This is helpful for users that have a krb5.keytab but do not want to use secure NFS. Also fixed a typo that appears earlier on the page. Signed-off-by: Scott Mayhew <smayhew@xxxxxxxxxx> --- systemd/nfs.systemd.man | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/systemd/nfs.systemd.man b/systemd/nfs.systemd.man index 01801eb..46b476a 100644 --- a/systemd/nfs.systemd.man +++ b/systemd/nfs.systemd.man @@ -79,7 +79,7 @@ unit should be enabled. Several other units which might be considered to be optional, such as .I rpc-gssd.service are careful to only start if the required configuration file exists. -.I rpc-gsdd.service +.I rpc-gssd.service will not start if the .I krb5.keytab file does not exist (typically in @@ -120,10 +120,11 @@ be needed to reduce system load to an absolute minimum, or to reduce attack surface by not running daemons that are not absolutely required. .PP -Two particular services which this can apply to are -.I rpcbind +Three particular services which this can apply to are +.IR rpcbind , +.IR idmapd , and -.IR idmapd . +.IR rpc-gssd . .I rpcbind is not part of the .I nfs-utils @@ -155,6 +156,15 @@ is not needed and not wanted, it can be masked with .RS .B systemctl mask idmapd .RE +.I rpc-gssd +is assumed to be needed if the +.I krb5.keytab +file is present. If a site needs this file present but does not want +.I rpc-gssd +running, it can be masked with +.RS +.B systemctl mask rpc-gssd +.RE .SH FILES /etc/nfs.conf .br -- 2.9.4 -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
