| Message ID | 20170725151920.21760-1-smayhew@redhat.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On Tue, Jul 25 2017, Scott Mayhew wrote: > This is helpful for users that have a krb5.keytab but do not want to use > secure NFS. Also fixed a typo that appears earlier on the page. > > Signed-off-by: Scott Mayhew <smayhew@redhat.com> Reviewed-by: NeilBrown <neilb@suse.com> Thanks, NeilBrown > --- > systemd/nfs.systemd.man | 18 ++++++++++++++---- > 1 file changed, 14 insertions(+), 4 deletions(-) > > diff --git a/systemd/nfs.systemd.man b/systemd/nfs.systemd.man > index 01801eb..46b476a 100644 > --- a/systemd/nfs.systemd.man > +++ b/systemd/nfs.systemd.man > @@ -79,7 +79,7 @@ unit should be enabled. > Several other units which might be considered to be optional, such as > .I rpc-gssd.service > are careful to only start if the required configuration file exists. > -.I rpc-gsdd.service > +.I rpc-gssd.service > will not start if the > .I krb5.keytab > file does not exist (typically in > @@ -120,10 +120,11 @@ be needed to reduce system load to an absolute minimum, or to reduce > attack surface by not running daemons that are not absolutely > required. > .PP > -Two particular services which this can apply to are > -.I rpcbind > +Three particular services which this can apply to are > +.IR rpcbind , > +.IR idmapd , > and > -.IR idmapd . > +.IR rpc-gssd . > .I rpcbind > is not part of the > .I nfs-utils > @@ -155,6 +156,15 @@ is not needed and not wanted, it can be masked with > .RS > .B systemctl mask idmapd > .RE > +.I rpc-gssd > +is assumed to be needed if the > +.I krb5.keytab > +file is present. If a site needs this file present but does not want > +.I rpc-gssd > +running, it can be masked with > +.RS > +.B systemctl mask rpc-gssd > +.RE > .SH FILES > /etc/nfs.conf > .br > -- > 2.9.4 > > -- > To unsubscribe from this list: send the line "unsubscribe linux-nfs" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html
On 07/25/2017 11:19 AM, Scott Mayhew wrote: > This is helpful for users that have a krb5.keytab but do not want to use > secure NFS. Also fixed a typo that appears earlier on the page. > > Signed-off-by: Scott Mayhew <smayhew@redhat.com> Committed! steved. > --- > systemd/nfs.systemd.man | 18 ++++++++++++++---- > 1 file changed, 14 insertions(+), 4 deletions(-) > > diff --git a/systemd/nfs.systemd.man b/systemd/nfs.systemd.man > index 01801eb..46b476a 100644 > --- a/systemd/nfs.systemd.man > +++ b/systemd/nfs.systemd.man > @@ -79,7 +79,7 @@ unit should be enabled. > Several other units which might be considered to be optional, such as > .I rpc-gssd.service > are careful to only start if the required configuration file exists. > -.I rpc-gsdd.service > +.I rpc-gssd.service > will not start if the > .I krb5.keytab > file does not exist (typically in > @@ -120,10 +120,11 @@ be needed to reduce system load to an absolute minimum, or to reduce > attack surface by not running daemons that are not absolutely > required. > .PP > -Two particular services which this can apply to are > -.I rpcbind > +Three particular services which this can apply to are > +.IR rpcbind , > +.IR idmapd , > and > -.IR idmapd . > +.IR rpc-gssd . > .I rpcbind > is not part of the > .I nfs-utils > @@ -155,6 +156,15 @@ is not needed and not wanted, it can be masked with > .RS > .B systemctl mask idmapd > .RE > +.I rpc-gssd > +is assumed to be needed if the > +.I krb5.keytab > +file is present. If a site needs this file present but does not want > +.I rpc-gssd > +running, it can be masked with > +.RS > +.B systemctl mask rpc-gssd > +.RE > .SH FILES > /etc/nfs.conf > .br > -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/systemd/nfs.systemd.man b/systemd/nfs.systemd.man index 01801eb..46b476a 100644 --- a/systemd/nfs.systemd.man +++ b/systemd/nfs.systemd.man @@ -79,7 +79,7 @@ unit should be enabled. Several other units which might be considered to be optional, such as .I rpc-gssd.service are careful to only start if the required configuration file exists. -.I rpc-gsdd.service +.I rpc-gssd.service will not start if the .I krb5.keytab file does not exist (typically in @@ -120,10 +120,11 @@ be needed to reduce system load to an absolute minimum, or to reduce attack surface by not running daemons that are not absolutely required. .PP -Two particular services which this can apply to are -.I rpcbind +Three particular services which this can apply to are +.IR rpcbind , +.IR idmapd , and -.IR idmapd . +.IR rpc-gssd . .I rpcbind is not part of the .I nfs-utils @@ -155,6 +156,15 @@ is not needed and not wanted, it can be masked with .RS .B systemctl mask idmapd .RE +.I rpc-gssd +is assumed to be needed if the +.I krb5.keytab +file is present. If a site needs this file present but does not want +.I rpc-gssd +running, it can be masked with +.RS +.B systemctl mask rpc-gssd +.RE .SH FILES /etc/nfs.conf .br
This is helpful for users that have a krb5.keytab but do not want to use secure NFS. Also fixed a typo that appears earlier on the page. Signed-off-by: Scott Mayhew <smayhew@redhat.com> --- systemd/nfs.systemd.man | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-)