52 lines
2.1 KiB
Diff
52 lines
2.1 KiB
Diff
From: http://www.citi.umich.edu/projects/nfsv4/linux/util-linux-patches
|
|
Subject: Update nfs(5) manpage to document security flavors
|
|
References: 159368
|
|
|
|
Acked-by: okir@suse.de
|
|
|
|
mount/nfs.5 | 24 ++++++++++++++++++++----
|
|
1 files changed, 20 insertions(+), 4 deletions(-)
|
|
|
|
Index: util-linux-2.12r/mount/nfs.5
|
|
===================================================================
|
|
--- util-linux-2.12r.orig/mount/nfs.5
|
|
+++ util-linux-2.12r/mount/nfs.5
|
|
@@ -128,7 +128,7 @@ mount daemon program number.
|
|
Use an alternate RPC version number to contact the
|
|
mount daemon on the remote host. This option is useful
|
|
for hosts that can run multiple NFS servers.
|
|
-The default value is version 1.
|
|
+The default value depends on which kernel you are using.
|
|
.TP 1.5i
|
|
.I nfsprog=n
|
|
Use an alternate RPC program number to contact the
|
|
@@ -193,9 +193,25 @@ Suppress the retrieval of new attributes
|
|
.TP 1.5i
|
|
.I noac
|
|
Disable all forms of attribute caching entirely. This extracts a
|
|
-server performance penalty but it allows two different NFS clients
|
|
-to get reasonable good results when both clients are actively
|
|
-writing to common filesystem on the server.
|
|
+significant performance penalty but it allows two different NFS clients
|
|
+to get reasonable results when both clients are actively
|
|
+writing to a common export on the server.
|
|
+.TP 1.5i
|
|
+.I sec=mode
|
|
+Set the security flavor for this mount to "mode".
|
|
+The default setting is \f3sec=sys\f1, which uses local
|
|
+unix uids and gids to authenticate NFS operations (AUTH_SYS).
|
|
+Other currently supported settings are:
|
|
+\f3sec=krb5\f1, which uses Kerberos V5 instead of local unix uids
|
|
+and gids to authenticate users;
|
|
+\f3sec=krb5i\f1, which uses Kerberos V5 for user authentication
|
|
+and performs integrity checking of NFS operations using secure
|
|
+checksums to prevent data tampering; and
|
|
+\f3sec=krb5p\f1, which uses Kerberos V5 for user authentication
|
|
+and integrity checking, and encrypts NFS traffic to prevent
|
|
+traffic sniffing (this is the most secure setting).
|
|
+Note that there is a performance penalty when using integrity
|
|
+or privacy.
|
|
.TP 1.5i
|
|
.I tcp
|
|
Mount the NFS filesystem using the TCP protocol instead of the
|