When NFS is configured to use Kerberos, the rpc-gssd and, by default, gssproxy services are used. gssproxy is configured for NFS with the following files:
24-nfs-server.conf - delivered with the nfs-utils RPM
99-nfs-client.conf - deliverd with the gssproxy RPM
simp-nfs needs to manage these files for three reasons:
They have critical security settings.
In order for simp-nfs to ensure the gssproxy cache is cleared when a Kerberos realm file changes (i.e., changes in the KDC to use), this module needs to know where the cache is. The best way to know where it is is to manage the cache settings in the two above files.
If the user decides to use a different location for the keytab than /etc/krb5.keytab, the keytab settings in those files must be made as well.