> On Jul 15, 2023, at 2:07 PM, Steve Dickson <SteveD@xxxxxxxxxx> wrote: > > Hey! > > On 7/14/23 2:36 PM, Chuck Lever wrote: >> From: Chuck Lever <chuck.lever@xxxxxxxxxx> >> More information about RPC-with-TLS and some brief set-up guidance >> are to be provided in a separate man page in Section 7. >> Signed-off-by: Chuck Lever <chuck.lever@xxxxxxxxxx> > Question: commit b5e4539f already add this RPC-with-TLS > update to the man page. So do you want me to revert b5e4539f > and replace it with this patch? Hrm, I didn't remember sending you a client-side man page update. I thought I was waiting for the in-kernel parts of the client TLS work to land, which they've done now in v6.5-rc. If it's no trouble, go ahead and replace that one. > steved. > >> --- >> utils/mount/nfs.man | 38 +++++++++++++++++++++++++++++++++++++- >> 1 file changed, 37 insertions(+), 1 deletion(-) >> diff --git a/utils/mount/nfs.man b/utils/mount/nfs.man >> index d9f34df36b42..dfc31a5dad26 100644 >> --- a/utils/mount/nfs.man >> +++ b/utils/mount/nfs.man >> @@ -574,7 +574,43 @@ The >> .B sloppy >> option is an alternative to specifying >> .BR mount.nfs " -s " option. >> - >> +.TP 1.5i >> +.BI xprtsec= policy >> +Specifies the use of transport layer security to protect NFS network >> +traffic on behalf of this mount point. >> +.I policy >> +can be one of >> +.BR none , >> +.BR tls , >> +or >> +.BR mtls . >> +.IP >> +If >> +.B none >> +is specified, >> +transport layer security is forced off, even if the NFS server supports >> +transport layer security. >> +If >> +.B tls >> +is specified, the client uses RPC-with-TLS to provide in-transit >> +confidentiality. >> +If >> +.B mtls >> +is specified, the client uses RPC-with-TLS to authenticate itself and >> +to provide in-transit confidentiality. >> +If either >> +.B tls >> +or >> +.B mtls >> +is specified and the server does not support RPC-with-TLS or peer >> +authentication fails, the mount attempt fails. >> +.IP >> +If the >> +.B xprtsec= >> +option is not specified, >> +the default behavior depends on the kernel version, >> +but is usually equivalent to >> +.BR "xprtsec=none" . >> .SS "Options for NFS versions 2 and 3 only" >> Use these options, along with the options in the above subsection, >> for NFS versions 2 and 3 only. > > -- Chuck Lever
