simp-nfs does not manage nfs-related gssproxy config

Description

When NFS is configured to use Kerberos, the rpc-gssd and, by default, gssproxy services are used. gssproxy is configured for NFS with the following files:

  • 24-nfs-server.conf - delivered with the nfs-utils RPM

  • 99-nfs-client.conf - deliverd with the gssproxy RPM

simp-nfs needs to manage these files for three reasons:

  • They have critical security settings.

  • In order for simp-nfs to ensure the gssproxy cache is cleared when a Kerberos realm file changes (i.e., changes in the KDC to use), this module needs to know where the cache is. The best way to know where it is is to manage the cache settings in the two above files.

  • If the user decides to use a different location for the keytab than /etc/krb5.keytab, the keytab settings in those files must be made as well.

Acceptance Criteria

None

Labels

None

Epic Link

None

Story Points

None

Components

Sprint

Priority

Medium
Configure