Comment 23 for bug 1979885

1. rpc-svcgssd.service not restarted with nfs-server
the status was provided in initial bug description:
○ rpc-svcgssd.service - RPC security service for NFS server
     Loaded: loaded (/lib/systemd/system/rpc-svcgssd.service; static)
     Active: inactive (dead) since Fri 2022-06-24 19:07:31 PDT; 12h ago
1 get-around:
do systemctl start rpc-svcgssd.service after restarting nfs-server

2. as proven by the lsof entry above, rpc_pipefs is not open by the blkmapd process, your statement is incorrect
2 get-around: nfs can run without blkmapd

3. in the comparative config printout, nfsconf --dump was used for both servers, I think.
3 observation: the logic around the config is buggy as of 22.04. The config lack a few features as described in this bug
— bug: when to start rpc-svcgssd
- lack: portmap on localhost only
- lack: preventing statd, should be automatic
- lack: it is unclear to me if manage-gids controls the nfsd kernel module, too
For example, there could be a minimum security setting with value krb5p if that seems to be a good thing

4. nfs4-krb5p can run without blkmapd. And it does because blkmapd crashes as described above

The goal of nfs should be to easily disable everything that is not the latest version, ie 4.2. Those people that have legacy hardware and software should then have the settings available to them to support those historic features

nfs4 has a better security model and separates authentication from local operating systems. Therefore an interest in latest-version-only, maximum hardened, highest-security (krb5p) nfs.conf. Besides the root mount, there will then be shares that are either rw or ro