Re: [PATCH nfs-utils] mountd: don't advertise krb5 for v4root when not configured.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 17 Apr 2023, Wang Yugui wrote:
> Hi,
> 
> > 
> > If /etc/krb5.keytab does not exist, then krb5 cannot work, so
> > advertising it as an option for v4root is pointless.
> > Since linux commit 676e4ebd5f2c ("NFSD: SECINFO doesn't handle
> > unsupported pseudoflavors correctly") this can result in an unhelpful
> > warning if the krb5 code is not built, or built as a module which is not
> > installed.
> > 
> > [  161.668635] NFS: SECINFO: security flavor 390003 is not supported
> > [  161.668655] NFS: SECINFO: security flavor 390004 is not supported
> > [  161.668670] NFS: SECINFO: security flavor 390005 is not supported
> > 
> > So avoid advertising krb5 security options when krb5.keytab cannot be
> > found.
> > 
> > Link: https://lore.kernel.org/linux-nfs/20170104190327.v3wbpcbqtfa5jy7d@xxxxxxxxxxxxxxxxx/
> > Signed-off-by: NeilBrown <neilb@xxxxxxx>
> > ---
> >  support/export/v4root.c         |  2 ++
> >  support/include/pseudoflavors.h |  1 +
> >  support/nfs/exports.c           | 14 +++++++-------
> >  3 files changed, 10 insertions(+), 7 deletions(-)
> > 
> > diff --git a/support/export/v4root.c b/support/export/v4root.c
> > index fbb0ad5f5b81..3e049582d7c1 100644
> > --- a/support/export/v4root.c
> > +++ b/support/export/v4root.c
> > @@ -66,6 +66,8 @@ set_pseudofs_security(struct exportent *pseudo)
> >  
> >  		if (!flav->fnum)
> >  			continue;
> > +		if (flav->need_krb5 && !access("/etc/krb5.keytab", F_OK))
> > +			continue;
> 
> Could we replace "/etc/krb5.keytab" with krb5_kt_default_name()?

Maybe?  Why would we want to?

The presence of /etc/krb5.keytab is what we already use in a couple of
systemd unit files to determine if krb5 is configured.  Why not just use
the same here?

NeilBrown




[Index of Archives]     [Linux Filesystem Development]     [Linux USB Development]     [Linux Media Development]     [Video for Linux]     [Linux NILFS]     [Linux Audio Users]     [Yosemite Info]     [Linux SCSI]

  Powered by Linux