On 02/06/2014 11:19 AM, J. Bruce Fields wrote:
> On Thu, Feb 06, 2014 at 11:09:58AM -0500, Chuck Lever wrote:
>>
>> On Feb 5, 2014, at 8:27 PM, NeilBrown <neilb@xxxxxxx> wrote:
>>> I certainly agree with making things simple. If we can make a configuration
>>> irrelevant, e.g. by gets nfsd to auto-tune the number of threads so the
>>> setting becomes pointless, then I've very happy to remove that sort of
>>> configuration. But if a configuration option actually means something I
>>> certainly don't want to remove it.
>>>
>>> So I'm leaning towards having "systemctl {un,}mask rpc-gssd" be the
>>> configuration tool for rpc.gssd.
>>
>> I like that better than the “off-until-requested” behavior we have currently. IMO folks who want to disable rpc.gssd will be in the increasing minority and the rest of the world will take scant notice of the extra daemon, as long as we ensure it speaks only when necessary.
>
> I'd also prefer running the gssd's by default: one less (confusing) step
> to set up kerberos, and I'm not seeing a realistic security risk.
I'm not for starting daemon that are not needed or necessary. I
just think that is a bad design.
>
> If we can easily provide a way to turn it off for people that want a
> really stripped-down system for whatever reason, fine, let's provide
> that.
I'm thinking just the opposite... Have a way to easily (or even
automatically) way to enabled NFS security.... when needed...
Would it make it easier if we combined the gssd daemon? That goes
both ways (server and client)... That way we could just enable
nfs security and the daemon would started regardless on what side
its on...
steved.
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
