git: a3bd034d3d07 - stable/13 - mount_nfs.8: Update man page for the "syskrb5" option

From: Rick Macklem <>
Date: Fri, 26 May 2023 01:12:41 UTC
The branch stable/13 has been updated by rmacklem:


commit a3bd034d3d0780f0c1c321974e4ca3a05293d711
Author:     Rick Macklem <>
AuthorDate: 2023-04-11 19:17:09 +0000
Commit:     Rick Macklem <>
CommitDate: 2023-05-26 01:10:45 +0000

    mount_nfs.8: Update man page for the "syskrb5" option
    Commit 896516e54a8c added a new NFS mount option
    used for Kerberized NFSv4.1/4.2 mounts. It specifies that
    AUTH_SYS be used for state maintenance (also called system)
    operations. This allows the mount to be done without the
    "gssname" option or a valid Kerberos TGT being held by the
    user doing the mount (so it can be specified in fstab(5) for
    This is a content change.
    (cherry picked from commit 61330e494f63ab60a515e3273668a03a7e8b4fee)
 sbin/mount_nfs/mount_nfs.8 | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/sbin/mount_nfs/mount_nfs.8 b/sbin/mount_nfs/mount_nfs.8
index c3da26c41c66..4f4b8891f67a 100644
--- a/sbin/mount_nfs/mount_nfs.8
+++ b/sbin/mount_nfs/mount_nfs.8
@@ -28,7 +28,7 @@
 .\"	@(#)mount_nfs.8	8.3 (Berkeley) 3/29/95
 .\" $FreeBSD$
-.Dd September 24, 2022
+.Dd April 3, 2023
@@ -166,7 +166,7 @@ It allows the mount to be performed by
 and avoids problems with
 cached credentials for the system operations expiring.
-.Dq "service-prinicpal-name"
+.Dq "service-principal-name"
 should be specified without instance or domain and is typically
 .Dq "host" ,
 .Dq "nfs"
@@ -441,6 +441,21 @@ A soft mount, which implies that file system calls will fail
 .Ar retrycnt
 round trip timeout intervals.
+.It Cm syskrb5
+This option specifies that a KerberosV NFSv4 minor version 1 or 2 mount
+uses AUTH_SYS for system operations.
+Using this option avoids the need for a KerberosV mount to have a
+host-based principal entry in the default keytab file
+.Cm gssname
+option) or a requirement for the user doing the mount to have a
+valid KerberosV ticket granting ticket (TGT) when the mount is done.
+This option is intended to be used with the
+.Cm sec Ns = Ns krb5
+.Cm tls
+options and can only be used for
+NFSv4 mounts with minor version 1 or 2.
 .It Cm tcp
 Use TCP transport.
 This is the default option, as it provides for increased reliability on both