From 1152eff8c6dd4151f6e3a200b5d159a191be5443 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Wed, 24 Jul 2013 16:56:26 +0200 Subject: [PATCH] Add better default gssproxy.conf file for nfs client and server usage. --- gssproxy-conf.patch | 51 +++++++++++++++++++++++++++++++++++++++++++++ gssproxy.spec | 8 ++++++- 2 files changed, 58 insertions(+), 1 deletion(-) create mode 100644 gssproxy-conf.patch diff --git a/gssproxy-conf.patch b/gssproxy-conf.patch new file mode 100644 index 0000000..f97d40c --- /dev/null +++ b/gssproxy-conf.patch @@ -0,0 +1,51 @@ +From 7201cabaf0c59b2f50c1a86a47465daaafff6cb4 Mon Sep 17 00:00:00 2001 +From: Simo Sorce +Date: Wed, 19 Jun 2013 11:41:29 -0400 +Subject: [PATCH] Split nfs server and client services +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The NFS server uses a special socket for the kernel communication. +Split configuration in 2 distinct services so we can use specific options that +may be different between server and client. + +The 3 main differences so far are: +1. socket: default for client, custom for server +2. kernel_nfd option only for server +3. ccache and client keytab options only for client + +Signed-off-by: Simo Sorce +Reviewed-by: Günther Deschner +--- + proxy/examples/gssproxy.conf.in | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/proxy/examples/gssproxy.conf.in b/proxy/examples/gssproxy.conf.in +index b30d39a..0f8339e 100644 +--- a/proxy/examples/gssproxy.conf.in ++++ b/proxy/examples/gssproxy.conf.in +@@ -1,12 +1,17 @@ + [gssproxy] + +-[service/nfs] ++[service/nfs-server] + mechs = krb5 + socket = /run/gssproxy.sock + cred_store = keytab:/etc/krb5.keytab +- cred_store = ccache:FILE:@gpstatedir@/clients/krb5cc_%U +- cred_store = client_keytab:@gpstatedir@/clients/%U.keytab + trusted = yes + kernel_nfsd = yes + euid = 0 + ++[service/nfs-client] ++ mechs = krb5 ++ cred_store = keytab:/etc/krb5.keytab ++ cred_store = ccache:FILE:@gpstatedir@/clients/krb5cc_%U ++ cred_store = client_keytab:@gpstatedir@/clients/%U.keytab ++ trusted = yes ++ euid = 0 +-- +1.8.3.1 + diff --git a/gssproxy.spec b/gssproxy.spec index 03977be..4c5e870 100644 --- a/gssproxy.spec +++ b/gssproxy.spec @@ -1,6 +1,6 @@ Name: gssproxy Version: 0.2.3 -Release: 5%{?dist} +Release: 6%{?dist} Summary: GSSAPI Proxy Group: System Environment/Libraries @@ -8,6 +8,7 @@ License: MIT URL: http://fedorahosted.org/gss-proxy Source0: http://fedorahosted.org/released/gss-proxy/%{name}-%{version}.tar.gz BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) +Patch0: gssproxy-conf.patch %global servicename gssproxy %global pubconfpath %{_sysconfdir}/gssproxy @@ -52,6 +53,8 @@ A proxy for GSSAPI credential handling %prep %setup -q +%patch0 -p2 -b .gssproxy_conf + %build autoreconf -f -i %configure \ @@ -103,6 +106,9 @@ rm -rf %{buildroot} %systemd_postun_with_restart gssproxy.service %changelog +* Wed Jul 24 2013 Guenther Deschner 0.2.3-6 +- Add better default gssproxy.conf file for nfs client and server usage + * Thu Jun 06 2013 Guenther Deschner 0.2.3-5 - New upstream release