All of lore.kernel.org
 help / color / mirror / Atom feed
From: Steve Dickson <SteveD@redhat.com>
To: "J. Bruce Fields" <bfields@fieldses.org>,
	Chuck Lever <chuck.lever@oracle.com>
Cc: Neil Brown <neilb@suse.de>,
	Linux NFS Mailing List <linux-nfs@vger.kernel.org>,
	Simo Sorce <simo@redhat.com>
Subject: Re: [PATCH/RFC: nfs-utils] Common systemd unit files for nfs-utils.
Date: Mon, 10 Feb 2014 15:50:41 -0500	[thread overview]
Message-ID: <52F93BA1.9060505@RedHat.com> (raw)
In-Reply-To: <20140206161917.GB14575@fieldses.org>

On 02/06/2014 11:19 AM, J. Bruce Fields wrote:
> On Thu, Feb 06, 2014 at 11:09:58AM -0500, Chuck Lever wrote:
>>
>> On Feb 5, 2014, at 8:27 PM, NeilBrown <neilb@suse.de> wrote:
>>> I certainly agree with making things simple.  If we can make a configuration
>>> irrelevant, e.g. by gets nfsd to auto-tune the number of threads so the
>>> setting becomes pointless, then I've very happy to remove that sort of
>>> configuration.  But if a configuration option actually means something I
>>> certainly don't want to remove it.
>>>
>>> So I'm leaning towards having "systemctl {un,}mask rpc-gssd" be the
>>> configuration tool for rpc.gssd.
>>
>> I like that better than the “off-until-requested” behavior we have currently.  IMO folks who want to disable rpc.gssd will be in the increasing minority and the rest of the world will take scant notice of the extra daemon, as long as we ensure it speaks only when necessary.
> 
> I'd also prefer running the gssd's by default: one less (confusing) step
> to set up kerberos, and I'm not seeing a realistic security risk.
I'm not for starting daemon that are not needed or necessary. I
just think that is a bad design. 
 
> 
> If we can easily provide a way to turn it off for people that want a
> really stripped-down system for whatever reason, fine, let's provide
> that.
I'm thinking just the opposite... Have a way to easily (or even
automatically) way to enabled NFS security....  when needed...

Would it make it easier if we combined the gssd daemon? That goes
both ways (server and client)... That way we could just enable 
nfs security and the daemon would started regardless on what side
its on... 

steved.

  reply	other threads:[~2014-02-10 20:50 UTC|newest]

Thread overview: 41+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-01-30  6:24 [PATCH/RFC: nfs-utils] Common systemd unit files for nfs-utils NeilBrown
2014-01-30 15:04 ` Weston Andros Adamson
2014-01-30 17:56   ` Weston Andros Adamson
2014-01-30 18:52     ` J. Bruce Fields
2014-01-30 22:50       ` NeilBrown
2014-01-30 23:17         ` Jim Rees
2014-01-30 20:06 ` Steve Dickson
2014-01-30 22:14   ` NeilBrown
2014-01-31 15:19     ` Steve Dickson
2014-01-31 16:15     ` Steve Dickson
2014-02-03 21:01 ` Steve Dickson
2014-02-03 22:34   ` NeilBrown
2014-02-04 16:20     ` J. Bruce Fields
2014-02-04 16:30       ` Chuck Lever
2014-02-04 19:00       ` Steve Dickson
2014-02-06 12:32         ` Simo Sorce
2014-02-05  3:09       ` NeilBrown
2014-02-05 15:56         ` Chuck Lever
2014-02-06  1:27           ` NeilBrown
2014-02-06 12:15             ` Simo Sorce
2014-02-06 16:09             ` Chuck Lever
2014-02-06 16:19               ` J. Bruce Fields
2014-02-10 20:50                 ` Steve Dickson [this message]
2014-02-11  4:50                   ` NeilBrown
2014-02-11 12:38                     ` Steve Dickson
2014-02-11 16:37                     ` J. Bruce Fields
2014-02-11 16:47                       ` Steve Dickson
2014-02-11 16:56                         ` J. Bruce Fields
2014-02-11 20:12                           ` Steve Dickson
2014-02-04 18:26     ` Steve Dickson
2014-02-04 18:48       ` Anthony Messina
2014-02-04 18:54         ` J. Bruce Fields
2014-02-05  3:55       ` NeilBrown
2014-02-11 12:56         ` Steve Dickson
2014-02-05  5:43       ` NeilBrown
2014-02-05 21:11         ` J. Bruce Fields
2014-02-06  0:58           ` NeilBrown
2014-02-13 19:39         ` Steve Dickson
2014-02-04 12:42   ` Anthony Messina
2014-02-04 13:24     ` Jeff Layton
2014-02-04 14:18       ` Anthony Messina

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=52F93BA1.9060505@RedHat.com \
    --to=steved@redhat.com \
    --cc=bfields@fieldses.org \
    --cc=chuck.lever@oracle.com \
    --cc=linux-nfs@vger.kernel.org \
    --cc=neilb@suse.de \
    --cc=simo@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.