Hi,
> On Mon, 17 Apr 2023, Wang Yugui wrote:
> > Hi,
> >
> > >
> > > If /etc/krb5.keytab does not exist, then krb5 cannot work, so
> > > advertising it as an option for v4root is pointless.
> > > Since linux commit 676e4ebd5f2c ("NFSD: SECINFO doesn't handle
> > > unsupported pseudoflavors correctly") this can result in an unhelpful
> > > warning if the krb5 code is not built, or built as a module which is not
> > > installed.
> > >
> > > [ 161.668635] NFS: SECINFO: security flavor 390003 is not supported
> > > [ 161.668655] NFS: SECINFO: security flavor 390004 is not supported
> > > [ 161.668670] NFS: SECINFO: security flavor 390005 is not supported
> > >
> > > So avoid advertising krb5 security options when krb5.keytab cannot be
> > > found.
> > >
> > > Link: https://lore.kernel.org/linux-nfs/20170104190327.v3wbpcbqtfa5jy7d@xxxxxxxxxxxxxxxxx/
> > > Signed-off-by: NeilBrown <neilb@xxxxxxx>
> > > ---
> > > support/export/v4root.c | 2 ++
> > > support/include/pseudoflavors.h | 1 +
> > > support/nfs/exports.c | 14 +++++++-------
> > > 3 files changed, 10 insertions(+), 7 deletions(-)
> > >
> > > diff --git a/support/export/v4root.c b/support/export/v4root.c
> > > index fbb0ad5f5b81..3e049582d7c1 100644
> > > --- a/support/export/v4root.c
> > > +++ b/support/export/v4root.c
> > > @@ -66,6 +66,8 @@ set_pseudofs_security(struct exportent *pseudo)
> > >
> > > if (!flav->fnum)
> > > continue;
> > > + if (flav->need_krb5 && !access("/etc/krb5.keytab", F_OK))
> > > + continue;
> >
> > Could we replace "/etc/krb5.keytab" with krb5_kt_default_name()?
>
> Maybe? Why would we want to?
>
> The presence of /etc/krb5.keytab is what we already use in a couple of
> systemd unit files to determine if krb5 is configured. Why not just use
> the same here?
OK to just same as other files.
Best Regards
Wang Yugui (wangyugui@xxxxxxxxxxxx)
2023/04/17
