Received: by 2002:a05:6358:53a8:b0:117:f937:c515 with SMTP id z40csp3405962rwe; Sun, 16 Apr 2023 19:34:42 -0700 (PDT) X-Google-Smtp-Source: AKy350agaZhw3yyEiJkcnEz+9zTg0Lo2JMzZ7opPAaGYp/UbeNJRTbjgOyBlmjqhDGRR5yeaeaBn X-Received: by 2002:a05:6a20:9389:b0:ef:cb4c:c23e with SMTP id x9-20020a056a20938900b000efcb4cc23emr2571062pzh.29.1681698882489; Sun, 16 Apr 2023 19:34:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1681698882; cv=none; d=google.com; s=arc-20160816; b=pZ+fRVeJR5zVom+V1v1u5zA69I2SuJXxp2IwTYGypwWgt8CxP2C006pz4Tg02uxQ+R HxCk7iTJ+siFubBYVMiuWYICNXvzbo59KvfNX7HCnYwsC7zeWKcNqmw/Q86Eyebjm09l 7mGBRnrjoIhU08hZTVKvXM9b+NyizpyjiajiSn5Hux0oK741PobqIHprU+Yvr+bVxWL5 URWjULSUGCS59JArcBjPofBNU4/RGugktw1//cdxWD3gNQ5WYnBRxoS9hMUAGed1+1Ka oKX8N2z0mSVJcvKZu/PoSEsKRlCyX9Vuwb0CR7QrNWY/ySFJbA8Es5JYp49hr+N47swK v4LQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:references:in-reply-to:cc:subject:to:from:date; bh=nbWuYpiLj7mGvsEjzu19VVq8AB7/fzNMYn2cup6rtV8=; b=gXO0UB7sQDRz7xI2Lx1YbXQWkNtuTObszIA9ojwSKk9io/vCdg6fH8Xwx/AAvfr/pz N6RvfQgNI7Kbv0yLR1duEU49QjXKYRy2MO7agmtXooK/RTkffcLhkkOk1/b2EOOoGP8s NVLJBetdrmolmVOoS/jDTKmRXpMmJaPdEo3TG+G6tSGePQsP//SRbfK6pJ/ZZHI9F9CR 1x9KJo2XZpqSBPIln0MVbtLnNVt2inbAOJTPYOI+oz1SBdqYqMKVmR+wGWD27byk5eCX /3nmok87uIqeGdXMYRyaHZoGVqv2HsSKCkoCpBfRbcWXA7S9fZ7xmaUQguVKZRBuXjch R3Bw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id bm18-20020a656e92000000b005073e3342eesi11132115pgb.143.2023.04.16.19.34.26; Sun, 16 Apr 2023 19:34:42 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229565AbjDQCZn (ORCPT + 99 others); Sun, 16 Apr 2023 22:25:43 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47594 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229510AbjDQCZm (ORCPT ); Sun, 16 Apr 2023 22:25:42 -0400 Received: from out28-80.mail.aliyun.com (out28-80.mail.aliyun.com [115.124.28.80]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 268D21FCC for ; Sun, 16 Apr 2023 19:25:40 -0700 (PDT) X-Alimail-AntiSpam: AC=CONTINUE;BC=0.06908055|-1;CH=green;DM=|CONTINUE|false|;DS=CONTINUE|ham_regular_dialog|0.0113397-0.000391995-0.988268;FP=0|0|0|0|0|-1|-1|-1;HT=ay29a033018047192;MF=wangyugui@e16-tech.com;NM=1;PH=DS;RN=6;RT=6;SR=0;TI=SMTPD_---.SHwAW1s_1681698335; Received: from 192.168.2.112(mailfrom:wangyugui@e16-tech.com fp:SMTPD_---.SHwAW1s_1681698335) by smtp.aliyun-inc.com; Mon, 17 Apr 2023 10:25:36 +0800 Date: Mon, 17 Apr 2023 10:25:37 +0800 From: Wang Yugui To: "NeilBrown" Subject: Re: [PATCH nfs-utils] mountd: don't advertise krb5 for v4root when not configured. Cc: "Steve Dickson" , "Petr Vorel" , "linux-nfs" , "Dave Jones" , bfields@redhat.com In-Reply-To: <168169801568.24821.12909751358635990715@noble.neil.brown.name> References: <20230417100511.9131.409509F4@e16-tech.com> <168169801568.24821.12909751358635990715@noble.neil.brown.name> Message-Id: <20230417102536.FAE6.409509F4@e16-tech.com> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: Becky! ver. 2.81.04 [en] X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE,UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org Hi, > On Mon, 17 Apr 2023, Wang Yugui wrote: > > Hi, > > > > > > > > If /etc/krb5.keytab does not exist, then krb5 cannot work, so > > > advertising it as an option for v4root is pointless. > > > Since linux commit 676e4ebd5f2c ("NFSD: SECINFO doesn't handle > > > unsupported pseudoflavors correctly") this can result in an unhelpful > > > warning if the krb5 code is not built, or built as a module which is not > > > installed. > > > > > > [ 161.668635] NFS: SECINFO: security flavor 390003 is not supported > > > [ 161.668655] NFS: SECINFO: security flavor 390004 is not supported > > > [ 161.668670] NFS: SECINFO: security flavor 390005 is not supported > > > > > > So avoid advertising krb5 security options when krb5.keytab cannot be > > > found. > > > > > > Link: https://lore.kernel.org/linux-nfs/20170104190327.v3wbpcbqtfa5jy7d@codemonkey.org.uk/ > > > Signed-off-by: NeilBrown > > > --- > > > support/export/v4root.c | 2 ++ > > > support/include/pseudoflavors.h | 1 + > > > support/nfs/exports.c | 14 +++++++------- > > > 3 files changed, 10 insertions(+), 7 deletions(-) > > > > > > diff --git a/support/export/v4root.c b/support/export/v4root.c > > > index fbb0ad5f5b81..3e049582d7c1 100644 > > > --- a/support/export/v4root.c > > > +++ b/support/export/v4root.c > > > @@ -66,6 +66,8 @@ set_pseudofs_security(struct exportent *pseudo) > > > > > > if (!flav->fnum) > > > continue; > > > + if (flav->need_krb5 && !access("/etc/krb5.keytab", F_OK)) > > > + continue; > > > > Could we replace "/etc/krb5.keytab" with krb5_kt_default_name()? > > Maybe? Why would we want to? > > The presence of /etc/krb5.keytab is what we already use in a couple of > systemd unit files to determine if krb5 is configured. Why not just use > the same here? OK to just same as other files. Best Regards Wang Yugui (wangyugui@e16-tech.com) 2023/04/17