Meowthink reported a problem on freebsd-hackers_at_ where the gssd would not start up because /usr was not yet mounted. (I moved the discussion here, hoping to catch more comments.) He has a separately mounted /usr and, recently, gssd was failing to start since /usr was not yet mounted when /etc/rc.d/gssd was executed. Looking at /etc/rc.d/gssd, this is not surprising, since the REQUIRED line only lists "root" as a requirement. I can see a couple of things that can be done, but no obvious ideal solution: (A) - Add "mountcritlocal" to the REQUIRED line, which is what Meowthink has done. This seems harmless and works for the case of a local filesystem /usr, but does not work if /usr is an NFS mounted file system. (B) - Add both "mountcritlocal" and "mountcritremote" to the REQUIRED line. This would also fix the case of an NFS mounted /usr, but it also implies that all NFS entries in /etc/fstab that uses "sec=krb5[ip]" would also need the "late" option specified. I am thinking that (A) can be done and MFC'd, since it shouldn't break anything (or cause a POLA violation). Maybe (B) can be done for head/FreeBSD13 with an entry in the Release notes, indicating the need for "late" on NFS entries using "sec=krb5[ip]" in /etc/fstab. (It would result in a POLA violation if MFC'd, since "sec=krb5[ip]" entries in /etc/fstab would break until "late" is added.) I am interested in a solution for this, in part, because the daemons for NFS over TLS have the same problem. Any ideas/suggestions, rick ps: I thought of moving gssd to /sbin, but it uses several libraries, including Kerberos ones, that are in /usr/lib.Received on Sun Oct 11 2020 - 00:18:58 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:25 UTC