git: 61330e494f63 - main - mount_nfs.8: Update man page for the "syskrb5" option

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Rick Macklem <rmacklem_at_FreeBSD.org>
Date: Tue, 11 Apr 2023 19:18:25 UTC
The branch main has been updated by rmacklem:

URL: https://cgit.FreeBSD.org/src/commit/?id=61330e494f63ab60a515e3273668a03a7e8b4fee

commit 61330e494f63ab60a515e3273668a03a7e8b4fee
Author:     Rick Macklem <rmacklem@FreeBSD.org>
AuthorDate: 2023-04-11 19:17:09 +0000
Commit:     Rick Macklem <rmacklem@FreeBSD.org>
CommitDate: 2023-04-11 19:17:09 +0000

    mount_nfs.8: Update man page for the "syskrb5" option
    
    Commit 896516e54a8c added a new NFS mount option
    used for Kerberized NFSv4.1/4.2 mounts. It specifies that
    AUTH_SYS be used for state maintenance (also called system)
    operations. This allows the mount to be done without the
    "gssname" option or a valid Kerberos TGT being held by the
    user doing the mount (so it can be specified in fstab(5) for
    example).
    
    Reviewed by:    gbe (manpages), karels
    MFC after:      3 months
    Differential Revision:  https://reviews.freebsd.org/D39469
---
 sbin/mount_nfs/mount_nfs.8 | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/sbin/mount_nfs/mount_nfs.8 b/sbin/mount_nfs/mount_nfs.8
index 0e6ea0538063..5052b1a2d6dd 100644
--- a/sbin/mount_nfs/mount_nfs.8
+++ b/sbin/mount_nfs/mount_nfs.8
@@ -28,7 +28,7 @@
 .\"	@(#)mount_nfs.8	8.3 (Berkeley) 3/29/95
 .\" $FreeBSD$
 .\"
-.Dd September 24, 2022
+.Dd April 3, 2023
 .Dt MOUNT_NFS 8
 .Os
 .Sh NAME
@@ -166,7 +166,7 @@ It allows the mount to be performed by
 and avoids problems with
 cached credentials for the system operations expiring.
 The
-.Dq "service-prinicpal-name"
+.Dq "service-principal-name"
 should be specified without instance or domain and is typically
 .Dq "host" ,
 .Dq "nfs"
@@ -441,6 +441,21 @@ A soft mount, which implies that file system calls will fail
 after
 .Ar retrycnt
 round trip timeout intervals.
+.It Cm syskrb5
+This option specifies that a KerberosV NFSv4 minor version 1 or 2 mount
+uses AUTH_SYS for system operations.
+Using this option avoids the need for a KerberosV mount to have a
+host-based principal entry in the default keytab file
+(no
+.Cm gssname
+option) or a requirement for the user doing the mount to have a
+valid KerberosV ticket granting ticket (TGT) when the mount is done.
+This option is intended to be used with the
+.Cm sec Ns = Ns krb5
+and
+.Cm tls
+options and can only be used for
+NFSv4 mounts with minor version 1 or 2.
 .It Cm tcp
 Use TCP transport.
 This is the default option, as it provides for increased reliability on both