* [PATCH 0/2] Use the gssproxy damon for GSSAPI credentials (v4)
@ 2014-09-23 16:21 Steve Dickson
2014-09-23 16:21 ` [PATCH 1/2] rpc.svcgssd: Add a configure switch to disable building the daemon Steve Dickson
2014-09-23 16:21 ` [PATCH 2/2] nfs-service: Added gssproxy support Steve Dickson
0 siblings, 2 replies; 6+ messages in thread
From: Steve Dickson @ 2014-09-23 16:21 UTC (permalink / raw)
To: Linux NFS Mailing list
When gssproxy(8) daemon is installed, that daemon will be used
to manage the GSSAPI credentials on the server.
The nfs-server unit will start gssproxy when it exists
otherwise rpc.svcgssd will be started as usual.
Also, a configure switch was added to disable the building
of rpc.svcgssd.
Steve Dickson (2):
rpc.svcgssd: Add a configure switch to disable building the daemon
nfs-service: Added gssproxy support
configure.ac | 23 +++++++++++++++++++----
systemd/nfs-server.service | 5 +++--
utils/gssd/Makefile.am | 11 +++++++++--
3 files changed, 31 insertions(+), 8 deletions(-)
--
1.9.3
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH 1/2] rpc.svcgssd: Add a configure switch to disable building the daemon
2014-09-23 16:21 [PATCH 0/2] Use the gssproxy damon for GSSAPI credentials (v4) Steve Dickson
@ 2014-09-23 16:21 ` Steve Dickson
2014-11-05 2:56 ` NeilBrown
2014-09-23 16:21 ` [PATCH 2/2] nfs-service: Added gssproxy support Steve Dickson
1 sibling, 1 reply; 6+ messages in thread
From: Steve Dickson @ 2014-09-23 16:21 UTC (permalink / raw)
To: Linux NFS Mailing list
Now that gssproxy is supported on modern kernels,
the svcgssd is no longer needed. This switch
disables the building of the daemon.
Signed-off-by: Steve Dickson <steved@redhat.com>
---
configure.ac | 23 +++++++++++++++++++----
utils/gssd/Makefile.am | 11 +++++++++--
2 files changed, 28 insertions(+), 6 deletions(-)
diff --git a/configure.ac b/configure.ac
index bc48373..b63d821 100644
--- a/configure.ac
+++ b/configure.ac
@@ -90,21 +90,36 @@ AC_ARG_ENABLE(nfsv41,
AC_ARG_ENABLE(gss,
[AC_HELP_STRING([--enable-gss],
- [enable support for rpcsec_gss @<:@default=yes@:>@])],
+ [enable client support for rpcsec_gss @<:@default=yes@:>@])],
enable_gss=$enableval,
enable_gss=yes)
if test "$enable_gss" = yes; then
GSSD=gssd
- SVCGSSD=svcgssd
else
enable_gss=
GSSD=
- SVCGSSD=
fi
AC_SUBST(GSSD)
- AC_SUBST(SVCGSSD)
AC_SUBST(enable_gss)
AM_CONDITIONAL(CONFIG_GSS, [test "$enable_gss" = "yes"])
+
+AC_ARG_ENABLE(svcgss,
+ [AC_HELP_STRING([--enable-svcgss],
+ [dissable building svcgssd for rpcsec_gss server support @<:@default=yes@:>@])],
+ enable_svcgss=$enableval,
+ enable_svcgss=yes)
+ if test "$enable_gss" = yes; then
+ if "enable_svcgss" = yes; then
+ SVCGSSD=svcgssd
+ fi
+ else
+ enable_svcgss=
+ SVCGSSD=
+ fi
+ AC_SUBST(SVCGSSD)
+ AC_SUBST(enable_svcgss)
+ AM_CONDITIONAL(CONFIG_SVCGSS, [test "$enable_svcgss" = "yes"])
+
AC_ARG_ENABLE(kprefix,
[AC_HELP_STRING([--enable-kprefix], [install progs as rpc.knfsd etc])],
test "$enableval" = "yes" && kprefix=k,
diff --git a/utils/gssd/Makefile.am b/utils/gssd/Makefile.am
index af59791..9835117 100644
--- a/utils/gssd/Makefile.am
+++ b/utils/gssd/Makefile.am
@@ -1,10 +1,17 @@
## Process this file with automake to produce Makefile.in
-man8_MANS = gssd.man svcgssd.man
+man8_MANS = gssd.man
+if CONFIG_SVCGSS
+man8_MANS += svcgssd.man
+endif
RPCPREFIX = rpc.
KPREFIX = @kprefix@
-sbin_PREFIXED = gssd svcgssd
+sbin_PREFIXED = gssd
+if CONFIG_SVCGSS
+sbin_PREFIXED += svcgssd
+endif
+
sbin_PROGRAMS = $(sbin_PREFIXED)
EXTRA_DIST = \
--
1.9.3
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH 2/2] nfs-service: Added gssproxy support
2014-09-23 16:21 [PATCH 0/2] Use the gssproxy damon for GSSAPI credentials (v4) Steve Dickson
2014-09-23 16:21 ` [PATCH 1/2] rpc.svcgssd: Add a configure switch to disable building the daemon Steve Dickson
@ 2014-09-23 16:21 ` Steve Dickson
1 sibling, 0 replies; 6+ messages in thread
From: Steve Dickson @ 2014-09-23 16:21 UTC (permalink / raw)
To: Linux NFS Mailing list
When kernel have gssproxy support the the gssproxy
daemon should be used to manage the GSSAPI creds.
So this patch adds "calls" to the gssproxy daemon
from the NFS server systemd unit file.
When gssproxy is installed, gssproxy will be start
and rpc.svcgssd will not be. When gssproxy is not
installed the rpc.svcgssd daemon will be started.
Note, there are already existing hooks in the
rpc-svcgssd service file that will ensure the
gssproxy will be started before rpc.svcgssd
which allows the script not to start rpc.svcsdd
when gssproxy is installed and running.
Signed-off-by: Steve Dickson <steved@redhat.com>
---
systemd/nfs-server.service | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/systemd/nfs-server.service b/systemd/nfs-server.service
index 2fa7387..c740fa2 100644
--- a/systemd/nfs-server.service
+++ b/systemd/nfs-server.service
@@ -2,12 +2,13 @@
Description=NFS server and services
Requires= network.target proc-fs-nfsd.mount rpcbind.target
Requires= nfs-mountd.service
-Wants=rpc-statd.service nfs-idmapd.service rpc-gssd.service rpc-svcgssd.service
+Wants=rpc-statd.service nfs-idmapd.service
+Wants=rpc-gssd.service gssproxy.service rpc-svcgssd.service
Wants=rpc-statd-notify.service
After= network.target proc-fs-nfsd.mount rpcbind.target nfs-mountd.service
After= nfs-idmapd.service rpc-statd.service
-After= rpc-gssd.service rpc-svcgssd.service
+After= rpc-gssd.service gssproxy.service rpc-svcgssd.service
Before= rpc-statd-notify.service
Wants=nfs-config.service
--
1.9.3
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH 1/2] rpc.svcgssd: Add a configure switch to disable building the daemon
2014-09-23 16:21 ` [PATCH 1/2] rpc.svcgssd: Add a configure switch to disable building the daemon Steve Dickson
@ 2014-11-05 2:56 ` NeilBrown
2014-11-05 16:17 ` Steve Dickson
0 siblings, 1 reply; 6+ messages in thread
From: NeilBrown @ 2014-11-05 2:56 UTC (permalink / raw)
To: Steve Dickson; +Cc: Linux NFS Mailing list
[-- Attachment #1: Type: text/plain, Size: 2920 bytes --]
On Tue, 23 Sep 2014 12:21:40 -0400 Steve Dickson <steved@redhat.com> wrote:
> Now that gssproxy is supported on modern kernels,
> the svcgssd is no longer needed. This switch
> disables the building of the daemon.
>
> Signed-off-by: Steve Dickson <steved@redhat.com>
> ---
> configure.ac | 23 +++++++++++++++++++----
> utils/gssd/Makefile.am | 11 +++++++++--
> 2 files changed, 28 insertions(+), 6 deletions(-)
>
> diff --git a/configure.ac b/configure.ac
> index bc48373..b63d821 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -90,21 +90,36 @@ AC_ARG_ENABLE(nfsv41,
>
> AC_ARG_ENABLE(gss,
> [AC_HELP_STRING([--enable-gss],
> - [enable support for rpcsec_gss @<:@default=yes@:>@])],
> + [enable client support for rpcsec_gss @<:@default=yes@:>@])],
> enable_gss=$enableval,
> enable_gss=yes)
> if test "$enable_gss" = yes; then
> GSSD=gssd
> - SVCGSSD=svcgssd
> else
> enable_gss=
> GSSD=
> - SVCGSSD=
> fi
> AC_SUBST(GSSD)
> - AC_SUBST(SVCGSSD)
> AC_SUBST(enable_gss)
> AM_CONDITIONAL(CONFIG_GSS, [test "$enable_gss" = "yes"])
> +
> +AC_ARG_ENABLE(svcgss,
> + [AC_HELP_STRING([--enable-svcgss],
> + [dissable building svcgssd for rpcsec_gss server support @<:@default=yes@:>@])],
> + enable_svcgss=$enableval,
> + enable_svcgss=yes)
> + if test "$enable_gss" = yes; then
> + if "enable_svcgss" = yes; then
> + SVCGSSD=svcgssd
> + fi
Hi Steve,
I just noticed that this causes an error when I try "./configure".
It tries to run a program called "enable_svcgss" with args "=" and "yes",
but this fails....
A simple fix would leave the code doing nothing if enable_gss = yes, but
enable_svcgss = no. Is that what you want?
Should it be:
if test "$enable_gss" = yes -a "$enable_svcgss" = yes; then
SVCGSSD=svcgssd
> + else
> + enable_svcgss=
> + SVCGSSD=
> + fi
??
Would you like a patch, or will you just fix it up?
Thanks,
NeilBrown
> + AC_SUBST(SVCGSSD)
> + AC_SUBST(enable_svcgss)
> + AM_CONDITIONAL(CONFIG_SVCGSS, [test "$enable_svcgss" = "yes"])
> +
> AC_ARG_ENABLE(kprefix,
> [AC_HELP_STRING([--enable-kprefix], [install progs as rpc.knfsd etc])],
> test "$enableval" = "yes" && kprefix=k,
> diff --git a/utils/gssd/Makefile.am b/utils/gssd/Makefile.am
> index af59791..9835117 100644
> --- a/utils/gssd/Makefile.am
> +++ b/utils/gssd/Makefile.am
> @@ -1,10 +1,17 @@
> ## Process this file with automake to produce Makefile.in
>
> -man8_MANS = gssd.man svcgssd.man
> +man8_MANS = gssd.man
> +if CONFIG_SVCGSS
> +man8_MANS += svcgssd.man
> +endif
>
> RPCPREFIX = rpc.
> KPREFIX = @kprefix@
> -sbin_PREFIXED = gssd svcgssd
> +sbin_PREFIXED = gssd
> +if CONFIG_SVCGSS
> +sbin_PREFIXED += svcgssd
> +endif
> +
> sbin_PROGRAMS = $(sbin_PREFIXED)
>
> EXTRA_DIST = \
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 811 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 1/2] rpc.svcgssd: Add a configure switch to disable building the daemon
2014-11-05 2:56 ` NeilBrown
@ 2014-11-05 16:17 ` Steve Dickson
2014-11-05 19:45 ` NeilBrown
0 siblings, 1 reply; 6+ messages in thread
From: Steve Dickson @ 2014-11-05 16:17 UTC (permalink / raw)
To: NeilBrown; +Cc: Linux NFS Mailing list
On 11/04/2014 09:56 PM, NeilBrown wrote:
> Hi Steve,
> I just noticed that this causes an error when I try "./configure".
> It tries to run a program called "enable_svcgss" with args "=" and "yes",
> but this fails....
>
> A simple fix would leave the code doing nothing if enable_gss = yes, but
> enable_svcgss = no. Is that what you want?
No...
>
> Should it be:
>
> if test "$enable_gss" = yes -a "$enable_svcgss" = yes; then
> SVCGSSD=svcgssd
>> > + else
>> > + enable_svcgss=
>> > + SVCGSSD=
>> > + fi
> ??
>
> Would you like a patch, or will you just fix it up?
I got it... thanks!
commit e186d734cb3d7c53ef8038b2f62e5b1825d9fa26
Author: Steve Dickson <steved@redhat.com>
Date: Wed Nov 5 11:12:03 2014 -0500
configure: Fixed logic around $enable_gss and $enable_svcgss
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/configure.ac b/configure.ac
index 59fd14d..377ba2e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -108,10 +108,8 @@ AC_ARG_ENABLE(svcgss,
[enable building svcgssd for rpcsec_gss server support @<:@default=yes@:>@])],
enable_svcgss=$enableval,
enable_svcgss=yes)
- if test "$enable_gss" = yes; then
- if "enable_svcgss" = yes; then
- SVCGSSD=svcgssd
- fi
+ if test "$enable_gss" = yes -a "enable_svcgss" = yes; then
+ SVCGSSD=svcgssd
else
enable_svcgss=
SVCGSSD=
steved.
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH 1/2] rpc.svcgssd: Add a configure switch to disable building the daemon
2014-11-05 16:17 ` Steve Dickson
@ 2014-11-05 19:45 ` NeilBrown
0 siblings, 0 replies; 6+ messages in thread
From: NeilBrown @ 2014-11-05 19:45 UTC (permalink / raw)
To: Steve Dickson; +Cc: Linux NFS Mailing list
[-- Attachment #1: Type: text/plain, Size: 2067 bytes --]
On Wed, 05 Nov 2014 11:17:18 -0500 Steve Dickson <SteveD@redhat.com> wrote:
>
>
> On 11/04/2014 09:56 PM, NeilBrown wrote:
> > Hi Steve,
> > I just noticed that this causes an error when I try "./configure".
> > It tries to run a program called "enable_svcgss" with args "=" and "yes",
> > but this fails....
> >
> > A simple fix would leave the code doing nothing if enable_gss = yes, but
> > enable_svcgss = no. Is that what you want?
> No...
>
> >
> > Should it be:
> >
> > if test "$enable_gss" = yes -a "$enable_svcgss" = yes; then
> > SVCGSSD=svcgssd
> >> > + else
> >> > + enable_svcgss=
> >> > + SVCGSSD=
> >> > + fi
> > ??
> >
> > Would you like a patch, or will you just fix it up?
> I got it... thanks!
>
> commit e186d734cb3d7c53ef8038b2f62e5b1825d9fa26
> Author: Steve Dickson <steved@redhat.com>
> Date: Wed Nov 5 11:12:03 2014 -0500
>
> configure: Fixed logic around $enable_gss and $enable_svcgss
>
> Signed-off-by: Steve Dickson <steved@redhat.com>
>
> diff --git a/configure.ac b/configure.ac
> index 59fd14d..377ba2e 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -108,10 +108,8 @@ AC_ARG_ENABLE(svcgss,
> [enable building svcgssd for rpcsec_gss server support @<:@default=yes@:>@])],
> enable_svcgss=$enableval,
> enable_svcgss=yes)
> - if test "$enable_gss" = yes; then
> - if "enable_svcgss" = yes; then
> - SVCGSSD=svcgssd
> - fi
> + if test "$enable_gss" = yes -a "enable_svcgss" = yes; then
$
> + SVCGSSD=svcgssd
> else
> enable_svcgss=
> SVCGSSD=
Apart from the missing '$', looks good to me - thanks.
NeilBrown
>
>
> steved.
> --
> To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 811 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2014-11-05 19:45 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-09-23 16:21 [PATCH 0/2] Use the gssproxy damon for GSSAPI credentials (v4) Steve Dickson
2014-09-23 16:21 ` [PATCH 1/2] rpc.svcgssd: Add a configure switch to disable building the daemon Steve Dickson
2014-11-05 2:56 ` NeilBrown
2014-11-05 16:17 ` Steve Dickson
2014-11-05 19:45 ` NeilBrown
2014-09-23 16:21 ` [PATCH 2/2] nfs-service: Added gssproxy support Steve Dickson
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox