On Wed, Sep 24, 2014 at 11:07:16AM -0400, Steve Dickson wrote: > On 09/23/2014 05:15 PM, Steve Dickson wrote: > > > > On 09/23/2014 04:25 PM, J. Bruce Fields wrote: > >>> I through this into my test world > >> Thanks! > >> > >>>> and one side effect of this patch > >>>> is both rpc.gssd and rpc.svcgssd daemons are *always* started when > >>>> a key tab exists (/etc/krb5.keytab) and *all* the services (nfs-client, > >>>> nfs-server, rpc-gssd, and rpc-svcgssd) are disabled, which is not > >>>> good... Those daemons don't need to be started when both sides > >>>> are disabled... But the auth_rpcgss is loaded! ;-) > >> Weird. I can't see how this patch on its own would have any effect on > >> that. > It turns out I must have had the nfs-client.target enabled... > > I just realize 'systemctl disable nfs-client' does not fail, > but it does not do anything either. :-( I would think > it should fail with some type of "unit not found", but it > does not... > > 'systemctl disable nfs-client.target' was the command I > wanted to disable the client, so your patch works... > > Question, Why is rpc.svcgssd/gssproxy when only the > nfs-client is enabled?? It handles NFSv4.0/krb5 callbacks. (It's not needed for NFSv4.1+, and even in the 4.0 case the only consequence is that you'll lose delegations on krb5 mounts. So maybe we'll be able to remove that dependency, one of these decades....) --b. -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
