diff options
| -rw-r--r-- | systemd/README | 17 | ||||
| -rw-r--r-- | systemd/nfs-secure.target | 8 | ||||
| -rw-r--r-- | systemd/rpc-gssd.service | 3 | ||||
| -rw-r--r-- | systemd/rpc-svcgssd.service | 6 |
4 files changed, 17 insertions, 17 deletions
diff --git a/systemd/README b/systemd/README index 34f1382..8359530 100644 --- a/systemd/README +++ b/systemd/README @@ -24,11 +24,6 @@ by a suitable 'preset' setting: is started by /usr/sbin/start-statd which mount.nfs will run if statd is needed. - nfs-secure.target - If enabled, then rpc.gssd will be run when either -client or - -server is started, and rpc.svcgssd will be run when -server - is started - nfs-blkmap.target If enabled, then blkmapd will be run when nfs-client.target is started. @@ -63,3 +58,15 @@ This should write /run/sysconfig/nfs-utils based on configuration information such as in /etc/sysconfig/nfs or /etc/defaults/nfs. It should write to a tmp file and rename to the target to avoid parallel units seeing incomplete copies of the file. + +rpc.gssd and rpc.svcgssd are assumed to be needed if /etc/krb5.keytab +is present. +If a site needs this file present but does not want the gss daemons +running, it should create + /etc/systemd/system/rpc-gssd.service.d/01-disable.conf +and + /etc/systemd/system/rpc-svcgssd.service.d/01-disable.conf + +containing + [Unit] + ConditionNull=false diff --git a/systemd/nfs-secure.target b/systemd/nfs-secure.target deleted file mode 100644 index 0127fdb..0000000 --- a/systemd/nfs-secure.target +++ /dev/null @@ -1,8 +0,0 @@ -[Unit] -Description=Secure NFS client/server services -# If this target is enabled, then rpc.gssd and rpc.svcgssd will be started -# as required. If it is not enabled they won't. - -[Install] -WantedBy=remote-fs.target -WantedBy=multi-user.target
\ No newline at end of file diff --git a/systemd/rpc-gssd.service b/systemd/rpc-gssd.service index 2285982..3757928 100644 --- a/systemd/rpc-gssd.service +++ b/systemd/rpc-gssd.service @@ -5,8 +5,7 @@ Conflicts=umount.target Requires=var-lib-nfs-rpc_pipefs.mount After=var-lib-nfs-rpc_pipefs.mount -Requisite=nfs-secure.target -After=nfs-secure.target +ConditionPathExists=/etc/krb5.keytab PartOf=nfs-utils.service diff --git a/systemd/rpc-svcgssd.service b/systemd/rpc-svcgssd.service index fa169e7..6bd4588 100644 --- a/systemd/rpc-svcgssd.service +++ b/systemd/rpc-svcgssd.service @@ -5,8 +5,10 @@ After=var-lib-nfs-rpc_pipefs.mount PartOf=nfs-server.service PartOf=nfs-utils.service -Requisite=nfs-secure.target -After=nfs-secure.target +After=gssproxy.service +ConditionPathExists=|!@localstatedir@/run/gssproxy.pid +ConditionPathExists=|!/proc/net/rpc/use-gss-proxy +ConditionPathExists=/etc/krb5.keytab [Service] EnvironmentFile=-/run/sysconfig/nfs-utils |