rpms/gssproxy
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Add better default gssproxy.conf file for nfs client and server usage.

Browse Source
This commit is contained in:
Günther Deschner 2013-07-24 16:56:26 +02:00
parent 6e0dc460ae
commit 1152eff8c6
2 changed files with 58 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
gssproxy-conf.patch Normal file
View File

@ -0,0 +1,51 @@
From 7201cabaf0c59b2f50c1a86a47465daaafff6cb4 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Wed, 19 Jun 2013 11:41:29 -0400
Subject: [PATCH] Split nfs server and client services
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The NFS server uses a special socket for the kernel communication.
Split configuration in 2 distinct services so we can use specific options that
may be different between server and client.
The 3 main differences so far are:
1. socket: default for client, custom for server
2. kernel_nfd option only for server
3. ccache and client keytab options only for client
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Günther Deschner <gdeschner@redhat.com>
---
proxy/examples/gssproxy.conf.in | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/proxy/examples/gssproxy.conf.in b/proxy/examples/gssproxy.conf.in
index b30d39a..0f8339e 100644
--- a/proxy/examples/gssproxy.conf.in
+++ b/proxy/examples/gssproxy.conf.in
@@ -1,12 +1,17 @@
[gssproxy]
-[service/nfs]
+[service/nfs-server]
mechs = krb5
socket = /run/gssproxy.sock
cred_store = keytab:/etc/krb5.keytab
- cred_store = ccache:FILE:@gpstatedir@/clients/krb5cc_%U
- cred_store = client_keytab:@gpstatedir@/clients/%U.keytab
trusted = yes
kernel_nfsd = yes
euid = 0
+[service/nfs-client]
+ mechs = krb5
+ cred_store = keytab:/etc/krb5.keytab
+ cred_store = ccache:FILE:@gpstatedir@/clients/krb5cc_%U
+ cred_store = client_keytab:@gpstatedir@/clients/%U.keytab
+ trusted = yes
+ euid = 0
--
1.8.3.1

8
gssproxy.spec
View File

@ -1,6 +1,6 @@
Name: gssproxy Name: gssproxy
Version: 0.2.3 Version: 0.2.3
Release: 5%{?dist} Release: 6%{?dist}
Summary: GSSAPI Proxy Summary: GSSAPI Proxy
Group: System Environment/Libraries Group: System Environment/Libraries
@ -8,6 +8,7 @@ License: MIT
URL: http://fedorahosted.org/gss-proxy URL: http://fedorahosted.org/gss-proxy
Source0: http://fedorahosted.org/released/gss-proxy/%{name}-%{version}.tar.gz Source0: http://fedorahosted.org/released/gss-proxy/%{name}-%{version}.tar.gz
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
Patch0: gssproxy-conf.patch
%global servicename gssproxy %global servicename gssproxy
%global pubconfpath %{_sysconfdir}/gssproxy %global pubconfpath %{_sysconfdir}/gssproxy
@ -52,6 +53,8 @@ A proxy for GSSAPI credential handling
%prep %prep
%setup -q %setup -q
%patch0 -p2 -b .gssproxy_conf
%build %build
autoreconf -f -i autoreconf -f -i
%configure \ %configure \
@ -103,6 +106,9 @@ rm -rf %{buildroot}
%systemd_postun_with_restart gssproxy.service %systemd_postun_with_restart gssproxy.service
%changelog %changelog
* Wed Jul 24 2013 Guenther Deschner <gdeschner@redhat.com> 0.2.3-6
- Add better default gssproxy.conf file for nfs client and server usage
* Thu Jun 06 2013 Guenther Deschner <gdeschner@redhat.com> 0.2.3-5 * Thu Jun 06 2013 Guenther Deschner <gdeschner@redhat.com> 0.2.3-5
- New upstream release - New upstream release