Am Samstag, 26. Oktober 2024, 20:37:06 CET schrieb Simon Josefsson: > Tobias Rupf <tobias.r...@gmx.de> writes: > > > I'm using gssproxy at my client for automatically getting a kerberos ticket > > for > > a service, without user intervention. I installed and startet the service > > but > > it was not working until i figured, that I need to create this directory > > as it > > is references in the default config file 99-nfs-client.config. And it has > > to be > > recreated after each restart of my client as files in /tmp do not survive a > > reboot. > > So I have added an override to /etc/systemd/system/gssproxy.service.d: > > > > [Service] > > ExecStartPre=/bin/mkdir -p /tmp/gssproxy/clients > > PrivateTmp=true > > Hi and thanks for the report. The /tmp/gssproxy/clients directory looks > weird, where is that path coming from? I looked a bit in gssproxy > source code but didn't find what would create it. Is this coming from > some kerberos configuration? Could you give some step-by-step > instructions on how to reproduce this problem, from a freshly installed > debian system? > Of course this directory does not exist as systemd uses and creates private tmp directories. You should instead find a directory like /tmp/systemd-private-<some-id-string>-gssproxy.service-<some string> on your system which is created by systemd at startup of gssproxy- service. Gssproxy needs it to place krb5cc credentials there. The override creates the neccessary sub folders inside this directory. Without the override the subfolders are missing and gssproxy can not find a location to place the credential-files for the users (hence gssproxy does not create subfolders in /tmp resp. its private /tmp itself)
> > To actually be used by rpc-gssd.service a second overriide is neccessary for > > this service: > > > > [Service] > > Environment=GSS_USE_PROXY=yes > > > > Without these two additions gssproxy was not working on my client, so I > > think > > they should be included in the package - or at least be mentioned in the > > docs > > and may be as a comment in the configuration file. > > I believe the requirement to add GSS_USE_PROXY is fairly well > documented, see /usr/share/doc/gssproxy/docs/README.md.gz or URL below. > There is a systemd service file example that matches your setup. > > https://github.com/gssapi/gssproxy/tree/main/docs#configuring-the-application > Yes it is well documented, nevertheless the override is required and I think it should be included in the Debian gssproxy package. With override a mean a file should be installed in /etc/systemd/system/rpc-gssd.service.d containing the 2 lines: [Service] Environment=GSS_USE_PROXY=yes as described in my original report. A common user would expect gssproxy to work and to be used right after installation of the package. That's why the report is targeted to Debian project and not the gssproxy creator... Tobias
signature.asc
Description: This is a digitally signed message part.
