Dear all, both RPCSVCGSSDOPTS and RPCGSSDOPTS from /etc/default/nfs-common are not correctly propagated into /run/sysconfig/nfs-utils by /usr/lib/systemd/scripts/nfs-utils_env.sh.
I have attached a patch for nfs-utils_env.sh. Note that RPCSVCGSSDOPTS must be propagated to SVCGSSDARGS and not to RPCSVCGSSDARGS. Simply look into /lib/systemd/system/rpc-svcgssd.service where SVCGSSDARGS is used as argument for rpc.svcgssd. Moreover, this still dos not allow one to override the keytab setting as /etc/krb5.keytab is hardcoded in multiple ConditionPathExists conditions in the systemd service files. Hence, a symlink for /etc/krb5.keytab must be used. With kind regards, Joachim Falk
--- nfs-utils_env.sh.orig 2016-12-23 22:43:59.816660950 +0100
+++ nfs-utils_env.sh 2016-12-23 23:27:20.266394604 +0100
@@ -12,12 +12,12 @@
echo RPCNFSDARGS=\"$RPCNFSDOPTS ${RPCNFSDCOUNT:-8}\"
echo RPCMOUNTDARGS=\"$RPCMOUNTDOPTS\"
echo STATDARGS=\"$STATDOPTS\"
-echo RPCSVCGSSDARGS=\"$RPCSVCGSSDOPTS\"
+echo SVCGSSDARGS=\"$RPCSVCGSSDOPTS\"
+echo SMNOTIFYARGS=\"$SMNOTIFYARGS\"
+echo RPCIDMAPDARGS=\"$RPCIDMAPDARGS\"
+echo GSSDARGS=\"$RPCGSSDOPTS\"
} > /run/sysconfig/nfs-utils
# the following are supported by the systemd units, but not exposed in default files
-# echo SMNOTIFYARGS=\"$SMNOTIFYARGS\"
-# echo RPCIDMAPDARGS=\"$RPCIDMAPDARGS\"
-# echo RPCGSSDARGS=\"$RPCGSSDARGS\"
# echo BLKMAPDARGS=\"$BLKMAPDARGS\"
# echo GSS_USE_PROXY=\"$GSS_USE_PROXY\"
# To apply settings to systemd service units execute the following commands: # systemctl restart nfs-config (this will update /run/sysconfig/nfs-utils) # systemctl restart nfs-utils (this will apply /run/sysconfig/nfs-utils) # The following two settings are only respected by the systemd nfs services units. # See the !!!PATCHED!!! /usr/lib/systemd/scripts/nfs-utils_env.sh and the associated services # /lib/systemd/system/nfs-config.service # /lib/systemd/system/nfs-idmapd.service # /lib/systemd/system/nfs-utils.service # /lib/systemd/system/rpc-gssd.service # /lib/systemd/system/rpc-svcgssd.service # /lib/systemd/system/rpc-statd.service # /lib/systemd/system/rpc-statd-notify.service # /lib/systemd/system/auth-rpcgss-module.service SMNOTIFYARGS="" RPCIDMAPDARGS="" # If you do not set values for the NEED_ options, they will be attempted # autodetected; this should be sufficient for most people. Valid alternatives # for the NEED_ options are "yes" and "no". # Do you want to start the statd daemon? It is not needed for NFSv4. NEED_STATD= # Options for rpc.statd. # Should rpc.statd listen on a specific port? This is especially useful # when you have a port-based firewall. To use a fixed port, set this # this variable to a statd argument like: "--port 4000 --outgoing-port 4001". # For more information, see rpc.statd(8) or http://wiki.debian.org/SecuringNFS STATDOPTS= # Do you want to start the idmapd daemon? It is only needed for NFSv4. NEED_IDMAPD=yes # Do you want to start the gssd daemon? It is required for Kerberos mounts. NEED_GSSD=yes RPCGSSDOPTS="-k /etc/krb5/krb5.keytab" #RPCGSSDOPTS="-vvv -rrr -k /etc/krb5/krb5.keytab" # comment in for debugging
signature.asc
Description: OpenPGP digital signature
