• Chuck Lever's avatar
    NFS & NFSD: Update GSS dependencies · e57d0652
    Chuck Lever authored
    Geert reports that:
    > On v6.2, "make ARCH=m68k defconfig" gives you
    > CONFIG_RPCSEC_GSS_KRB5=m
    > On v6.3, it became builtin, due to dropping the dependencies on
    > the individual crypto modules.
    >
    > $ grep -E "CRYPTO_(MD5|DES|CBC|CTS|ECB|HMAC|SHA1|AES)" .config
    > CONFIG_CRYPTO_AES=y
    > CONFIG_CRYPTO_AES_TI=m
    > CONFIG_CRYPTO_DES=m
    > CONFIG_CRYPTO_CBC=m
    > CONFIG_CRYPTO_CTS=m
    > CONFIG_CRYPTO_ECB=m
    > CONFIG_CRYPTO_HMAC=m
    > CONFIG_CRYPTO_MD5=m
    > CONFIG_CRYPTO_SHA1=m
    
    This behavior is triggered by the "default y" in the definition of
    RPCSEC_GSS.
    
    The "default y" was added in 2010 by commit df486a25 ("NFS: Fix
    the selection of security flavours in Kconfig"). However,
    svc_gss_principal was removed in 2012 by commit 03a4e1f6
    ("nfsd4: move principal name into svc_cred"), so the 2010 fix is
    no longer necessary. We can safely change the NFS_V4 and NFSD_V4
    dependencies back to RPCSEC_GSS_KRB5 to get the nicer v6.2
    behavior back.
    
    Selecting KRB5 symbolically represents the true requirement here:
    that all spec-compliant NFSv4 implementations must have Kerberos
    available to use.
    Reported-by: default avatarGeert Uytterhoeven <geert@linux-m68k.org>
    Fixes: dfe9a123 ("SUNRPC: Enable rpcsec_gss_krb5.ko to be built without CRYPTO_DES")
    Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
    e57d0652
Kconfig 5.31 KB