Package: nfs-utils Version: 1.2.5-2 According to J. Bruce Fields on the linux-nfs mailing list [0], NFSv4 clients using any sec=krb5 variant will need to run rpc.svcgssd to receive delegations. On debian, this appears to mean that the clients will need to install nfs-kernel-server, even if they do not intend to act as a server. Should rpc.svcgssd get moved out to the nfs-common package (or, if the fragmentation isn't too much, to its own package)? It doesn't seem like encouraging clients to run nfsd when they have no intention of serving files is a good idea. Another alternative is to consider encouraging NFSv4.1 instead of NFSv4 (apparently the delegations in 4.1 happen over the client-initiated channels instead of establishing new connections back), but this was only been enabled in debian kernels since 3.1. If moving the daemon implementation between packages isn't the right idea, it would at least be good to document what's going on here and what the recommended configuration is for decently-performing cryptographically-secured NFS. I see no mention of the multi-daemon requirement for clients in /usr/share/doc/nfs-common/README.Debian.nfsv4, for example. If i wasn't stumbling my way through this setup myself, i'd offer to write improved documentation, but i'm not in deep enough to know best-practices or advise others at the moment. Thanks for maintaining nfs-utils in debian, --dkg [0] http://thread.gmane.org/gmane.linux.nfs/45498/focus=45502
Attachment:
pgptd8LJIcJNP.pgp
Description: PGP signature