git: a3bd034d3d07 - stable/13 - mount_nfs.8: Update man page for the "syskrb5" option
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 26 May 2023 01:12:41 UTC
The branch stable/13 has been updated by rmacklem: URL: https://cgit.FreeBSD.org/src/commit/?id=a3bd034d3d0780f0c1c321974e4ca3a05293d711 commit a3bd034d3d0780f0c1c321974e4ca3a05293d711 Author: Rick Macklem <rmacklem@FreeBSD.org> AuthorDate: 2023-04-11 19:17:09 +0000 Commit: Rick Macklem <rmacklem@FreeBSD.org> CommitDate: 2023-05-26 01:10:45 +0000 mount_nfs.8: Update man page for the "syskrb5" option Commit 896516e54a8c added a new NFS mount option used for Kerberized NFSv4.1/4.2 mounts. It specifies that AUTH_SYS be used for state maintenance (also called system) operations. This allows the mount to be done without the "gssname" option or a valid Kerberos TGT being held by the user doing the mount (so it can be specified in fstab(5) for example). This is a content change. (cherry picked from commit 61330e494f63ab60a515e3273668a03a7e8b4fee) --- sbin/mount_nfs/mount_nfs.8 | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/sbin/mount_nfs/mount_nfs.8 b/sbin/mount_nfs/mount_nfs.8 index c3da26c41c66..4f4b8891f67a 100644 --- a/sbin/mount_nfs/mount_nfs.8 +++ b/sbin/mount_nfs/mount_nfs.8 @@ -28,7 +28,7 @@ .\" @(#)mount_nfs.8 8.3 (Berkeley) 3/29/95 .\" $FreeBSD$ .\" -.Dd September 24, 2022 +.Dd April 3, 2023 .Dt MOUNT_NFS 8 .Os .Sh NAME @@ -166,7 +166,7 @@ It allows the mount to be performed by and avoids problems with cached credentials for the system operations expiring. The -.Dq "service-prinicpal-name" +.Dq "service-principal-name" should be specified without instance or domain and is typically .Dq "host" , .Dq "nfs" @@ -441,6 +441,21 @@ A soft mount, which implies that file system calls will fail after .Ar retrycnt round trip timeout intervals. +.It Cm syskrb5 +This option specifies that a KerberosV NFSv4 minor version 1 or 2 mount +uses AUTH_SYS for system operations. +Using this option avoids the need for a KerberosV mount to have a +host-based principal entry in the default keytab file +(no +.Cm gssname +option) or a requirement for the user doing the mount to have a +valid KerberosV ticket granting ticket (TGT) when the mount is done. +This option is intended to be used with the +.Cm sec Ns = Ns krb5 +and +.Cm tls +options and can only be used for +NFSv4 mounts with minor version 1 or 2. .It Cm tcp Use TCP transport. This is the default option, as it provides for increased reliability on both