From: Andy Adamson <andros@xxxxxxxxxxxxxxxxxxxx> Signed-off-by: Andy Adamson <andros@xxxxxxxxxx> --- utils/gssd/gssd.man | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/utils/gssd/gssd.man b/utils/gssd/gssd.man index 87eef02..e65ca7f 100644 --- a/utils/gssd/gssd.man +++ b/utils/gssd/gssd.man @@ -8,7 +8,7 @@ rpc.gssd \- RPCSEC_GSS daemon .SH SYNOPSIS .B rpc.gssd -.RB [ \-DfMnlvr ] +.RB [ \-DGfMnlvr ] .RB [ \-k .IR keytab ] .RB [ \-p @@ -20,8 +20,9 @@ rpc.gssd \- RPCSEC_GSS daemon .RB [ \-R .IR realm ] .SH INTRODUCTION -The RPCSEC_GSS protocol, defined in RFC 5403, is used to provide -strong security for RPC-based protocols such as NFS. +The RPCSEC_GSS version 1 protocol defined in RFC 5403, and the RPCSEC_GSS version 3 protocol defined in RFC 7861, are used to provide strong security for RPC-based protocols such as NFS. +.P +RPCSEC_GSS version 3 supports all of RPCSEC_GSS version 1 features, and provides support for communicating additional authorization and authentication information to a server. .P Before exchanging RPC requests using RPCSEC_GSS, an RPC client must establish a GSS @@ -218,6 +219,13 @@ can introduce a security vulnerability, so it is recommended that not be used, and that canonical names always be used when requesting services. .TP +.B \-G +For GSS context initialization, GSS version 3 is normally tried first, and if the server reports an RPC level error, then GSS version 1 is tried. The negotiated GSS version is then passed to the kernel. This happens for each GSS context initilaization request. + +If the kernel does not support the GSS version downcall, the mount will fail. + +If .B \-G is present, the GSS version will not be passed to the kernel, and GSS version 3 will not be attempted; all calls will use GSS version 1. +.TP .B -f Runs .B rpc.gssd -- 1.8.3.1 -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
