* [PATCH 0/2] Use the gssproxy damon for GSSAPI credentials (v4) @ 2014-09-23 16:21 Steve Dickson 2014-09-23 16:21 ` [PATCH 1/2] rpc.svcgssd: Add a configure switch to disable building the daemon Steve Dickson 2014-09-23 16:21 ` [PATCH 2/2] nfs-service: Added gssproxy support Steve Dickson 0 siblings, 2 replies; 6+ messages in thread From: Steve Dickson @ 2014-09-23 16:21 UTC (permalink / raw) To: Linux NFS Mailing list When gssproxy(8) daemon is installed, that daemon will be used to manage the GSSAPI credentials on the server. The nfs-server unit will start gssproxy when it exists otherwise rpc.svcgssd will be started as usual. Also, a configure switch was added to disable the building of rpc.svcgssd. Steve Dickson (2): rpc.svcgssd: Add a configure switch to disable building the daemon nfs-service: Added gssproxy support configure.ac | 23 +++++++++++++++++++---- systemd/nfs-server.service | 5 +++-- utils/gssd/Makefile.am | 11 +++++++++-- 3 files changed, 31 insertions(+), 8 deletions(-) -- 1.9.3 ^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH 1/2] rpc.svcgssd: Add a configure switch to disable building the daemon 2014-09-23 16:21 [PATCH 0/2] Use the gssproxy damon for GSSAPI credentials (v4) Steve Dickson @ 2014-09-23 16:21 ` Steve Dickson 2014-11-05 2:56 ` NeilBrown 2014-09-23 16:21 ` [PATCH 2/2] nfs-service: Added gssproxy support Steve Dickson 1 sibling, 1 reply; 6+ messages in thread From: Steve Dickson @ 2014-09-23 16:21 UTC (permalink / raw) To: Linux NFS Mailing list Now that gssproxy is supported on modern kernels, the svcgssd is no longer needed. This switch disables the building of the daemon. Signed-off-by: Steve Dickson <steved@redhat.com> --- configure.ac | 23 +++++++++++++++++++---- utils/gssd/Makefile.am | 11 +++++++++-- 2 files changed, 28 insertions(+), 6 deletions(-) diff --git a/configure.ac b/configure.ac index bc48373..b63d821 100644 --- a/configure.ac +++ b/configure.ac @@ -90,21 +90,36 @@ AC_ARG_ENABLE(nfsv41, AC_ARG_ENABLE(gss, [AC_HELP_STRING([--enable-gss], - [enable support for rpcsec_gss @<:@default=yes@:>@])], + [enable client support for rpcsec_gss @<:@default=yes@:>@])], enable_gss=$enableval, enable_gss=yes) if test "$enable_gss" = yes; then GSSD=gssd - SVCGSSD=svcgssd else enable_gss= GSSD= - SVCGSSD= fi AC_SUBST(GSSD) - AC_SUBST(SVCGSSD) AC_SUBST(enable_gss) AM_CONDITIONAL(CONFIG_GSS, [test "$enable_gss" = "yes"]) + +AC_ARG_ENABLE(svcgss, + [AC_HELP_STRING([--enable-svcgss], + [dissable building svcgssd for rpcsec_gss server support @<:@default=yes@:>@])], + enable_svcgss=$enableval, + enable_svcgss=yes) + if test "$enable_gss" = yes; then + if "enable_svcgss" = yes; then + SVCGSSD=svcgssd + fi + else + enable_svcgss= + SVCGSSD= + fi + AC_SUBST(SVCGSSD) + AC_SUBST(enable_svcgss) + AM_CONDITIONAL(CONFIG_SVCGSS, [test "$enable_svcgss" = "yes"]) + AC_ARG_ENABLE(kprefix, [AC_HELP_STRING([--enable-kprefix], [install progs as rpc.knfsd etc])], test "$enableval" = "yes" && kprefix=k, diff --git a/utils/gssd/Makefile.am b/utils/gssd/Makefile.am index af59791..9835117 100644 --- a/utils/gssd/Makefile.am +++ b/utils/gssd/Makefile.am @@ -1,10 +1,17 @@ ## Process this file with automake to produce Makefile.in -man8_MANS = gssd.man svcgssd.man +man8_MANS = gssd.man +if CONFIG_SVCGSS +man8_MANS += svcgssd.man +endif RPCPREFIX = rpc. KPREFIX = @kprefix@ -sbin_PREFIXED = gssd svcgssd +sbin_PREFIXED = gssd +if CONFIG_SVCGSS +sbin_PREFIXED += svcgssd +endif + sbin_PROGRAMS = $(sbin_PREFIXED) EXTRA_DIST = \ -- 1.9.3 ^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH 1/2] rpc.svcgssd: Add a configure switch to disable building the daemon 2014-09-23 16:21 ` [PATCH 1/2] rpc.svcgssd: Add a configure switch to disable building the daemon Steve Dickson @ 2014-11-05 2:56 ` NeilBrown 2014-11-05 16:17 ` Steve Dickson 0 siblings, 1 reply; 6+ messages in thread From: NeilBrown @ 2014-11-05 2:56 UTC (permalink / raw) To: Steve Dickson; +Cc: Linux NFS Mailing list [-- Attachment #1: Type: text/plain, Size: 2920 bytes --] On Tue, 23 Sep 2014 12:21:40 -0400 Steve Dickson <steved@redhat.com> wrote: > Now that gssproxy is supported on modern kernels, > the svcgssd is no longer needed. This switch > disables the building of the daemon. > > Signed-off-by: Steve Dickson <steved@redhat.com> > --- > configure.ac | 23 +++++++++++++++++++---- > utils/gssd/Makefile.am | 11 +++++++++-- > 2 files changed, 28 insertions(+), 6 deletions(-) > > diff --git a/configure.ac b/configure.ac > index bc48373..b63d821 100644 > --- a/configure.ac > +++ b/configure.ac > @@ -90,21 +90,36 @@ AC_ARG_ENABLE(nfsv41, > > AC_ARG_ENABLE(gss, > [AC_HELP_STRING([--enable-gss], > - [enable support for rpcsec_gss @<:@default=yes@:>@])], > + [enable client support for rpcsec_gss @<:@default=yes@:>@])], > enable_gss=$enableval, > enable_gss=yes) > if test "$enable_gss" = yes; then > GSSD=gssd > - SVCGSSD=svcgssd > else > enable_gss= > GSSD= > - SVCGSSD= > fi > AC_SUBST(GSSD) > - AC_SUBST(SVCGSSD) > AC_SUBST(enable_gss) > AM_CONDITIONAL(CONFIG_GSS, [test "$enable_gss" = "yes"]) > + > +AC_ARG_ENABLE(svcgss, > + [AC_HELP_STRING([--enable-svcgss], > + [dissable building svcgssd for rpcsec_gss server support @<:@default=yes@:>@])], > + enable_svcgss=$enableval, > + enable_svcgss=yes) > + if test "$enable_gss" = yes; then > + if "enable_svcgss" = yes; then > + SVCGSSD=svcgssd > + fi Hi Steve, I just noticed that this causes an error when I try "./configure". It tries to run a program called "enable_svcgss" with args "=" and "yes", but this fails.... A simple fix would leave the code doing nothing if enable_gss = yes, but enable_svcgss = no. Is that what you want? Should it be: if test "$enable_gss" = yes -a "$enable_svcgss" = yes; then SVCGSSD=svcgssd > + else > + enable_svcgss= > + SVCGSSD= > + fi ?? Would you like a patch, or will you just fix it up? Thanks, NeilBrown > + AC_SUBST(SVCGSSD) > + AC_SUBST(enable_svcgss) > + AM_CONDITIONAL(CONFIG_SVCGSS, [test "$enable_svcgss" = "yes"]) > + > AC_ARG_ENABLE(kprefix, > [AC_HELP_STRING([--enable-kprefix], [install progs as rpc.knfsd etc])], > test "$enableval" = "yes" && kprefix=k, > diff --git a/utils/gssd/Makefile.am b/utils/gssd/Makefile.am > index af59791..9835117 100644 > --- a/utils/gssd/Makefile.am > +++ b/utils/gssd/Makefile.am > @@ -1,10 +1,17 @@ > ## Process this file with automake to produce Makefile.in > > -man8_MANS = gssd.man svcgssd.man > +man8_MANS = gssd.man > +if CONFIG_SVCGSS > +man8_MANS += svcgssd.man > +endif > > RPCPREFIX = rpc. > KPREFIX = @kprefix@ > -sbin_PREFIXED = gssd svcgssd > +sbin_PREFIXED = gssd > +if CONFIG_SVCGSS > +sbin_PREFIXED += svcgssd > +endif > + > sbin_PROGRAMS = $(sbin_PREFIXED) > > EXTRA_DIST = \ [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 811 bytes --] ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 1/2] rpc.svcgssd: Add a configure switch to disable building the daemon 2014-11-05 2:56 ` NeilBrown @ 2014-11-05 16:17 ` Steve Dickson 2014-11-05 19:45 ` NeilBrown 0 siblings, 1 reply; 6+ messages in thread From: Steve Dickson @ 2014-11-05 16:17 UTC (permalink / raw) To: NeilBrown; +Cc: Linux NFS Mailing list On 11/04/2014 09:56 PM, NeilBrown wrote: > Hi Steve, > I just noticed that this causes an error when I try "./configure". > It tries to run a program called "enable_svcgss" with args "=" and "yes", > but this fails.... > > A simple fix would leave the code doing nothing if enable_gss = yes, but > enable_svcgss = no. Is that what you want? No... > > Should it be: > > if test "$enable_gss" = yes -a "$enable_svcgss" = yes; then > SVCGSSD=svcgssd >> > + else >> > + enable_svcgss= >> > + SVCGSSD= >> > + fi > ?? > > Would you like a patch, or will you just fix it up? I got it... thanks! commit e186d734cb3d7c53ef8038b2f62e5b1825d9fa26 Author: Steve Dickson <steved@redhat.com> Date: Wed Nov 5 11:12:03 2014 -0500 configure: Fixed logic around $enable_gss and $enable_svcgss Signed-off-by: Steve Dickson <steved@redhat.com> diff --git a/configure.ac b/configure.ac index 59fd14d..377ba2e 100644 --- a/configure.ac +++ b/configure.ac @@ -108,10 +108,8 @@ AC_ARG_ENABLE(svcgss, [enable building svcgssd for rpcsec_gss server support @<:@default=yes@:>@])], enable_svcgss=$enableval, enable_svcgss=yes) - if test "$enable_gss" = yes; then - if "enable_svcgss" = yes; then - SVCGSSD=svcgssd - fi + if test "$enable_gss" = yes -a "enable_svcgss" = yes; then + SVCGSSD=svcgssd else enable_svcgss= SVCGSSD= steved. ^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH 1/2] rpc.svcgssd: Add a configure switch to disable building the daemon 2014-11-05 16:17 ` Steve Dickson @ 2014-11-05 19:45 ` NeilBrown 0 siblings, 0 replies; 6+ messages in thread From: NeilBrown @ 2014-11-05 19:45 UTC (permalink / raw) To: Steve Dickson; +Cc: Linux NFS Mailing list [-- Attachment #1: Type: text/plain, Size: 2067 bytes --] On Wed, 05 Nov 2014 11:17:18 -0500 Steve Dickson <SteveD@redhat.com> wrote: > > > On 11/04/2014 09:56 PM, NeilBrown wrote: > > Hi Steve, > > I just noticed that this causes an error when I try "./configure". > > It tries to run a program called "enable_svcgss" with args "=" and "yes", > > but this fails.... > > > > A simple fix would leave the code doing nothing if enable_gss = yes, but > > enable_svcgss = no. Is that what you want? > No... > > > > > Should it be: > > > > if test "$enable_gss" = yes -a "$enable_svcgss" = yes; then > > SVCGSSD=svcgssd > >> > + else > >> > + enable_svcgss= > >> > + SVCGSSD= > >> > + fi > > ?? > > > > Would you like a patch, or will you just fix it up? > I got it... thanks! > > commit e186d734cb3d7c53ef8038b2f62e5b1825d9fa26 > Author: Steve Dickson <steved@redhat.com> > Date: Wed Nov 5 11:12:03 2014 -0500 > > configure: Fixed logic around $enable_gss and $enable_svcgss > > Signed-off-by: Steve Dickson <steved@redhat.com> > > diff --git a/configure.ac b/configure.ac > index 59fd14d..377ba2e 100644 > --- a/configure.ac > +++ b/configure.ac > @@ -108,10 +108,8 @@ AC_ARG_ENABLE(svcgss, > [enable building svcgssd for rpcsec_gss server support @<:@default=yes@:>@])], > enable_svcgss=$enableval, > enable_svcgss=yes) > - if test "$enable_gss" = yes; then > - if "enable_svcgss" = yes; then > - SVCGSSD=svcgssd > - fi > + if test "$enable_gss" = yes -a "enable_svcgss" = yes; then $ > + SVCGSSD=svcgssd > else > enable_svcgss= > SVCGSSD= Apart from the missing '$', looks good to me - thanks. NeilBrown > > > steved. > -- > To unsubscribe from this list: send the line "unsubscribe linux-nfs" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 811 bytes --] ^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH 2/2] nfs-service: Added gssproxy support 2014-09-23 16:21 [PATCH 0/2] Use the gssproxy damon for GSSAPI credentials (v4) Steve Dickson 2014-09-23 16:21 ` [PATCH 1/2] rpc.svcgssd: Add a configure switch to disable building the daemon Steve Dickson @ 2014-09-23 16:21 ` Steve Dickson 1 sibling, 0 replies; 6+ messages in thread From: Steve Dickson @ 2014-09-23 16:21 UTC (permalink / raw) To: Linux NFS Mailing list When kernel have gssproxy support the the gssproxy daemon should be used to manage the GSSAPI creds. So this patch adds "calls" to the gssproxy daemon from the NFS server systemd unit file. When gssproxy is installed, gssproxy will be start and rpc.svcgssd will not be. When gssproxy is not installed the rpc.svcgssd daemon will be started. Note, there are already existing hooks in the rpc-svcgssd service file that will ensure the gssproxy will be started before rpc.svcgssd which allows the script not to start rpc.svcsdd when gssproxy is installed and running. Signed-off-by: Steve Dickson <steved@redhat.com> --- systemd/nfs-server.service | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/systemd/nfs-server.service b/systemd/nfs-server.service index 2fa7387..c740fa2 100644 --- a/systemd/nfs-server.service +++ b/systemd/nfs-server.service @@ -2,12 +2,13 @@ Description=NFS server and services Requires= network.target proc-fs-nfsd.mount rpcbind.target Requires= nfs-mountd.service -Wants=rpc-statd.service nfs-idmapd.service rpc-gssd.service rpc-svcgssd.service +Wants=rpc-statd.service nfs-idmapd.service +Wants=rpc-gssd.service gssproxy.service rpc-svcgssd.service Wants=rpc-statd-notify.service After= network.target proc-fs-nfsd.mount rpcbind.target nfs-mountd.service After= nfs-idmapd.service rpc-statd.service -After= rpc-gssd.service rpc-svcgssd.service +After= rpc-gssd.service gssproxy.service rpc-svcgssd.service Before= rpc-statd-notify.service Wants=nfs-config.service -- 1.9.3 ^ permalink raw reply related [flat|nested] 6+ messages in thread
end of thread, other threads:[~2014-11-05 19:45 UTC | newest] Thread overview: 6+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2014-09-23 16:21 [PATCH 0/2] Use the gssproxy damon for GSSAPI credentials (v4) Steve Dickson 2014-09-23 16:21 ` [PATCH 1/2] rpc.svcgssd: Add a configure switch to disable building the daemon Steve Dickson 2014-11-05 2:56 ` NeilBrown 2014-11-05 16:17 ` Steve Dickson 2014-11-05 19:45 ` NeilBrown 2014-09-23 16:21 ` [PATCH 2/2] nfs-service: Added gssproxy support Steve Dickson
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox