[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#846950: It is not only RPCSVCGSSDOPTS but also RPCGSSDOPTS that is not correctly propagated



Hi Joachim,

Thank you! As you pointed out, a similar issue exists with rpc.svcgssd but that daemon honors the default keytab location specified in /etc/krb5.conf. The systemd service file simply tests for the wrong condition. Since our issues are related but different, I am cloning the bug. A patch for my issue is attached.

As a side note, anyone using a custom keytab on the server must pass arguments to rpc.svsgssd, yet the daemon runs as root and any separation of privileges, for example by providing /etc/keytabs/nfs.keytab, may not provide additional security benefits.

Your patch is also very much needed. For consistency, I would probably go with RPCSVCGSSDARGS in /lib/systemd/system/rpc-svcgssd.service and provide a default entry for RPCSVCGSSDOPTS in /etc/default/nfs-kernel-server. Thank you!

Best regards,
Felix

Attachment: rpc-svcgssd.service.patch.gz
Description: GNU Zip compressed data


Reply to: