On 3/15/25 11:17 AM, Steve Dickson wrote: > > > On 3/14/25 8:18 AM, Benjamin Coddington wrote: >> On 13 Mar 2025, at 7:30, Andrew J. Romero wrote: >> >>> Hi >>> >>> Alexander Bokovoy provided excellent answers to most of my questions on >>> this topic See: Thread: gssproxy security, configuration and life-cycle >>> questions on gss-proxy@xxxxxxxxxxxxxxxxxxxxxx >>> >>> Remaining question: >>> >>> Prior to RHEL-9 , in the section of the gssd man page ( under the >>> heading >>> CONFIGURATION FILE ... ....options that can be set on the command >>> line >>> can also be controlled through .... values set in the [gssd] section of >>> /etc/nfs.conf ) there was a configuration parameter "use-gss-proxy" >> >> I don't see any git history of gssd.man with use-gss-proxy, but the value >> does appear in nfs.conf.man. It has not been removed there. It probably >> should be added to gssd.man. > +1 > >> >>> why was this parameter removed from the current man page, can it be >>> re-added ? ( apparently the parameter is still functional ... if that's >>> the case , it should not simply be removed from the documentation >>> with no >>> commentary ) >> >> I'm not sure thats what happened. It looks like it wasn't ever in >> gssd.man >> to me. Maybe Steve D can clarify? > > My question is does the use-gss-proxy param need to be on > by default... I agree that parameter needs to be documented in the > gssd.man man page... which smayhew as sent a patch. > > Does use-gss-proxy=yes add more complexity that is needed? > > Personally I would like to turn it off. AIUI it is always off on clients, but some NFSD configs utilize gssproxy. Not sure how you would code that in /etc/nfs.conf ...? -- Chuck Lever
