Add better default gssproxy.conf file for nfs client and server usage.
This commit is contained in:
		
							parent
							
								
									6e0dc460ae
								
							
						
					
					
						commit
						1152eff8c6
					
				
							
								
								
									
										51
									
								
								gssproxy-conf.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										51
									
								
								gssproxy-conf.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,51 @@ | |||||||
|  | From 7201cabaf0c59b2f50c1a86a47465daaafff6cb4 Mon Sep 17 00:00:00 2001 | ||||||
|  | From: Simo Sorce <simo@redhat.com> | ||||||
|  | Date: Wed, 19 Jun 2013 11:41:29 -0400 | ||||||
|  | Subject: [PATCH] Split nfs server and client services | ||||||
|  | MIME-Version: 1.0 | ||||||
|  | Content-Type: text/plain; charset=UTF-8 | ||||||
|  | Content-Transfer-Encoding: 8bit | ||||||
|  | 
 | ||||||
|  | The NFS server uses a special socket for the kernel communication. | ||||||
|  | Split configuration in 2 distinct services so we can use specific options that | ||||||
|  | may be different between server and client. | ||||||
|  | 
 | ||||||
|  | The 3 main differences so far are: | ||||||
|  | 1. socket: default for client, custom for server | ||||||
|  | 2. kernel_nfd option only for server | ||||||
|  | 3. ccache and client keytab options only for client | ||||||
|  | 
 | ||||||
|  | Signed-off-by: Simo Sorce <simo@redhat.com> | ||||||
|  | Reviewed-by: Günther Deschner <gdeschner@redhat.com> | ||||||
|  | ---
 | ||||||
|  |  proxy/examples/gssproxy.conf.in | 11 ++++++++--- | ||||||
|  |  1 file changed, 8 insertions(+), 3 deletions(-) | ||||||
|  | 
 | ||||||
|  | diff --git a/proxy/examples/gssproxy.conf.in b/proxy/examples/gssproxy.conf.in
 | ||||||
|  | index b30d39a..0f8339e 100644
 | ||||||
|  | --- a/proxy/examples/gssproxy.conf.in
 | ||||||
|  | +++ b/proxy/examples/gssproxy.conf.in
 | ||||||
|  | @@ -1,12 +1,17 @@
 | ||||||
|  |  [gssproxy] | ||||||
|  |   | ||||||
|  | -[service/nfs]
 | ||||||
|  | +[service/nfs-server]
 | ||||||
|  |    mechs = krb5 | ||||||
|  |    socket = /run/gssproxy.sock | ||||||
|  |    cred_store = keytab:/etc/krb5.keytab | ||||||
|  | -  cred_store = ccache:FILE:@gpstatedir@/clients/krb5cc_%U
 | ||||||
|  | -  cred_store = client_keytab:@gpstatedir@/clients/%U.keytab
 | ||||||
|  |    trusted = yes | ||||||
|  |    kernel_nfsd = yes | ||||||
|  |    euid = 0 | ||||||
|  |   | ||||||
|  | +[service/nfs-client]
 | ||||||
|  | +  mechs = krb5
 | ||||||
|  | +  cred_store = keytab:/etc/krb5.keytab
 | ||||||
|  | +  cred_store = ccache:FILE:@gpstatedir@/clients/krb5cc_%U
 | ||||||
|  | +  cred_store = client_keytab:@gpstatedir@/clients/%U.keytab
 | ||||||
|  | +  trusted = yes
 | ||||||
|  | +  euid = 0
 | ||||||
|  | -- 
 | ||||||
|  | 1.8.3.1 | ||||||
|  | 
 | ||||||
| @ -1,6 +1,6 @@ | |||||||
| Name:		gssproxy | Name:		gssproxy | ||||||
| Version:	0.2.3 | Version:	0.2.3 | ||||||
| Release:	5%{?dist} | Release:	6%{?dist} | ||||||
| Summary:	GSSAPI Proxy | Summary:	GSSAPI Proxy | ||||||
| 
 | 
 | ||||||
| Group:		System Environment/Libraries | Group:		System Environment/Libraries | ||||||
| @ -8,6 +8,7 @@ License:	MIT | |||||||
| URL:		http://fedorahosted.org/gss-proxy | URL:		http://fedorahosted.org/gss-proxy | ||||||
| Source0:	http://fedorahosted.org/released/gss-proxy/%{name}-%{version}.tar.gz | Source0:	http://fedorahosted.org/released/gss-proxy/%{name}-%{version}.tar.gz | ||||||
| BuildRoot:	%(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) | BuildRoot:	%(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) | ||||||
|  | Patch0:		gssproxy-conf.patch | ||||||
| 
 | 
 | ||||||
| %global servicename gssproxy | %global servicename gssproxy | ||||||
| %global pubconfpath %{_sysconfdir}/gssproxy | %global pubconfpath %{_sysconfdir}/gssproxy | ||||||
| @ -52,6 +53,8 @@ A proxy for GSSAPI credential handling | |||||||
| %prep | %prep | ||||||
| %setup -q | %setup -q | ||||||
| 
 | 
 | ||||||
|  | %patch0 -p2 -b .gssproxy_conf | ||||||
|  | 
 | ||||||
| %build | %build | ||||||
| autoreconf -f -i | autoreconf -f -i | ||||||
| %configure \ | %configure \ | ||||||
| @ -103,6 +106,9 @@ rm -rf %{buildroot} | |||||||
| %systemd_postun_with_restart gssproxy.service | %systemd_postun_with_restart gssproxy.service | ||||||
| 
 | 
 | ||||||
| %changelog | %changelog | ||||||
|  | * Wed Jul 24 2013 Guenther Deschner <gdeschner@redhat.com> 0.2.3-6 | ||||||
|  | - Add better default gssproxy.conf file for nfs client and server usage | ||||||
|  | 
 | ||||||
| * Thu Jun 06 2013 Guenther Deschner <gdeschner@redhat.com> 0.2.3-5 | * Thu Jun 06 2013 Guenther Deschner <gdeschner@redhat.com> 0.2.3-5 | ||||||
| - New upstream release | - New upstream release | ||||||
| 
 | 
 | ||||||
|  | |||||||
		Loading…
	
		Reference in New Issue
	
	Block a user