Remove residual blank line at start of MakefileThis is a residual of the $FreeBSD$ removal.MFC After: 3 days (though I'll just run the command on the branches)Sponsored by: Netflix
Remove $FreeBSD$: one-line sh patternRemove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/
Remove $FreeBSD$: two-line .h patternRemove /^\s*\*\n \*\s+\$FreeBSD\$$\n/
Fix LDADD/DPADD that should be LIBADD.Sponsored by: EMC / Isilon Storage Division
NO_MAN= has been deprecated in favor of MAN= for some time, go aheadand finish the job. ncurses is now the only Makefile in the tree thatuses it since it wasn't a simple mechanical change, and will
NO_MAN= has been deprecated in favor of MAN= for some time, go aheadand finish the job. ncurses is now the only Makefile in the tree thatuses it since it wasn't a simple mechanical change, and will beaddressed in a future commit.
show more ...
Fixed missing or broken library dependencies.
Implement support for RPCSEC_GSS authentication to both the NFS clientand server. This replaces the RPC implementation of the NFS client andserver with the newer RPC implementation originally devel
Implement support for RPCSEC_GSS authentication to both the NFS clientand server. This replaces the RPC implementation of the NFS client andserver with the newer RPC implementation originally developed(actually ported from the userland sunrpc code) to support the NFSLock Manager. I have tested this code extensively and I believe it isstable and that performance is at least equal to the legacy RPCimplementation.The NFS code currently contains support for both the new RPCimplementation and the older legacy implementation inherited from theoriginal NFS codebase. The default is to use the new implementation -add the NFS_LEGACYRPC option to fall back to the old code. When Imerge this support back to RELENG_7, I will probably change this sothat users have to 'opt in' to get the new code.To use RPCSEC_GSS on either client or server, you must build a kernelwhich includes the KGSSAPI option and the crypto device. On theuserland side, you must build at least a new libc, mountd, mount_nfsand gssd. You must install new versions of /etc/rc.d/gssd and/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.As long as gssd is running, you should be able to mount an NFSfilesystem from a server that requires RPCSEC_GSS authentication. Themount itself can happen without any kerberos credentials but allaccess to the filesystem will be denied unless the accessing user hasa valid ticket file in the standard place (/tmp/krb5cc_<uid>). Thereis currently no support for situations where the ticket file is in adifferent place, such as when the user logged in via SSH and hasdelegated credentials from that login. This restriction is alsopresent in Solaris and Linux. In theory, we could improve this infuture, possibly using Brooks Davis' implementation of variantsymlinks.Supporting RPCSEC_GSS on a server is nearly as simple. You must createservice creds for the server in the form 'nfs/<fqdn>@<REALM>' andinstall them in /etc/krb5.keytab. The standard heimdal utility ktutilmakes this fairly easy. After the service creds have been created, youcan add a '-sec=krb5' option to /etc/exports and restart both mountdand nfsd.The only other difference an administrator should notice is that nfsddoesn't fork to create service threads any more. In normal operation,there will be two nfsd processes, one in userland waiting for TCPconnections and one in the kernel handling requests. The latterprocess will create as many kthreads as required - these should bevisible via 'top -H'. The code has some support for varying the numberof service threads according to load but initially at least, nfsd usesa fixed number of threads according to the value supplied to its '-n'option.Sponsored by: Isilon SystemsMFC after: 1 month