Tobias Rupf <tobias.r...@gmx.de> writes: > I'm using gssproxy at my client for automatically getting a kerberos ticket > for > a service, without user intervention. I installed and startet the service but > it was not working until i figured, that I need to create this directory as > it > is references in the default config file 99-nfs-client.config. And it has to > be > recreated after each restart of my client as files in /tmp do not survive a > reboot. > So I have added an override to /etc/systemd/system/gssproxy.service.d: > > [Service] > ExecStartPre=/bin/mkdir -p /tmp/gssproxy/clients > PrivateTmp=true
Hi and thanks for the report. The /tmp/gssproxy/clients directory looks weird, where is that path coming from? I looked a bit in gssproxy source code but didn't find what would create it. Is this coming from some kerberos configuration? Could you give some step-by-step instructions on how to reproduce this problem, from a freshly installed debian system? > To actually be used by rpc-gssd.service a second overriide is neccessary for > this service: > > [Service] > Environment=GSS_USE_PROXY=yes > > Without these two additions gssproxy was not working on my client, so I think > they should be included in the package - or at least be mentioned in the docs > and may be as a comment in the configuration file. I believe the requirement to add GSS_USE_PROXY is fairly well documented, see /usr/share/doc/gssproxy/docs/README.md.gz or URL below. There is a systemd service file example that matches your setup. https://github.com/gssapi/gssproxy/tree/main/docs#configuring-the-application /Simon
signature.asc
Description: PGP signature
