@@ -71,18 +71,21 @@ scripts can be written to work correctly.
A/ mount -t nfsd /proc/fs/nfsd
- This filesystem needs to be mount before most daemons,
+ This filesystem needs to be mounted before most daemons,
particularly exportfs, mountd, svcgssd, idmapd.
It could be mounted once, or the script that starts each daemon
could test if it is mounted and mount it if not.
- B/ svcgssd ; idmapd
+ B/ svcgssd ; gssd; idmapd
These supply services to nfsd and so should be started before
rpc.nfsd. Where they come between mounting the nfsd filesystem
and starting the nfsd server is not important.
idmapd is only needed for NFSv4 support.
- svcgssd is only needed if exportfs NFS filesystem with crypto-
- security (Kerberos).
+ svcgssd is needed to export filesystems with Kerberos.
+ gssd should also be started to support granting delegations to
+ NFSv4.0 clients using Kerberos. However, if it is not started
+ this will only mean that delegations will not be granted. This
+ will not prevent NFSv4.0 clients from functioning normally.
C/ exportfs -av ; rpc.mountd
It is important that exportfs be run before mountd so that
@@ -148,10 +151,15 @@ scripts can be written to work correctly.
filesystems can be mounted with "-o nolock" before sm-notify.
This is appropriate for '/', '/usr', and '/var'.
- B/ gssd ; idmapd
+ B/ gssd ; svcgssd; idmapd
idmapd should be started before mounting any NFSv4 filesystems.
gssd should be started before mounting any NFS filesystems
securely (with Kerberos).
+ Before mounting any NFSv4.0 filesystems with Kerberos, svcgssd should
+ also be started to support the callbacks required for delegations.
+ However, a failure to start svcgssd will only mean that delegations
+ are turned off, and will not prevent such a mount from working
+ correctly.
C/ statd should be run before any NFSv2 or NFSv3 filesystem is
mounted with remote locking (i.e. without -o nolock).