3
0
forked from pool/util-linux
util-linux/util-linux-2.12r-sec-manpage.patch

52 lines
2.1 KiB
Diff
Raw Normal View History

From: http://www.citi.umich.edu/projects/nfsv4/linux/util-linux-patches
Subject: Update nfs(5) manpage to document security flavors
References: 159368
Acked-by: okir@suse.de
mount/nfs.5 | 24 ++++++++++++++++++++----
1 files changed, 20 insertions(+), 4 deletions(-)
Index: util-linux-2.12r/mount/nfs.5
===================================================================
--- util-linux-2.12r.orig/mount/nfs.5
+++ util-linux-2.12r/mount/nfs.5
@@ -128,7 +128,7 @@ mount daemon program number.
Use an alternate RPC version number to contact the
mount daemon on the remote host. This option is useful
for hosts that can run multiple NFS servers.
-The default value is version 1.
+The default value depends on which kernel you are using.
.TP 1.5i
.I nfsprog=n
Use an alternate RPC program number to contact the
@@ -193,9 +193,25 @@ Suppress the retrieval of new attributes
.TP 1.5i
.I noac
Disable all forms of attribute caching entirely. This extracts a
-server performance penalty but it allows two different NFS clients
-to get reasonable good results when both clients are actively
-writing to common filesystem on the server.
+significant performance penalty but it allows two different NFS clients
+to get reasonable results when both clients are actively
+writing to a common export on the server.
+.TP 1.5i
+.I sec=mode
+Set the security flavor for this mount to "mode".
+The default setting is \f3sec=sys\f1, which uses local
+unix uids and gids to authenticate NFS operations (AUTH_SYS).
+Other currently supported settings are:
+\f3sec=krb5\f1, which uses Kerberos V5 instead of local unix uids
+and gids to authenticate users;
+\f3sec=krb5i\f1, which uses Kerberos V5 for user authentication
+and performs integrity checking of NFS operations using secure
+checksums to prevent data tampering; and
+\f3sec=krb5p\f1, which uses Kerberos V5 for user authentication
+and integrity checking, and encrypts NFS traffic to prevent
+traffic sniffing (this is the most secure setting).
+Note that there is a performance penalty when using integrity
+or privacy.
.TP 1.5i
.I tcp
Mount the NFS filesystem using the TCP protocol instead of the