On Tue, 04 Feb 2014 06:42:12 -0600 Anthony Messina <amessina@xxxxxxxxxxxx> wrote: > On Monday, February 03, 2014 04:01:21 PM Steve Dickson wrote: > > This changes the current API... Today to enable/start this service > > today one does: > > > > systemctl enable nfs-server > > systemctl start nfs-server > > > > which would change to: > > > > systemctl enable nfs-server.target > > systemctl start nfs-server > > > > with the same daemons being started. > > This changed will cause existing scripts to fail... > > I guess I don't see the point of having a .target file. > > > > How is rpc.svcgssd enabled? Since the .service file does > > not have a [Install] section the systemctl enable rpc.svcgssd > > fails. > > > > Also how does gss-proxy come to play in all this? Maybe we > > just use gss-proxy by default and retire rpc.svcgssd. > > Usually just a quite listener (end-user & small-time sysadmin) on this ML... > > +1 for gss-proxy by default (for Fedora anyway). I've been using it > throughout F19 extensively in the KRB5/NFSv4.1 environment with great success. > I have nfs-secure-server.service "masked" via systemd to prevent it from being > started. > > There seems to be only one strange issue I've come across with gss-proxy vs. > rpc.svcgssd: https://fedorahosted.org/gss-proxy/ticket/98. This is with > regard to how access for the "nfsnobody" user is handled. The ticket attempts > to show that with rpc.svcgssd, a host with host credentials and a user without > credentials can still access NFS shares with 0755 directories and 0644 files > (via the host credentials and mapped to the nfsnobody user). With gss-proxy, > I had to create user credentials for kojibuilder@REALM because the access > wasn't allowed via the nfsnobody path. I'm not sure if this is resolved, or > by design, etc. But it is the only issue I've seen with gss-proxy vs. > rpc.svcgssd. > > Thanks. -A > Please do open a bug at bugzilla.redhat.com for that and cc me on it. We really do want to ensure that these sorts of corner-cases get addressed. -- Jeff Layton <jlayton@xxxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
