytab. Remember
> > the discussion we had last year about using root’s user credential as the
> > client’s machine credential? We want the kernel to be able to find out
> > whether there is a machine credential available, and one can be available
> > even if there is no keytab.
>
> Hi Chuck,
> thanks for reminding me about that! Yes we clearly cannot key
> off /etc/krb5.keytab for rpc.gssd.
>
> Maybe /etc/krb5.conf? Seems a bit lame.
> How about /etc/gssapi_mech.conf ?? rpc.gssd seems to exit if that doesn't
> exist. What if systemd is told not to run rpc.gssd if that file is
> missing?
-1
> I guess that otherwise we can make it on-by-default, but document that
> people
> can turn it off with
> systemctl mask rpc-gssd
big +1
> which is probably easier that requiring "systemctl enable nfs-secure".
I would really like to see nfs-secure go away, it is a "configuration option" not some entity you start anyway so it never made sense to me.
Simo.
--
Simo Sorce * Red Hat, Inc. * New York
next prev parent reply other threads:[~2014-02-06 12:15 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-01-30 6:24 [PATCH/RFC: nfs-utils] Common systemd unit files for nfs-utils NeilBrown
2014-01-30 15:04 ` Weston Andros Adamson
2014-01-30 17:56 ` Weston Andros Adamson
2014-01-30 18:52 ` J. Bruce Fields
2014-01-30 22:50 ` NeilBrown
2014-01-30 23:17 ` Jim Rees
2014-01-30 20:06 ` Steve Dickson
2014-01-30 22:14 ` NeilBrown
2014-01-31 15:19 ` Steve Dickson
2014-01-31 16:15 ` Steve Dickson
2014-02-03 21:01 ` Steve Dickson
2014-02-03 22:34 ` NeilBrown
2014-02-04 16:20 ` J. Bruce Fields
2014-02-04 16:30 ` Chuck Lever
2014-02-04 19:00 ` Steve Dickson
2014-02-06 12:32 ` Simo Sorce
2014-02-05 3:09 ` NeilBrown
2014-02-05 15:56 ` Chuck Lever
2014-02-06 1:27 ` NeilBrown
2014-02-06 12:15 ` Simo Sorce [this message]
2014-02-06 16:09 ` Chuck Lever
2014-02-06 16:19 ` J. Bruce Fields
2014-02-10 20:50 ` Steve Dickson
2014-02-11 4:50 ` NeilBrown
2014-02-11 12:38 ` Steve Dickson
2014-02-11 16:37 ` J. Bruce Fields
2014-02-11 16:47 ` Steve Dickson
2014-02-11 16:56 ` J. Bruce Fields
2014-02-11 20:12 ` Steve Dickson
2014-02-04 18:26 ` Steve Dickson
2014-02-04 18:48 ` Anthony Messina
2014-02-04 18:54 ` J. Bruce Fields
2014-02-05 3:55 ` NeilBrown
2014-02-11 12:56 ` Steve Dickson
2014-02-05 5:43 ` NeilBrown
2014-02-05 21:11 ` J. Bruce Fields
2014-02-06 0:58 ` NeilBrown
2014-02-13 19:39 ` Steve Dickson
2014-02-04 12:42 ` Anthony Messina
2014-02-04 13:24 ` Jeff Layton
2014-02-04 14:18 ` Anthony Messina
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1159251059.5418996.1391688910525.JavaMail.root@redhat.com \
--to=ssorce@redhat.com \
--cc=SteveD@redhat.com \
--cc=bfields@fieldses.org \
--cc=chuck.lever@oracle.com \
--cc=linux-nfs@vger.kernel.org \
--cc=neilb@suse.de \
--cc=simo@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.