Hi List,
Sorry for the bit OT question. How do I enable gssproxy on F20? When I enable USE_GSSPROXY in /etc/sysconfig/nfs and systemctl start nfs-secure, rpc.gssd is started instead :( Same story in CentOS 7
Thanks, Ondrej
----- Original Message -----
From: "Ondrej Valousek" ovalousek@vendavo.com To: sssd-users@lists.fedorahosted.org Sent: Wednesday, July 23, 2014 8:01:09 AM Subject: [SSSD-users] rpc.gssd vs gssproxy
Hi List,
Sorry for the bit OT question. How do I enable gssproxy on F20?
systemctl enable gssproxy.service
When I enable USE_GSSPROXY in /etc/sysconfig/nfs and systemctl start nfs-secure, rpc.gssd is started instead :( Same story in CentOS 7
rpc.gssd is the *client* component of NFS, abd is used in conjunction with gssproxy (you still need to change /etc/gss/mech for it to work in F20, in the future that will not be necessary anymore).
Only rpc.svcgssd, which is the server component is completely replaced by gssproxy (but you need to reboot if you want to do tests and switch between the 2).
Little schematic of the 2 sides of the coin:
NFS client app <-> nfs <-> rpc.gssd <-> gssproxy <-> KDC
NFS Server kernel(nfs server) <-> gssproxy (OR rpc.svcgssd) <-> keytab
Simo.
Ok, thanks for clarification
rpc.gssd is the *client* component of NFS, abd is used in conjunction with gssproxy (you still need to change /etc/gss/mech for it to work in F20, in the future that will not be necessary anymore).
Yes, the client is important for me now - I thought gssproxy is able to replace gssd, too. Could you clarify what needs to be done to /etc/gss/mech? Is it documented somewhere?
Can we also use gssproxy with apache/tomcat/netveawer now, too? Please point me to some documentation, thanks.
Ondrej
On (23/07/14 19:03), Ondrej Valousek wrote:
Ok, thanks for clarification
rpc.gssd is the *client* component of NFS, abd is used in conjunction with gssproxy (you still need to change /etc/gss/mech for it to work in F20, in the future that will not be necessary anymore).
Yes, the client is important for me now - I thought gssproxy is able to replace gssd, too. Could you clarify what needs to be done to /etc/gss/mech? Is it documented somewhere?
https://fedorahosted.org/gss-proxy/ticket/116
Can we also use gssproxy with apache/tomcat/netveawer now, too?
https://fedorahosted.org/gss-proxy/wiki/Apache
LS
sssd-users@lists.fedorahosted.org