When gssproxy(8) daemon is installed, that daemon will be used
to manage the GSSAPI credentials on the server.
The nfs-server unit will start gssproxy when it exists
otherwise rpc.svcgssd will be started as usual.
Also, a configure switch was added to disable the building
of rpc.svcgssd.
Steve Dickson (2):
rpc.svcgssd: Add a configure switch to disable building the daemon
nfs-service: Added gssproxy support
configure.ac | 23 +++++++++++++++++++----
systemd/nfs-server.service | 5 +++--
utils/gssd/Makefile.am | 11 +++++++++--
3 files changed, 31 insertions(+), 8 deletions(-)
--
1.9.3
Now that gssproxy is supported on modern kernels,
the svcgssd is no longer needed. This switch
disables the building of the daemon.
Signed-off-by: Steve Dickson <[email protected]>
---
configure.ac | 23 +++++++++++++++++++----
utils/gssd/Makefile.am | 11 +++++++++--
2 files changed, 28 insertions(+), 6 deletions(-)
diff --git a/configure.ac b/configure.ac
index bc48373..b63d821 100644
--- a/configure.ac
+++ b/configure.ac
@@ -90,21 +90,36 @@ AC_ARG_ENABLE(nfsv41,
AC_ARG_ENABLE(gss,
[AC_HELP_STRING([--enable-gss],
- [enable support for rpcsec_gss @<:@default=yes@:>@])],
+ [enable client support for rpcsec_gss @<:@default=yes@:>@])],
enable_gss=$enableval,
enable_gss=yes)
if test "$enable_gss" = yes; then
GSSD=gssd
- SVCGSSD=svcgssd
else
enable_gss=
GSSD=
- SVCGSSD=
fi
AC_SUBST(GSSD)
- AC_SUBST(SVCGSSD)
AC_SUBST(enable_gss)
AM_CONDITIONAL(CONFIG_GSS, [test "$enable_gss" = "yes"])
+
+AC_ARG_ENABLE(svcgss,
+ [AC_HELP_STRING([--enable-svcgss],
+ [dissable building svcgssd for rpcsec_gss server support @<:@default=yes@:>@])],
+ enable_svcgss=$enableval,
+ enable_svcgss=yes)
+ if test "$enable_gss" = yes; then
+ if "enable_svcgss" = yes; then
+ SVCGSSD=svcgssd
+ fi
+ else
+ enable_svcgss=
+ SVCGSSD=
+ fi
+ AC_SUBST(SVCGSSD)
+ AC_SUBST(enable_svcgss)
+ AM_CONDITIONAL(CONFIG_SVCGSS, [test "$enable_svcgss" = "yes"])
+
AC_ARG_ENABLE(kprefix,
[AC_HELP_STRING([--enable-kprefix], [install progs as rpc.knfsd etc])],
test "$enableval" = "yes" && kprefix=k,
diff --git a/utils/gssd/Makefile.am b/utils/gssd/Makefile.am
index af59791..9835117 100644
--- a/utils/gssd/Makefile.am
+++ b/utils/gssd/Makefile.am
@@ -1,10 +1,17 @@
## Process this file with automake to produce Makefile.in
-man8_MANS = gssd.man svcgssd.man
+man8_MANS = gssd.man
+if CONFIG_SVCGSS
+man8_MANS += svcgssd.man
+endif
RPCPREFIX = rpc.
KPREFIX = @kprefix@
-sbin_PREFIXED = gssd svcgssd
+sbin_PREFIXED = gssd
+if CONFIG_SVCGSS
+sbin_PREFIXED += svcgssd
+endif
+
sbin_PROGRAMS = $(sbin_PREFIXED)
EXTRA_DIST = \
--
1.9.3
When kernel have gssproxy support the the gssproxy
daemon should be used to manage the GSSAPI creds.
So this patch adds "calls" to the gssproxy daemon
from the NFS server systemd unit file.
When gssproxy is installed, gssproxy will be start
and rpc.svcgssd will not be. When gssproxy is not
installed the rpc.svcgssd daemon will be started.
Note, there are already existing hooks in the
rpc-svcgssd service file that will ensure the
gssproxy will be started before rpc.svcgssd
which allows the script not to start rpc.svcsdd
when gssproxy is installed and running.
Signed-off-by: Steve Dickson <[email protected]>
---
systemd/nfs-server.service | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/systemd/nfs-server.service b/systemd/nfs-server.service
index 2fa7387..c740fa2 100644
--- a/systemd/nfs-server.service
+++ b/systemd/nfs-server.service
@@ -2,12 +2,13 @@
Description=NFS server and services
Requires= network.target proc-fs-nfsd.mount rpcbind.target
Requires= nfs-mountd.service
-Wants=rpc-statd.service nfs-idmapd.service rpc-gssd.service rpc-svcgssd.service
+Wants=rpc-statd.service nfs-idmapd.service
+Wants=rpc-gssd.service gssproxy.service rpc-svcgssd.service
Wants=rpc-statd-notify.service
After= network.target proc-fs-nfsd.mount rpcbind.target nfs-mountd.service
After= nfs-idmapd.service rpc-statd.service
-After= rpc-gssd.service rpc-svcgssd.service
+After= rpc-gssd.service gssproxy.service rpc-svcgssd.service
Before= rpc-statd-notify.service
Wants=nfs-config.service
--
1.9.3
On Tue, 23 Sep 2014 12:21:40 -0400 Steve Dickson <[email protected]> wrote:
> Now that gssproxy is supported on modern kernels,
> the svcgssd is no longer needed. This switch
> disables the building of the daemon.
>
> Signed-off-by: Steve Dickson <[email protected]>
> ---
> configure.ac | 23 +++++++++++++++++++----
> utils/gssd/Makefile.am | 11 +++++++++--
> 2 files changed, 28 insertions(+), 6 deletions(-)
>
> diff --git a/configure.ac b/configure.ac
> index bc48373..b63d821 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -90,21 +90,36 @@ AC_ARG_ENABLE(nfsv41,
>
> AC_ARG_ENABLE(gss,
> [AC_HELP_STRING([--enable-gss],
> - [enable support for rpcsec_gss @<:@default=yes@:>@])],
> + [enable client support for rpcsec_gss @<:@default=yes@:>@])],
> enable_gss=$enableval,
> enable_gss=yes)
> if test "$enable_gss" = yes; then
> GSSD=gssd
> - SVCGSSD=svcgssd
> else
> enable_gss=
> GSSD=
> - SVCGSSD=
> fi
> AC_SUBST(GSSD)
> - AC_SUBST(SVCGSSD)
> AC_SUBST(enable_gss)
> AM_CONDITIONAL(CONFIG_GSS, [test "$enable_gss" = "yes"])
> +
> +AC_ARG_ENABLE(svcgss,
> + [AC_HELP_STRING([--enable-svcgss],
> + [dissable building svcgssd for rpcsec_gss server support @<:@default=yes@:>@])],
> + enable_svcgss=$enableval,
> + enable_svcgss=yes)
> + if test "$enable_gss" = yes; then
> + if "enable_svcgss" = yes; then
> + SVCGSSD=svcgssd
> + fi
Hi Steve,
I just noticed that this causes an error when I try "./configure".
It tries to run a program called "enable_svcgss" with args "=" and "yes",
but this fails....
A simple fix would leave the code doing nothing if enable_gss = yes, but
enable_svcgss = no. Is that what you want?
Should it be:
if test "$enable_gss" = yes -a "$enable_svcgss" = yes; then
SVCGSSD=svcgssd
> + else
> + enable_svcgss=
> + SVCGSSD=
> + fi
??
Would you like a patch, or will you just fix it up?
Thanks,
NeilBrown
> + AC_SUBST(SVCGSSD)
> + AC_SUBST(enable_svcgss)
> + AM_CONDITIONAL(CONFIG_SVCGSS, [test "$enable_svcgss" = "yes"])
> +
> AC_ARG_ENABLE(kprefix,
> [AC_HELP_STRING([--enable-kprefix], [install progs as rpc.knfsd etc])],
> test "$enableval" = "yes" && kprefix=k,
> diff --git a/utils/gssd/Makefile.am b/utils/gssd/Makefile.am
> index af59791..9835117 100644
> --- a/utils/gssd/Makefile.am
> +++ b/utils/gssd/Makefile.am
> @@ -1,10 +1,17 @@
> ## Process this file with automake to produce Makefile.in
>
> -man8_MANS = gssd.man svcgssd.man
> +man8_MANS = gssd.man
> +if CONFIG_SVCGSS
> +man8_MANS += svcgssd.man
> +endif
>
> RPCPREFIX = rpc.
> KPREFIX = @kprefix@
> -sbin_PREFIXED = gssd svcgssd
> +sbin_PREFIXED = gssd
> +if CONFIG_SVCGSS
> +sbin_PREFIXED += svcgssd
> +endif
> +
> sbin_PROGRAMS = $(sbin_PREFIXED)
>
> EXTRA_DIST = \
On 11/04/2014 09:56 PM, NeilBrown wrote:
> Hi Steve,
> I just noticed that this causes an error when I try "./configure".
> It tries to run a program called "enable_svcgss" with args "=" and "yes",
> but this fails....
>
> A simple fix would leave the code doing nothing if enable_gss = yes, but
> enable_svcgss = no. Is that what you want?
No...
>
> Should it be:
>
> if test "$enable_gss" = yes -a "$enable_svcgss" = yes; then
> SVCGSSD=svcgssd
>> > + else
>> > + enable_svcgss=
>> > + SVCGSSD=
>> > + fi
> ??
>
> Would you like a patch, or will you just fix it up?
I got it... thanks!
commit e186d734cb3d7c53ef8038b2f62e5b1825d9fa26
Author: Steve Dickson <[email protected]>
Date: Wed Nov 5 11:12:03 2014 -0500
configure: Fixed logic around $enable_gss and $enable_svcgss
Signed-off-by: Steve Dickson <[email protected]>
diff --git a/configure.ac b/configure.ac
index 59fd14d..377ba2e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -108,10 +108,8 @@ AC_ARG_ENABLE(svcgss,
[enable building svcgssd for rpcsec_gss server support @<:@default=yes@:>@])],
enable_svcgss=$enableval,
enable_svcgss=yes)
- if test "$enable_gss" = yes; then
- if "enable_svcgss" = yes; then
- SVCGSSD=svcgssd
- fi
+ if test "$enable_gss" = yes -a "enable_svcgss" = yes; then
+ SVCGSSD=svcgssd
else
enable_svcgss=
SVCGSSD=
steved.
On Wed, 05 Nov 2014 11:17:18 -0500 Steve Dickson <[email protected]> wrote:
>
>
> On 11/04/2014 09:56 PM, NeilBrown wrote:
> > Hi Steve,
> > I just noticed that this causes an error when I try "./configure".
> > It tries to run a program called "enable_svcgss" with args "=" and "yes",
> > but this fails....
> >
> > A simple fix would leave the code doing nothing if enable_gss = yes, but
> > enable_svcgss = no. Is that what you want?
> No...
>
> >
> > Should it be:
> >
> > if test "$enable_gss" = yes -a "$enable_svcgss" = yes; then
> > SVCGSSD=svcgssd
> >> > + else
> >> > + enable_svcgss=
> >> > + SVCGSSD=
> >> > + fi
> > ??
> >
> > Would you like a patch, or will you just fix it up?
> I got it... thanks!
>
> commit e186d734cb3d7c53ef8038b2f62e5b1825d9fa26
> Author: Steve Dickson <[email protected]>
> Date: Wed Nov 5 11:12:03 2014 -0500
>
> configure: Fixed logic around $enable_gss and $enable_svcgss
>
> Signed-off-by: Steve Dickson <[email protected]>
>
> diff --git a/configure.ac b/configure.ac
> index 59fd14d..377ba2e 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -108,10 +108,8 @@ AC_ARG_ENABLE(svcgss,
> [enable building svcgssd for rpcsec_gss server support @<:@default=yes@:>@])],
> enable_svcgss=$enableval,
> enable_svcgss=yes)
> - if test "$enable_gss" = yes; then
> - if "enable_svcgss" = yes; then
> - SVCGSSD=svcgssd
> - fi
> + if test "$enable_gss" = yes -a "enable_svcgss" = yes; then
$
> + SVCGSSD=svcgssd
> else
> enable_svcgss=
> SVCGSSD=
Apart from the missing '$', looks good to me - thanks.
NeilBrown
>
>
> steved.
> --
> To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html