On Thu, Jul 20 2017, Scott Mayhew wrote: > We've had several users complain about gssd automatically starting. Not > everyone who has a krb5.keytab want to use secure NFS; the instructions > for disabling gssd ought to be on the man page in addition to the README > (which may not even be included in a distro's nfs-utils package). > > Signed-off-by: Scott Mayhew <smayhew@xxxxxxxxxx> > --- > systemd/nfs.systemd.man | 17 ++++++++++++++++- > 1 file changed, 16 insertions(+), 1 deletion(-) > > diff --git a/systemd/nfs.systemd.man b/systemd/nfs.systemd.man > index 01801eb..7675320 100644 > --- a/systemd/nfs.systemd.man > +++ b/systemd/nfs.systemd.man > @@ -79,11 +79,26 @@ unit should be enabled. > Several other units which might be considered to be optional, such as > .I rpc-gssd.service > are careful to only start if the required configuration file exists. > -.I rpc-gsdd.service > +.I rpc-gssd.service > will not start if the > .I krb5.keytab > file does not exist (typically in > .IR /etc ). > +.B rpc.gssd > +is assumed to be needed if the > +.I krb5.keytab > +file is present. If a site needs this file present but does not want > +.B rpc.gssd > +running, it should create > +.B /etc/systemd/system/rpc-gssd.service.d/01-disable.conf A substantially simpler approach would be to recommend systemctl mask rpc-gssd.service "mask" is also useful for disabling rpcbind if you use NFSv4 only and don't want the extra service. NeilBrown > +containing > +.RS > +.nf > +[Unit] > +ConditionNull=false > +.fi > +.RE > + > .SS Restarting NFS services > Most NFS daemons can be restarted at any time. They will reload any > state that they need, and continue servicing requests. This is rarely > -- > 2.9.4 > > -- > To unsubscribe from this list: send the line "unsubscribe linux-nfs" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html
Attachment:
signature.asc
Description: PGP signature