From patchwork Mon Jul 31 19:15:26 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andy Adamson X-Patchwork-Id: 9873031 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 7602C602F0 for ; Mon, 31 Jul 2017 19:15:32 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 69F252852D for ; Mon, 31 Jul 2017 19:15:32 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 5EC2E28537; Mon, 31 Jul 2017 19:15:32 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8AD392852D for ; Mon, 31 Jul 2017 19:15:31 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751126AbdGaTPa (ORCPT ); Mon, 31 Jul 2017 15:15:30 -0400 Received: from mx142.netapp.com ([216.240.21.19]:24192 "EHLO mx142.netapp.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751106AbdGaTPa (ORCPT ); Mon, 31 Jul 2017 15:15:30 -0400 X-IronPort-AV: E=Sophos;i="5.41,304,1498546800"; d="scan'208";a="203547927" Received: from vmwexchts04-prd.hq.netapp.com ([10.122.105.32]) by mx142-out.netapp.com with ESMTP; 31 Jul 2017 11:53:30 -0700 Received: from smtp2.corp.netapp.com (10.57.159.114) by VMWEXCHTS04-PRD.hq.netapp.com (10.122.105.32) with Microsoft SMTP Server id 15.0.1210.3; Mon, 31 Jul 2017 12:15:29 -0700 Received: from localhost.localdomain.localdomain (dros-16.vpn.netapp.com [10.55.71.45]) by smtp2.corp.netapp.com (8.13.1/8.13.1/NTAP-1.6) with ESMTP id v6VJFSfu005607; Mon, 31 Jul 2017 12:15:28 -0700 (PDT) From: To: CC: , , , Andy Adamson , "Andy Adamson" Subject: [PATCH Version 4 3/3] GSSD RPCSEC_GSS version 3 gssd man page additions Date: Mon, 31 Jul 2017 15:15:26 -0400 Message-ID: <1501528526-25077-1-git-send-email-andros@netapp.com> X-Mailer: git-send-email 1.8.3.1 MIME-Version: 1.0 Sender: linux-nfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Andy Adamson Signed-off-by: Andy Adamson --- utils/gssd/gssd.man | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/utils/gssd/gssd.man b/utils/gssd/gssd.man index 87eef02..e65ca7f 100644 --- a/utils/gssd/gssd.man +++ b/utils/gssd/gssd.man @@ -8,7 +8,7 @@ rpc.gssd \- RPCSEC_GSS daemon .SH SYNOPSIS .B rpc.gssd -.RB [ \-DfMnlvr ] +.RB [ \-DGfMnlvr ] .RB [ \-k .IR keytab ] .RB [ \-p @@ -20,8 +20,9 @@ rpc.gssd \- RPCSEC_GSS daemon .RB [ \-R .IR realm ] .SH INTRODUCTION -The RPCSEC_GSS protocol, defined in RFC 5403, is used to provide -strong security for RPC-based protocols such as NFS. +The RPCSEC_GSS version 1 protocol defined in RFC 5403, and the RPCSEC_GSS version 3 protocol defined in RFC 7861, are used to provide strong security for RPC-based protocols such as NFS. +.P +RPCSEC_GSS version 3 supports all of RPCSEC_GSS version 1 features, and provides support for communicating additional authorization and authentication information to a server. .P Before exchanging RPC requests using RPCSEC_GSS, an RPC client must establish a GSS @@ -218,6 +219,13 @@ can introduce a security vulnerability, so it is recommended that not be used, and that canonical names always be used when requesting services. .TP +.B \-G +For GSS context initialization, GSS version 3 is normally tried first, and if the server reports an RPC level error, then GSS version 1 is tried. The negotiated GSS version is then passed to the kernel. This happens for each GSS context initilaization request. + +If the kernel does not support the GSS version downcall, the mount will fail. + +If .B \-G is present, the GSS version will not be passed to the kernel, and GSS version 3 will not be attempted; all calls will use GSS version 1. +.TP .B -f Runs .B rpc.gssd