From: http://www.citi.umich.edu/projects/nfsv4/linux/util-linux-patches Subject: Update nfs(5) manpage to document security flavors References: 159368 Acked-by: okir@suse.de mount/nfs.5 | 24 ++++++++++++++++++++---- 1 files changed, 20 insertions(+), 4 deletions(-) Index: util-linux-ng-2.12r+2.13pre7/mount/nfs.5 =================================================================== --- util-linux-ng-2.12r+2.13pre7.orig/mount/nfs.5 +++ util-linux-ng-2.12r+2.13pre7/mount/nfs.5 @@ -165,7 +165,7 @@ mount daemon program number. Use an alternate RPC version number to contact the mount daemon on the remote host. This option is useful for hosts that can run multiple NFS servers. -The default value is version 1. +The default value depends on which kernel you are using. .TP 1.5i .I nfsprog=n Use an alternate RPC program number to contact the @@ -230,9 +230,25 @@ Suppress the retrieval of new attributes .TP 1.5i .I noac Disable all forms of attribute caching entirely. This extracts a -server performance penalty but it allows two different NFS clients -to get reasonable good results when both clients are actively -writing to common filesystem on the server. +significant performance penalty but it allows two different NFS clients +to get reasonable results when both clients are actively +writing to a common export on the server. +.TP 1.5i +.I sec=mode +Set the security flavor for this mount to "mode". +The default setting is \f3sec=sys\f1, which uses local +unix uids and gids to authenticate NFS operations (AUTH_SYS). +Other currently supported settings are: +\f3sec=krb5\f1, which uses Kerberos V5 instead of local unix uids +and gids to authenticate users; +\f3sec=krb5i\f1, which uses Kerberos V5 for user authentication +and performs integrity checking of NFS operations using secure +checksums to prevent data tampering; and +\f3sec=krb5p\f1, which uses Kerberos V5 for user authentication +and integrity checking, and encrypts NFS traffic to prevent +traffic sniffing (this is the most secure setting). +Note that there is a performance penalty when using integrity +or privacy. .TP 1.5i .I tcp Mount the NFS filesystem using the TCP protocol instead of the