* [PATCH 0/2] Use the gssproxy damon for GSSAPI credentials
@ 2014-09-19 12:51 Steve Dickson
2014-09-19 12:51 ` [PATCH 1/2] nfs-server: Replace rpc.svcgssd with gssproxy Steve Dickson
` (2 more replies)
0 siblings, 3 replies; 9+ messages in thread
From: Steve Dickson @ 2014-09-19 12:51 UTC (permalink / raw)
To: Linux NFS Mailing list; +Cc: Simo Sorce
The gssproxy(8) daemon is now how the managing of GSSAPI
credentials should be done.
These to patches has the nfs-server systemd script start
gssproxy instead of rpc.svcgssd and removes the building
and installation of rpc.svcgssd.
For now I'm leaving the source files... Just in case... ;-)
Steve Dickson (2):
nfs-server: Replace rpc.svcgssd with gssproxy
svcgssd: Remove rules from the Makefile.am
systemd/nfs-server.service | 4 ++--
systemd/rpc-svcgssd.service | 19 -------------------
utils/gssd/Makefile.am | 25 ++-----------------------
3 files changed, 4 insertions(+), 44 deletions(-)
delete mode 100644 systemd/rpc-svcgssd.service
--
1.9.3
^ permalink raw reply [flat|nested] 9+ messages in thread* [PATCH 1/2] nfs-server: Replace rpc.svcgssd with gssproxy 2014-09-19 12:51 [PATCH 0/2] Use the gssproxy damon for GSSAPI credentials Steve Dickson @ 2014-09-19 12:51 ` Steve Dickson 2014-09-19 12:51 ` [PATCH 2/2] svcgssd: Remove rules from the Makefile.am Steve Dickson 2014-09-19 15:57 ` [PATCH 0/2] Use the gssproxy damon for GSSAPI credentials J. Bruce Fields 2 siblings, 0 replies; 9+ messages in thread From: Steve Dickson @ 2014-09-19 12:51 UTC (permalink / raw) To: Linux NFS Mailing list; +Cc: Simo Sorce Make the nfs-server depend on the gssproxy daemon running instead of svcgssd to manage GSSAPI credentials Signed-off-by: Steve Dickson <steved@redhat.com> --- systemd/nfs-server.service | 4 ++-- systemd/rpc-svcgssd.service | 19 ------------------- 2 files changed, 2 insertions(+), 21 deletions(-) delete mode 100644 systemd/rpc-svcgssd.service diff --git a/systemd/nfs-server.service b/systemd/nfs-server.service index 2fa7387..3b04f84 100644 --- a/systemd/nfs-server.service +++ b/systemd/nfs-server.service @@ -2,12 +2,12 @@ Description=NFS server and services Requires= network.target proc-fs-nfsd.mount rpcbind.target Requires= nfs-mountd.service -Wants=rpc-statd.service nfs-idmapd.service rpc-gssd.service rpc-svcgssd.service +Wants=rpc-statd.service nfs-idmapd.service rpc-gssd.service gssproxy.service Wants=rpc-statd-notify.service After= network.target proc-fs-nfsd.mount rpcbind.target nfs-mountd.service After= nfs-idmapd.service rpc-statd.service -After= rpc-gssd.service rpc-svcgssd.service +After= rpc-gssd.service gssproxy.service Before= rpc-statd-notify.service Wants=nfs-config.service diff --git a/systemd/rpc-svcgssd.service b/systemd/rpc-svcgssd.service deleted file mode 100644 index f7424b0..0000000 --- a/systemd/rpc-svcgssd.service +++ /dev/null @@ -1,19 +0,0 @@ -[Unit] -Description=RPC security service for NFS server -Requires=var-lib-nfs-rpc_pipefs.mount -After=var-lib-nfs-rpc_pipefs.mount -PartOf=nfs-server.service -PartOf=nfs-utils.service - -After=gssproxy.service -ConditionPathExists=|!/run/gssproxy.pid -ConditionPathExists=|!/proc/net/rpc/use-gss-proxy -ConditionPathExists=/etc/krb5.keytab - -Wants=nfs-config.service -After=nfs-config.service - -[Service] -EnvironmentFile=-/run/sysconfig/nfs-utils -Type=forking -ExecStart=/usr/sbin/rpc.svcgssd $SVCGSSDARGS -- 1.9.3 ^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH 2/2] svcgssd: Remove rules from the Makefile.am 2014-09-19 12:51 [PATCH 0/2] Use the gssproxy damon for GSSAPI credentials Steve Dickson 2014-09-19 12:51 ` [PATCH 1/2] nfs-server: Replace rpc.svcgssd with gssproxy Steve Dickson @ 2014-09-19 12:51 ` Steve Dickson 2014-09-19 15:57 ` [PATCH 0/2] Use the gssproxy damon for GSSAPI credentials J. Bruce Fields 2 siblings, 0 replies; 9+ messages in thread From: Steve Dickson @ 2014-09-19 12:51 UTC (permalink / raw) To: Linux NFS Mailing list; +Cc: Simo Sorce The managing of GSSAPI credentials is now done with the gssproxy(8) daemon so svcgssd no longer needs to be build or installed. Signed-off-by: Steve Dickson <steved@redhat.com> --- utils/gssd/Makefile.am | 25 ++----------------------- 1 file changed, 2 insertions(+), 23 deletions(-) diff --git a/utils/gssd/Makefile.am b/utils/gssd/Makefile.am index af59791..716dd0b 100644 --- a/utils/gssd/Makefile.am +++ b/utils/gssd/Makefile.am @@ -1,10 +1,10 @@ ## Process this file with automake to produce Makefile.in -man8_MANS = gssd.man svcgssd.man +man8_MANS = gssd.man RPCPREFIX = rpc. KPREFIX = @kprefix@ -sbin_PREFIXED = gssd svcgssd +sbin_PREFIXED = gssd sbin_PROGRAMS = $(sbin_PREFIXED) EXTRA_DIST = \ @@ -45,27 +45,6 @@ gssd_LDFLAGS = $(KRBLDFLAGS) $(LIBTIRPC) gssd_CFLAGS = $(AM_CFLAGS) $(CFLAGS) \ $(RPCSECGSS_CFLAGS) $(KRBCFLAGS) $(GSSAPI_CFLAGS) -svcgssd_SOURCES = \ - $(COMMON_SRCS) \ - svcgssd.c \ - svcgssd_main_loop.c \ - svcgssd_mech2file.c \ - svcgssd_proc.c \ - svcgssd_krb5.c \ - \ - svcgssd_krb5.h \ - svcgssd.h - -svcgssd_LDADD = \ - ../../support/nfs/libnfs.a \ - $(RPCSECGSS_LIBS) $(LIBNFSIDMAP) \ - $(KRBLIBS) $(GSSAPI_LIBS) $(LIBTIRPC) - -svcgssd_LDFLAGS = $(KRBLDFLAGS) - -svcgssd_CFLAGS = $(AM_CFLAGS) $(CFLAGS) \ - $(RPCSECGSS_CFLAGS) $(KRBCFLAGS) $(GSSAPI_CFLAGS) - MAINTAINERCLEANFILES = Makefile.in ####################################################################### -- 1.9.3 ^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [PATCH 0/2] Use the gssproxy damon for GSSAPI credentials 2014-09-19 12:51 [PATCH 0/2] Use the gssproxy damon for GSSAPI credentials Steve Dickson 2014-09-19 12:51 ` [PATCH 1/2] nfs-server: Replace rpc.svcgssd with gssproxy Steve Dickson 2014-09-19 12:51 ` [PATCH 2/2] svcgssd: Remove rules from the Makefile.am Steve Dickson @ 2014-09-19 15:57 ` J. Bruce Fields 2014-09-19 16:31 ` Steve Dickson 2 siblings, 1 reply; 9+ messages in thread From: J. Bruce Fields @ 2014-09-19 15:57 UTC (permalink / raw) To: Steve Dickson; +Cc: Linux NFS Mailing list, Simo Sorce On Fri, Sep 19, 2014 at 08:51:41AM -0400, Steve Dickson wrote: > The gssproxy(8) daemon is now how the managing of GSSAPI > credentials should be done. > > These to patches has the nfs-server systemd script start > gssproxy instead of rpc.svcgssd and removes the building > and installation of rpc.svcgssd. > > For now I'm leaving the source files... Just in case... ;-) If nothing else, we'd like to keep support for older kernels for a while. --b. > > Steve Dickson (2): > nfs-server: Replace rpc.svcgssd with gssproxy > svcgssd: Remove rules from the Makefile.am > > systemd/nfs-server.service | 4 ++-- > systemd/rpc-svcgssd.service | 19 ------------------- > utils/gssd/Makefile.am | 25 ++----------------------- > 3 files changed, 4 insertions(+), 44 deletions(-) > delete mode 100644 systemd/rpc-svcgssd.service > > -- > 1.9.3 > > -- > To unsubscribe from this list: send the line "unsubscribe linux-nfs" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH 0/2] Use the gssproxy damon for GSSAPI credentials 2014-09-19 15:57 ` [PATCH 0/2] Use the gssproxy damon for GSSAPI credentials J. Bruce Fields @ 2014-09-19 16:31 ` Steve Dickson 2014-09-19 16:36 ` J. Bruce Fields 0 siblings, 1 reply; 9+ messages in thread From: Steve Dickson @ 2014-09-19 16:31 UTC (permalink / raw) To: J. Bruce Fields; +Cc: Linux NFS Mailing list, Simo Sorce On 09/19/2014 11:57 AM, J. Bruce Fields wrote: > On Fri, Sep 19, 2014 at 08:51:41AM -0400, Steve Dickson wrote: >> The gssproxy(8) daemon is now how the managing of GSSAPI >> credentials should be done. >> >> These to patches has the nfs-server systemd script start >> gssproxy instead of rpc.svcgssd and removes the building >> and installation of rpc.svcgssd. >> >> For now I'm leaving the source files... Just in case... ;-) > > If nothing else, we'd like to keep support for older kernels for a > while. Good point... I should probably make this a configurable... something like --enable_svcgssd and have it off by default... steved. > > --b. > >> >> Steve Dickson (2): >> nfs-server: Replace rpc.svcgssd with gssproxy >> svcgssd: Remove rules from the Makefile.am >> >> systemd/nfs-server.service | 4 ++-- >> systemd/rpc-svcgssd.service | 19 ------------------- >> utils/gssd/Makefile.am | 25 ++----------------------- >> 3 files changed, 4 insertions(+), 44 deletions(-) >> delete mode 100644 systemd/rpc-svcgssd.service >> >> -- >> 1.9.3 >> >> -- >> To unsubscribe from this list: send the line "unsubscribe linux-nfs" in >> the body of a message to majordomo@vger.kernel.org >> More majordomo info at http://vger.kernel.org/majordomo-info.html ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH 0/2] Use the gssproxy damon for GSSAPI credentials 2014-09-19 16:31 ` Steve Dickson @ 2014-09-19 16:36 ` J. Bruce Fields 2014-09-19 17:07 ` Simo Sorce 0 siblings, 1 reply; 9+ messages in thread From: J. Bruce Fields @ 2014-09-19 16:36 UTC (permalink / raw) To: Steve Dickson; +Cc: Linux NFS Mailing list, Simo Sorce On Fri, Sep 19, 2014 at 12:31:17PM -0400, Steve Dickson wrote: > > > On 09/19/2014 11:57 AM, J. Bruce Fields wrote: > > On Fri, Sep 19, 2014 at 08:51:41AM -0400, Steve Dickson wrote: > >> The gssproxy(8) daemon is now how the managing of GSSAPI > >> credentials should be done. > >> > >> These to patches has the nfs-server systemd script start > >> gssproxy instead of rpc.svcgssd and removes the building > >> and installation of rpc.svcgssd. > >> > >> For now I'm leaving the source files... Just in case... ;-) > > > > If nothing else, we'd like to keep support for older kernels for a > > while. > Good point... I should probably make this a configurable... > something like --enable_svcgssd and have it off by default... Sounds fine. --b. ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH 0/2] Use the gssproxy damon for GSSAPI credentials 2014-09-19 16:36 ` J. Bruce Fields @ 2014-09-19 17:07 ` Simo Sorce 2014-09-19 18:11 ` J. Bruce Fields 0 siblings, 1 reply; 9+ messages in thread From: Simo Sorce @ 2014-09-19 17:07 UTC (permalink / raw) To: J. Bruce Fields; +Cc: Steve Dickson, Linux NFS Mailing list On Fri, 19 Sep 2014 12:36:17 -0400 "J. Bruce Fields" <bfields@fieldses.org> wrote: > On Fri, Sep 19, 2014 at 12:31:17PM -0400, Steve Dickson wrote: > > > > > > On 09/19/2014 11:57 AM, J. Bruce Fields wrote: > > > On Fri, Sep 19, 2014 at 08:51:41AM -0400, Steve Dickson wrote: > > >> The gssproxy(8) daemon is now how the managing of GSSAPI > > >> credentials should be done. > > >> > > >> These to patches has the nfs-server systemd script start > > >> gssproxy instead of rpc.svcgssd and removes the building > > >> and installation of rpc.svcgssd. > > >> > > >> For now I'm leaving the source files... Just in case... ;-) > > > > > > If nothing else, we'd like to keep support for older kernels for a > > > while. > > Good point... I should probably make this a configurable... > > something like --enable_svcgssd and have it off by default... > > Sounds fine. +1, it will be very useful for transitions in distributions, not all of them will align identically I guess. Simo. -- Simo Sorce * Red Hat, Inc * New York ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH 0/2] Use the gssproxy damon for GSSAPI credentials 2014-09-19 17:07 ` Simo Sorce @ 2014-09-19 18:11 ` J. Bruce Fields 2014-09-19 18:15 ` Simo Sorce 0 siblings, 1 reply; 9+ messages in thread From: J. Bruce Fields @ 2014-09-19 18:11 UTC (permalink / raw) To: Simo Sorce; +Cc: Steve Dickson, Linux NFS Mailing list On Fri, Sep 19, 2014 at 01:07:52PM -0400, Simo Sorce wrote: > On Fri, 19 Sep 2014 12:36:17 -0400 > "J. Bruce Fields" <bfields@fieldses.org> wrote: > > > On Fri, Sep 19, 2014 at 12:31:17PM -0400, Steve Dickson wrote: > > > > > > > > > On 09/19/2014 11:57 AM, J. Bruce Fields wrote: > > > > On Fri, Sep 19, 2014 at 08:51:41AM -0400, Steve Dickson wrote: > > > >> The gssproxy(8) daemon is now how the managing of GSSAPI > > > >> credentials should be done. > > > >> > > > >> These to patches has the nfs-server systemd script start > > > >> gssproxy instead of rpc.svcgssd and removes the building > > > >> and installation of rpc.svcgssd. > > > >> > > > >> For now I'm leaving the source files... Just in case... ;-) > > > > > > > > If nothing else, we'd like to keep support for older kernels for a > > > > while. > > > Good point... I should probably make this a configurable... > > > something like --enable_svcgssd and have it off by default... > > > > Sounds fine. > > +1, it will be very useful for transitions in distributions, not all of > them will align identically I guess. If we wanted to be *very* nice, we could try to detect and run one or the other at run-time. It's nice for people trying to boot old kernels to track down (probably unrelated) regressions. But I think it would be too complicated. It might be simple enough for gss-proxy to log some kind of warning when it starts up on an old kernel. --b. ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH 0/2] Use the gssproxy damon for GSSAPI credentials 2014-09-19 18:11 ` J. Bruce Fields @ 2014-09-19 18:15 ` Simo Sorce 0 siblings, 0 replies; 9+ messages in thread From: Simo Sorce @ 2014-09-19 18:15 UTC (permalink / raw) To: J. Bruce Fields; +Cc: Steve Dickson, Linux NFS Mailing list On Fri, 19 Sep 2014 14:11:22 -0400 "J. Bruce Fields" <bfields@fieldses.org> wrote: > On Fri, Sep 19, 2014 at 01:07:52PM -0400, Simo Sorce wrote: > > On Fri, 19 Sep 2014 12:36:17 -0400 > > "J. Bruce Fields" <bfields@fieldses.org> wrote: > > > > > On Fri, Sep 19, 2014 at 12:31:17PM -0400, Steve Dickson wrote: > > > > > > > > > > > > On 09/19/2014 11:57 AM, J. Bruce Fields wrote: > > > > > On Fri, Sep 19, 2014 at 08:51:41AM -0400, Steve Dickson wrote: > > > > >> The gssproxy(8) daemon is now how the managing of GSSAPI > > > > >> credentials should be done. > > > > >> > > > > >> These to patches has the nfs-server systemd script start > > > > >> gssproxy instead of rpc.svcgssd and removes the building > > > > >> and installation of rpc.svcgssd. > > > > >> > > > > >> For now I'm leaving the source files... Just in case... ;-) > > > > > > > > > > If nothing else, we'd like to keep support for older kernels > > > > > for a while. > > > > Good point... I should probably make this a configurable... > > > > something like --enable_svcgssd and have it off by default... > > > > > > Sounds fine. > > > > +1, it will be very useful for transitions in distributions, not > > all of them will align identically I guess. > > If we wanted to be *very* nice, we could try to detect and run one or > the other at run-time. It's nice for people trying to boot old > kernels to track down (probably unrelated) regressions. But I think > it would be too complicated. > > It might be simple enough for gss-proxy to log some kind of warning > when it starts up on an old kernel. Excellent idea, I opened a ticket to track that: https://fedorahosted.org/gss-proxy/ticket/126 Simo. -- Simo Sorce * Red Hat, Inc * New York ^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2014-09-19 18:15 UTC | newest] Thread overview: 9+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2014-09-19 12:51 [PATCH 0/2] Use the gssproxy damon for GSSAPI credentials Steve Dickson 2014-09-19 12:51 ` [PATCH 1/2] nfs-server: Replace rpc.svcgssd with gssproxy Steve Dickson 2014-09-19 12:51 ` [PATCH 2/2] svcgssd: Remove rules from the Makefile.am Steve Dickson 2014-09-19 15:57 ` [PATCH 0/2] Use the gssproxy damon for GSSAPI credentials J. Bruce Fields 2014-09-19 16:31 ` Steve Dickson 2014-09-19 16:36 ` J. Bruce Fields 2014-09-19 17:07 ` Simo Sorce 2014-09-19 18:11 ` J. Bruce Fields 2014-09-19 18:15 ` Simo Sorce
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox