[gssproxy/f19] Add better default gssproxy.conf file for nfs client and server usage.

Wed Jul 24 14:58:49 UTC 2013

commit 485193493379d6b6d5bac6f91163b2eddd7ddec0
Author: Günther Deschner <gdeschner at redhat.com>
Date:   Wed Jul 24 16:56:26 2013 +0200

    Add better default gssproxy.conf file for nfs client and server usage.

 gssproxy-conf.patch |   51 +++++++++++++++++++++++++++++++++++++++++++++++++++
 gssproxy.spec       |    8 +++++++-
 2 files changed, 58 insertions(+), 1 deletions(-)
---

diff --git a/gssproxy-conf.patch b/gssproxy-conf.patch
new file mode 100644
index 0000000..f97d40c
--- /dev/null
+++ b/gssproxy-conf.patch
@@ -0,0 +1,51 @@
+From 7201cabaf0c59b2f50c1a86a47465daaafff6cb4 Mon Sep 17 00:00:00 2001
+From: Simo Sorce <simo at redhat.com>
+Date: Wed, 19 Jun 2013 11:41:29 -0400
+Subject: [PATCH] Split nfs server and client services
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The NFS server uses a special socket for the kernel communication.
+Split configuration in 2 distinct services so we can use specific options that
+may be different between server and client.
+
+The 3 main differences so far are:
+1. socket: default for client, custom for server
+2. kernel_nfd option only for server
+3. ccache and client keytab options only for client
+
+Signed-off-by: Simo Sorce <simo at redhat.com>
+Reviewed-by: Günther Deschner <gdeschner at redhat.com>
+---
+ proxy/examples/gssproxy.conf.in | 11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/proxy/examples/gssproxy.conf.in b/proxy/examples/gssproxy.conf.in
+index b30d39a..0f8339e 100644
+--- a/proxy/examples/gssproxy.conf.in
++++ b/proxy/examples/gssproxy.conf.in
+@@ -1,12 +1,17 @@
+ [gssproxy]
+ 
+-[service/nfs]
++[service/nfs-server]
+   mechs = krb5
+   socket = /run/gssproxy.sock
+   cred_store = keytab:/etc/krb5.keytab
+-  cred_store = ccache:FILE:@gpstatedir@/clients/krb5cc_%U
+-  cred_store = client_keytab:@gpstatedir@/clients/%U.keytab
+   trusted = yes
+   kernel_nfsd = yes
+   euid = 0
+ 
++[service/nfs-client]
++  mechs = krb5
++  cred_store = keytab:/etc/krb5.keytab
++  cred_store = ccache:FILE:@gpstatedir@/clients/krb5cc_%U
++  cred_store = client_keytab:@gpstatedir@/clients/%U.keytab
++  trusted = yes
++  euid = 0
+-- 
+1.8.3.1
+
diff --git a/gssproxy.spec b/gssproxy.spec
index 03977be..4c5e870 100644
--- a/gssproxy.spec
+++ b/gssproxy.spec
@@ -1,6 +1,6 @@
 Name:		gssproxy
 Version:	0.2.3
-Release:	5%{?dist}
+Release:	6%{?dist}
 Summary:	GSSAPI Proxy
 
 Group:		System Environment/Libraries
@@ -8,6 +8,7 @@ License:	MIT
 URL:		http://fedorahosted.org/gss-proxy
 Source0:	http://fedorahosted.org/released/gss-proxy/%{name}-%{version}.tar.gz
 BuildRoot:	%(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
+Patch0:		gssproxy-conf.patch
 
 %global servicename gssproxy
 %global pubconfpath %{_sysconfdir}/gssproxy
@@ -52,6 +53,8 @@ A proxy for GSSAPI credential handling
 %prep
 %setup -q
 
+%patch0 -p2 -b .gssproxy_conf
+
 %build
 autoreconf -f -i
 %configure \
@@ -103,6 +106,9 @@ rm -rf %{buildroot}
 %systemd_postun_with_restart gssproxy.service
 
 %changelog
+* Wed Jul 24 2013 Guenther Deschner <gdeschner at redhat.com> 0.2.3-6
+- Add better default gssproxy.conf file for nfs client and server usage
+
 * Thu Jun 06 2013 Guenther Deschner <gdeschner at redhat.com> 0.2.3-5
 - New upstream release
 
