summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--systemd/README17
-rw-r--r--systemd/nfs-secure.target8
-rw-r--r--systemd/rpc-gssd.service3
-rw-r--r--systemd/rpc-svcgssd.service6
4 files changed, 17 insertions, 17 deletions
diff --git a/systemd/README b/systemd/README
index 34f1382..8359530 100644
--- a/systemd/README
+++ b/systemd/README
@@ -24,11 +24,6 @@ by a suitable 'preset' setting:
is started by /usr/sbin/start-statd which mount.nfs will run
if statd is needed.
- nfs-secure.target
- If enabled, then rpc.gssd will be run when either -client or
- -server is started, and rpc.svcgssd will be run when -server
- is started
-
nfs-blkmap.target
If enabled, then blkmapd will be run when nfs-client.target is
started.
@@ -63,3 +58,15 @@ This should write /run/sysconfig/nfs-utils based on configuration
information such as in /etc/sysconfig/nfs or /etc/defaults/nfs.
It should write to a tmp file and rename to the target to
avoid parallel units seeing incomplete copies of the file.
+
+rpc.gssd and rpc.svcgssd are assumed to be needed if /etc/krb5.keytab
+is present.
+If a site needs this file present but does not want the gss daemons
+running, it should create
+ /etc/systemd/system/rpc-gssd.service.d/01-disable.conf
+and
+ /etc/systemd/system/rpc-svcgssd.service.d/01-disable.conf
+
+containing
+ [Unit]
+ ConditionNull=false
diff --git a/systemd/nfs-secure.target b/systemd/nfs-secure.target
deleted file mode 100644
index 0127fdb..0000000
--- a/systemd/nfs-secure.target
+++ /dev/null
@@ -1,8 +0,0 @@
-[Unit]
-Description=Secure NFS client/server services
-# If this target is enabled, then rpc.gssd and rpc.svcgssd will be started
-# as required. If it is not enabled they won't.
-
-[Install]
-WantedBy=remote-fs.target
-WantedBy=multi-user.target \ No newline at end of file
diff --git a/systemd/rpc-gssd.service b/systemd/rpc-gssd.service
index 2285982..3757928 100644
--- a/systemd/rpc-gssd.service
+++ b/systemd/rpc-gssd.service
@@ -5,8 +5,7 @@ Conflicts=umount.target
Requires=var-lib-nfs-rpc_pipefs.mount
After=var-lib-nfs-rpc_pipefs.mount
-Requisite=nfs-secure.target
-After=nfs-secure.target
+ConditionPathExists=/etc/krb5.keytab
PartOf=nfs-utils.service
diff --git a/systemd/rpc-svcgssd.service b/systemd/rpc-svcgssd.service
index fa169e7..6bd4588 100644
--- a/systemd/rpc-svcgssd.service
+++ b/systemd/rpc-svcgssd.service
@@ -5,8 +5,10 @@ After=var-lib-nfs-rpc_pipefs.mount
PartOf=nfs-server.service
PartOf=nfs-utils.service
-Requisite=nfs-secure.target
-After=nfs-secure.target
+After=gssproxy.service
+ConditionPathExists=|!@localstatedir@/run/gssproxy.pid
+ConditionPathExists=|!/proc/net/rpc/use-gss-proxy
+ConditionPathExists=/etc/krb5.keytab
[Service]
EnvironmentFile=-/run/sysconfig/nfs-utils