Hi,
>
> If /etc/krb5.keytab does not exist, then krb5 cannot work, so
> advertising it as an option for v4root is pointless.
> Since linux commit 676e4ebd5f2c ("NFSD: SECINFO doesn't handle
> unsupported pseudoflavors correctly") this can result in an unhelpful
> warning if the krb5 code is not built, or built as a module which is not
> installed.
>
> [ 161.668635] NFS: SECINFO: security flavor 390003 is not supported
> [ 161.668655] NFS: SECINFO: security flavor 390004 is not supported
> [ 161.668670] NFS: SECINFO: security flavor 390005 is not supported
>
> So avoid advertising krb5 security options when krb5.keytab cannot be
> found.
>
> Link: https://lore.kernel.org/linux-nfs/20170104190327.v3wbpcbqtfa5jy7d@xxxxxxxxxxxxxxxxx/
> Signed-off-by: NeilBrown <neilb@xxxxxxx>
> ---
> support/export/v4root.c | 2 ++
> support/include/pseudoflavors.h | 1 +
> support/nfs/exports.c | 14 +++++++-------
> 3 files changed, 10 insertions(+), 7 deletions(-)
>
> diff --git a/support/export/v4root.c b/support/export/v4root.c
> index fbb0ad5f5b81..3e049582d7c1 100644
> --- a/support/export/v4root.c
> +++ b/support/export/v4root.c
> @@ -66,6 +66,8 @@ set_pseudofs_security(struct exportent *pseudo)
>
> if (!flav->fnum)
> continue;
> + if (flav->need_krb5 && !access("/etc/krb5.keytab", F_OK))
> + continue;
Could we replace "/etc/krb5.keytab" with krb5_kt_default_name()?
Best Regards
Wang Yugui (wangyugui@xxxxxxxxxxxx)
2023/04/17
