diff options
| -rw-r--r-- | proxy/Makefile.am | 17 | ||||
| -rw-r--r-- | proxy/contrib/gssproxy.spec.in | 6 | ||||
| -rw-r--r-- | proxy/examples/24-nfs-server.conf.in | 7 | ||||
| -rw-r--r-- | proxy/examples/80-httpd.conf.in | 5 | ||||
| -rw-r--r-- | proxy/examples/99-nfs-client.conf.in | 9 | ||||
| -rw-r--r-- | proxy/examples/gssproxy.conf.in | 18 |
6 files changed, 41 insertions, 21 deletions
diff --git a/proxy/Makefile.am b/proxy/Makefile.am index 013098b..4efa053 100644 --- a/proxy/Makefile.am +++ b/proxy/Makefile.am @@ -226,7 +226,12 @@ if HAVE_SYSTEMD_UNIT systemd/gssproxy.service endif -noinst_DATA = examples/gssproxy.conf examples/mech +noinst_DATA = \ + examples/gssproxy.conf \ + examples/24-nfs-server.conf \ + examples/80-httpd.conf \ + examples/99-nfs-client.conf \ + examples/mech edit_cmd = $(SED) \ -e 's|@sbindir[@]|$(sbindir)|g' \ @@ -244,13 +249,16 @@ replace_script = \ EXTRA_DIST = \ systemd/gssproxy.service.in \ examples/gssproxy.conf.in \ + examples/24-nfs-server.conf.in \ + examples/80-httpd.conf.in \ + examples/99-nfs-client.conf.in \ examples/mech.in systemd/gssproxy.service: systemd/gssproxy.service.in Makefile @$(MKDIR_P) systemd/ $(replace_script) -examples/gssproxy.conf: examples/gssproxy.conf.in Makefile +examples/%.conf: examples/%.conf.in Makefile @$(MKDIR_P) examples/ $(replace_script) @@ -293,7 +301,10 @@ clean-local: CLEANFILES = *.X */*.X */*/*.X \ examples/mech \ - examples/gssproxy.conf + examples/gssproxy.conf \ + examples/24-nfs-server.conf \ + examples/80-httpd.conf \ + examples/99-nfs-client.conf.in tests: all $(check_PROGRAMS) $(srcdir)/tests/runtests.py diff --git a/proxy/contrib/gssproxy.spec.in b/proxy/contrib/gssproxy.spec.in index 9ec1298..25ceccf 100644 --- a/proxy/contrib/gssproxy.spec.in +++ b/proxy/contrib/gssproxy.spec.in @@ -72,6 +72,9 @@ make install DESTDIR=%{buildroot} rm -f %{buildroot}%{_libdir}/gssproxy/proxymech.la install -d -m755 %{buildroot}%{_sysconfdir}/gssproxy install -m644 examples/gssproxy.conf %{buildroot}%{_sysconfdir}/gssproxy/gssproxy.conf +install -m644 examples/24-nfs-server.conf %{buildroot}%{_sysconfdir}/gssproxy/24-nfs-server.conf +install -m644 examples/80-httpd.conf %{buildroot}%{_sysconfdir}/gssproxy/80-httpd.conf +install -m644 examples/99-nfs-client.conf %{buildroot}%{_sysconfdir}/gssproxy/99-nfs-client.conf mkdir -p %{buildroot}%{_sysconfdir}/gss/mech.d install -m644 examples/mech %{buildroot}%{_sysconfdir}/gss/mech.d/gssproxy.conf mkdir -p %{buildroot}/var/lib/gssproxy/rcache @@ -88,6 +91,9 @@ rm -rf %{buildroot} %attr(755,root,root) %dir %{gpstatedir} %attr(700,root,root) %dir %{gpstatedir}/clients %attr(0600,root,root) %config(noreplace) /%{_sysconfdir}/gssproxy/gssproxy.conf +%attr(0600,root,root) %config(noreplace) /%{_sysconfdir}/gssproxy/24-nfs-server.conf +%attr(0600,root,root) %config(noreplace) /%{_sysconfdir}/gssproxy/80-httpd.conf +%attr(0600,root,root) %config(noreplace) /%{_sysconfdir}/gssproxy/99-nfs-client.conf %attr(0644,root,root) %config(noreplace) /%{_sysconfdir}/gss/mech.d/gssproxy.conf %attr(700,root,root) %dir /var/lib/gssproxy/rcache %{_libdir}/gssproxy/proxymech.so diff --git a/proxy/examples/24-nfs-server.conf.in b/proxy/examples/24-nfs-server.conf.in new file mode 100644 index 0000000..5011e92 --- /dev/null +++ b/proxy/examples/24-nfs-server.conf.in @@ -0,0 +1,7 @@ +[service/nfs-server] + mechs = krb5 + socket = /run/gssproxy.sock + cred_store = keytab:/etc/krb5.keytab + trusted = yes + kernel_nfsd = yes + euid = 0 diff --git a/proxy/examples/80-httpd.conf.in b/proxy/examples/80-httpd.conf.in new file mode 100644 index 0000000..1dbf9ef --- /dev/null +++ b/proxy/examples/80-httpd.conf.in @@ -0,0 +1,5 @@ +[service/HTTP] + mechs = krb5 + cred_store = keytab:/etc/gssproxy/http.keytab + cred_store = ccache:/var/lib/gssproxy/clients/krb5cc_%U + euid = apache diff --git a/proxy/examples/99-nfs-client.conf.in b/proxy/examples/99-nfs-client.conf.in new file mode 100644 index 0000000..c0985d9 --- /dev/null +++ b/proxy/examples/99-nfs-client.conf.in @@ -0,0 +1,9 @@ +[service/nfs-client] + mechs = krb5 + cred_store = keytab:/etc/krb5.keytab + cred_store = ccache:FILE:@gpclidir@/krb5cc_%U + cred_store = client_keytab:@gpclidir@/%U.keytab + cred_usage = initiate + allow_any_uid = yes + trusted = yes + euid = 0 diff --git a/proxy/examples/gssproxy.conf.in b/proxy/examples/gssproxy.conf.in index 321a4e7..7f1eddd 100644 --- a/proxy/examples/gssproxy.conf.in +++ b/proxy/examples/gssproxy.conf.in @@ -1,19 +1 @@ [gssproxy] - -[service/nfs-server] - mechs = krb5 - socket = /run/gssproxy.sock - cred_store = keytab:/etc/krb5.keytab - trusted = yes - kernel_nfsd = yes - euid = 0 - -[service/nfs-client] - mechs = krb5 - cred_store = keytab:/etc/krb5.keytab - cred_store = ccache:FILE:@gpclidir@/krb5cc_%U - cred_store = client_keytab:@gpclidir@/%U.keytab - cred_usage = initiate - allow_any_uid = yes - trusted = yes - euid = 0 |