diff options
| author | J. Bruce Fields <bfields@citi.umich.edu> | 2007-07-05 13:45:54 -0400 |
|---|---|---|
| committer | Neil Brown <neilb@suse.de> | 2007-07-10 10:37:38 +1000 |
| commit | a9e72ee341b9294dea47ca53e80110775492eb6f (patch) | |
| tree | 6b7ac694bc53205d9bb9d001487128bfc1368f27 | |
| parent | 173ac3ccb45cc407336dd363fc15c90bbfdecf6f (diff) | |
| download | nfs-utils-a9e72ee341b9294dea47ca53e80110775492eb6f.tar.gz nfs-utils-a9e72ee341b9294dea47ca53e80110775492eb6f.tar.xz nfs-utils-a9e72ee341b9294dea47ca53e80110775492eb6f.zip | |
document the sec= option
Document the sec= option in the exports man page.
Not done: it would be nice to have an example or two here (and not just
in the final "EXAMPLE" section, though that would be nice too). I was
just too lazy to figure out the formatting.
Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@suse.de>
| -rw-r--r-- | utils/exportfs/exports.man | 21 |
1 files changed, 18 insertions, 3 deletions
diff --git a/utils/exportfs/exports.man b/utils/exportfs/exports.man index 41a5b16..73817d7 100644 --- a/utils/exportfs/exports.man +++ b/utils/exportfs/exports.man @@ -84,9 +84,24 @@ may work by accident when reverse DNS lookups fail. '''option. Multiple specifications of a public root will be ignored. .PP .SS RPCSEC_GSS security -To restrict access to an export using rpcsec_gss security, use the special -string "gss/krb5" as the client. It is not possible to simultaneously require -rpcsec_gss and to make requirements on the IP address of the client. +You may use the special strings "gss/krb5", "gss/krb5i", or "gss/krb5p" +to restrict access to clients using rpcsec_gss security. However, this +syntax is deprecated; on linux kernels since 2.6.23, you should instead +use the "sec=" export option: +.TP +.IR sec= +The sec= option, followed by a colon-delimited list of security flavors, +restricts the export to clients using those flavors. Available security +flavors include sys (the default--no cryptographic security), krb5 +(authentication only), krb5i (integrity protection), and krb5p (privacy +protection). For the purposes of security flavor negotiation, order +counts: preferred flavors should be listed first. The order of the sec= +option with respect to the other options does not matter, unless you +want some options to be enforced differently depending on flavor. +In that case you may include multiple sec= options, and following options +will be enforced only for access using flavors listed in the immediately +preceding sec= option. The only options that are permitted to vary in +this way are ro, rw, no_root_squash, root_squash, and all_squash. .PP .SS General Options .IR exportfs |