Hey! On 7/14/23 2:36 PM, Chuck Lever wrote:
From: Chuck Lever <chuck.lever@xxxxxxxxxx> More information about RPC-with-TLS and some brief set-up guidance are to be provided in a separate man page in Section 7. Signed-off-by: Chuck Lever <chuck.lever@xxxxxxxxxx>
Question: commit b5e4539f already add this RPC-with-TLS update to the man page. So do you want me to revert b5e4539f and replace it with this patch? steved.
--- utils/mount/nfs.man | 38 +++++++++++++++++++++++++++++++++++++- 1 file changed, 37 insertions(+), 1 deletion(-) diff --git a/utils/mount/nfs.man b/utils/mount/nfs.man index d9f34df36b42..dfc31a5dad26 100644 --- a/utils/mount/nfs.man +++ b/utils/mount/nfs.man @@ -574,7 +574,43 @@ The .B sloppy option is an alternative to specifying .BR mount.nfs " -s " option. - +.TP 1.5i +.BI xprtsec= policy +Specifies the use of transport layer security to protect NFS network +traffic on behalf of this mount point. +.I policy +can be one of +.BR none , +.BR tls , +or +.BR mtls . +.IP +If +.B none +is specified, +transport layer security is forced off, even if the NFS server supports +transport layer security. +If +.B tls +is specified, the client uses RPC-with-TLS to provide in-transit +confidentiality. +If +.B mtls +is specified, the client uses RPC-with-TLS to authenticate itself and +to provide in-transit confidentiality. +If either +.B tls +or +.B mtls +is specified and the server does not support RPC-with-TLS or peer +authentication fails, the mount attempt fails. +.IP +If the +.B xprtsec= +option is not specified, +the default behavior depends on the kernel version, +but is usually equivalent to +.BR "xprtsec=none" . .SS "Options for NFS versions 2 and 3 only" Use these options, along with the options in the above subsection, for NFS versions 2 and 3 only.
