All of lore.kernel.org
 help / color / mirror / Atom feed
From: "J. Bruce Fields" <bfields@fieldses.org>
To: steved@redhat.com
Cc: "Myklebust, Trond" <Trond.Myklebust@netapp.com>,
	Zdenek Salvet <salvet@ics.muni.cz>,
	Lukas Hejtmanek <xhejtman@ics.muni.cz>,
	"linux-nfs@vger.kernel.org" <linux-nfs@vger.kernel.org>
Subject: [PATCH] README: note gssd/svcgssd may be needed on both sides
Date: Thu, 9 Aug 2012 14:01:03 -0400	[thread overview]
Message-ID: <20120809180103.GA9914@fieldses.org> (raw)
In-Reply-To: <20120809165035.GB8230@fieldses.org>

From: "J. Bruce Fields" <bfields@redhat.com>

Administrators and distributors have been confused about this.

Signed-off-by: J. Bruce Fields <bfields@redhat.com>
---
 README |   18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/README b/README
index e55b2dd..9bb69d7 100644
--- a/README
+++ b/README
@@ -71,18 +71,21 @@ scripts can be written to work correctly.
 
 
    A/  mount -t nfsd /proc/fs/nfsd
-      This filesystem needs to be mount before most daemons,
+      This filesystem needs to be mounted before most daemons,
       particularly exportfs, mountd, svcgssd, idmapd.
       It could be mounted once, or the script that starts each daemon
       could test if it is mounted and mount it if not.
 
-   B/ svcgssd ; idmapd
+   B/ svcgssd ; gssd; idmapd
        These supply services to nfsd and so should be started before
        rpc.nfsd.  Where they come between mounting the nfsd filesystem
        and starting the nfsd server is not important.
        idmapd is only needed for NFSv4 support.
-       svcgssd is only needed if exportfs NFS filesystem with crypto-
-       security (Kerberos).
+       svcgssd is needed to export filesystems with Kerberos.
+       gssd should also be started to support granting delegations to
+       NFSv4.0 clients using Kerberos.  However, if it is not started
+       this will only mean that delegations will not be granted.  This
+       will not prevent NFSv4.0 clients from functioning normally.
 
    C/ exportfs -av ; rpc.mountd
        It is important that exportfs be run before mountd so that
@@ -148,10 +151,15 @@ scripts can be written to work correctly.
       filesystems can be mounted with "-o nolock" before sm-notify.
       This is appropriate for '/', '/usr', and '/var'.
 
-   B/ gssd ; idmapd
+   B/ gssd ; svcgssd; idmapd
       idmapd should be started before mounting any NFSv4 filesystems.
       gssd should be started before mounting any NFS filesystems
       securely (with Kerberos).
+      Before mounting any NFSv4.0 filesystems with Kerberos, svcgssd should
+      also be started to support the callbacks required for delegations.
+      However, a failure to start svcgssd will only mean that delegations
+      are turned off, and will not prevent such a mount from working
+      correctly.
 
    C/ statd should be run before any NFSv2 or NFSv3 filesystem is
       mounted with remote locking (i.e. without -o nolock).
-- 
1.7.9.5


  parent reply	other threads:[~2012-08-09 18:01 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-08-06 13:55 NFSv4 backchannel authentication Lukas Hejtmanek
2012-08-07 15:41 ` J. Bruce Fields
2012-08-07 15:59   ` Myklebust, Trond
2012-08-07 16:12     ` Lukas Hejtmanek
2012-08-08  7:58     ` Zdenek Salvet
2012-08-08 13:18       ` Myklebust, Trond
2012-08-09  8:06         ` Zdenek Salvet
2012-08-09 14:45           ` J. Bruce Fields
2012-08-09 15:53             ` Myklebust, Trond
2012-08-09 16:28               ` Lukas Hejtmanek
2012-08-09 16:30                 ` Myklebust, Trond
2012-08-09 16:38                   ` J. Bruce Fields
2012-08-09 16:49                     ` Myklebust, Trond
2012-08-09 16:50               ` J. Bruce Fields
2012-08-09 17:58                 ` Zdenek Salvet
2012-08-09 18:01                 ` J. Bruce Fields [this message]
2012-08-10  5:20               ` NeilBrown
2012-08-10 17:23                 ` J. Bruce Fields

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20120809180103.GA9914@fieldses.org \
    --to=bfields@fieldses.org \
    --cc=Trond.Myklebust@netapp.com \
    --cc=linux-nfs@vger.kernel.org \
    --cc=salvet@ics.muni.cz \
    --cc=steved@redhat.com \
    --cc=xhejtman@ics.muni.cz \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.