Issue #9120: ipa-client package should not depend on nfs-utils - freeipa

freeipa

#9120 ipa-client package should not depend on nfs-utils

Opened 2 years ago by koalillo. Modified 2 years ago

Request for enhancement

As an admin, I don't want that installing ipa-client enables rpcbind, to reduce exposure

Issue

ipa-client depends on nfs-utils, that depends on rpcbind, that is set to autoenable and autostart. This means that just installing ipa-client will add services which I believe are not necessary by default.

Additionally, the instructions for configuring NFS on FreeIPA:

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/krb-nfs-client

Ask the user to install nfs-utils anyway.

Steps to Reproduce

dnf install ipa-client
netstat -nap | grep 111

Actual behavior

tcp:111 is listening.

Expected behavior

Installing ipa-client should not open tcp:111.

Version/Release/Distribution

Happens on EL8 and the master branch spec still contains the dependency on nfs-utils.

Metadata

Assignee

None

Tags

None

Blocking

None

Depending on

None

Priority

None

Milestone

None

affects_doc

None

source

None

knownissue

None

type

None

blockedby

None

test_case

None

component

None

blocking

None

on_review

None

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

None

tester

None

changelog

None

design

None

freeipa

Source Code

#9120 ipa-client package should not depend on nfs-utils Opened 2 years ago by koalillo. Modified 2 years ago

Close issue as:

Request for enhancement

Issue

Steps to Reproduce

Actual behavior

Expected behavior

Version/Release/Distribution

Metadata

#9120 ipa-client package should not depend on nfs-utils

Opened 2 years ago by koalillo. Modified 2 years ago