FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian Kernel

 
 
LinkBack Thread Tools
 
Old 12-09-2011, 09:45 PM
Daniel Kahn Gillmor
 
Default Bug#651558: nfs-utils: NFSv4 sec=krb5 clients must install nfs-kernel-server to use rpc.svcgssd to receive delegations

Package: nfs-utils
Version: 1.2.5-2

According to J. Bruce Fields on the linux-nfs mailing list [0], NFSv4
clients using any sec=krb5 variant will need to run rpc.svcgssd to
receive delegations. On debian, this appears to mean that the clients
will need to install nfs-kernel-server, even if they do not intend to
act as a server.

Should rpc.svcgssd get moved out to the nfs-common package (or, if the
fragmentation isn't too much, to its own package)? It doesn't seem like
encouraging clients to run nfsd when they have no intention of serving
files is a good idea.

Another alternative is to consider encouraging NFSv4.1 instead of
NFSv4 (apparently the delegations in 4.1 happen over the
client-initiated channels instead of establishing new connections back),
but this was only been enabled in debian kernels since
3.1.

If moving the daemon implementation between packages isn't the right
idea, it would at least be good to document what's going on here and
what the recommended configuration is for decently-performing
cryptographically-secured NFS. I see no mention of the multi-daemon
requirement for clients in
/usr/share/doc/nfs-common/README.Debian.nfsv4, for example.

If i wasn't stumbling my way through this setup myself, i'd offer to
write improved documentation, but i'm not in deep enough to know
best-practices or advise others at the moment.

Thanks for maintaining nfs-utils in debian,

--dkg

[0] http://thread.gmane.org/gmane.linux.nfs/45498/focus=45502
 

Thread Tools




All times are GMT. The time now is 01:21 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org