From: "J. Bruce Fields" <bfields@fieldses.org>
To: Steve Dickson <SteveD@redhat.com>
Cc: NeilBrown <neilb@suse.de>, Simo Sorce <simo@redhat.com>,
Linux NFS Mailing list <linux-nfs@vger.kernel.org>
Subject: Re: [PATCH 1/2] nfs-service: Added the starting of gssproxy
Date: Wed, 24 Sep 2014 11:15:01 -0400 [thread overview]
Message-ID: <20140924151501.GA3365@fieldses.org> (raw)
In-Reply-To: <5422DE24.9050608@RedHat.com>
On Wed, Sep 24, 2014 at 11:07:16AM -0400, Steve Dickson wrote:
> On 09/23/2014 05:15 PM, Steve Dickson wrote:
> >
> > On 09/23/2014 04:25 PM, J. Bruce Fields wrote:
> >>> I through this into my test world
> >> Thanks!
> >>
> >>>> and one side effect of this patch
> >>>> is both rpc.gssd and rpc.svcgssd daemons are *always* started when
> >>>> a key tab exists (/etc/krb5.keytab) and *all* the services (nfs-client,
> >>>> nfs-server, rpc-gssd, and rpc-svcgssd) are disabled, which is not
> >>>> good... Those daemons don't need to be started when both sides
> >>>> are disabled... But the auth_rpcgss is loaded! ;-)
> >> Weird. I can't see how this patch on its own would have any effect on
> >> that.
> It turns out I must have had the nfs-client.target enabled...
>
> I just realize 'systemctl disable nfs-client' does not fail,
> but it does not do anything either. :-( I would think
> it should fail with some type of "unit not found", but it
> does not...
>
> 'systemctl disable nfs-client.target' was the command I
> wanted to disable the client, so your patch works...
>
> Question, Why is rpc.svcgssd/gssproxy when only the
> nfs-client is enabled??
It handles NFSv4.0/krb5 callbacks.
(It's not needed for NFSv4.1+, and even in the 4.0 case the only
consequence is that you'll lose delegations on krb5 mounts. So maybe
we'll be able to remove that dependency, one of these decades....)
--b.
next prev parent reply other threads:[~2014-09-24 15:15 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-09-22 19:20 [PATCH 0/2] Use the gssproxy damon for GSSAPI credentials (v3) Steve Dickson
2014-09-22 19:20 ` [PATCH 1/2] nfs-service: Added the starting of gssproxy Steve Dickson
2014-09-22 19:26 ` Simo Sorce
2014-09-22 19:43 ` Steve Dickson
2014-09-22 20:44 ` J. Bruce Fields
2014-09-22 21:14 ` Steve Dickson
2014-09-22 21:32 ` Simo Sorce
2014-09-22 22:57 ` Steve Dickson
2014-09-23 0:19 ` Simo Sorce
2014-09-23 1:19 ` Steve Dickson
2014-09-23 12:52 ` Simo Sorce
2014-09-23 14:58 ` Steve Dickson
2014-09-23 15:08 ` Simo Sorce
2014-09-23 19:29 ` J. Bruce Fields
2014-09-23 19:40 ` Simo Sorce
2014-09-23 19:51 ` J. Bruce Fields
2014-09-22 22:34 ` J. Bruce Fields
2014-09-22 23:58 ` Steve Dickson
2014-09-23 0:26 ` Simo Sorce
2014-09-23 1:55 ` J. Bruce Fields
2014-09-23 2:08 ` NeilBrown
2014-09-23 2:11 ` J. Bruce Fields
2014-09-23 19:23 ` J. Bruce Fields
2014-09-23 20:17 ` Steve Dickson
2014-09-23 20:25 ` J. Bruce Fields
2014-09-23 21:15 ` Steve Dickson
2014-09-24 15:07 ` Steve Dickson
2014-09-24 15:15 ` J. Bruce Fields [this message]
2014-09-24 15:23 ` J. Bruce Fields
2014-09-24 15:30 ` Steve Dickson
2014-09-23 12:48 ` Simo Sorce
2014-09-23 15:20 ` J. Bruce Fields
2014-09-23 16:00 ` Simo Sorce
2014-09-23 16:12 ` J. Bruce Fields
2014-09-23 16:57 ` Simo Sorce
2014-09-23 12:46 ` Simo Sorce
2014-09-23 15:06 ` Steve Dickson
2014-09-23 15:16 ` J. Bruce Fields
2014-09-23 15:52 ` Steve Dickson
2014-09-23 16:05 ` J. Bruce Fields
2014-09-23 2:01 ` NeilBrown
2014-09-22 19:40 ` J. Bruce Fields
2014-09-22 19:46 ` Simo Sorce
2014-09-22 19:53 ` Steve Dickson
2014-09-22 20:00 ` Simo Sorce
2014-09-22 20:02 ` Steve Dickson
2014-09-23 1:42 ` NeilBrown
2014-09-23 2:09 ` J. Bruce Fields
2014-09-23 2:55 ` NeilBrown
2014-09-23 12:45 ` Simo Sorce
2014-09-22 19:20 ` [PATCH 2/2] rpc.svcgssd: the build of rpc.svcgssd is off by default Steve Dickson
2014-09-22 19:43 ` J. Bruce Fields
2014-09-22 19:50 ` Steve Dickson
2014-09-22 20:21 ` J. Bruce Fields
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140924151501.GA3365@fieldses.org \
--to=bfields@fieldses.org \
--cc=SteveD@redhat.com \
--cc=linux-nfs@vger.kernel.org \
--cc=neilb@suse.de \
--cc=simo@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.