svn commit: r365309 - head/share/snmp/mibs
Rick Macklem
rmacklem at FreeBSD.org
Thu Sep 3 20:42:31 UTC 2020
Author: rmacklem
Date: Thu Sep 3 20:42:30 2020
New Revision: 365309
URL: https://svnweb.freebsd.org/changeset/base/365309
Log:
Add entries for the OID used for NFS-over-TLS "user at domain".
The NFS-over-TLS server daemon (rpc.tlsservd) can optionally replace user
credentials in the RPC header with ones derived from a username specified
by the form "user at domain", if this exists in the client's X.509 v3 certificate.
Specifically, "user at domain" needs to be in the "otherName" component of
subjectjAltName, with a unique OID as assigned by this update.
This patch adds a subtree for the "otherName" component of subjectAltName in
X.509 v3 cerificates and a value for "user at domain" as used by NFS-over-TLS.
Reviewed by: phk, gordon
Differential Revision: https://reviews.freebsd.org/D26225
Modified:
head/share/snmp/mibs/FREEBSD-MIB.txt
Modified: head/share/snmp/mibs/FREEBSD-MIB.txt
==============================================================================
--- head/share/snmp/mibs/FREEBSD-MIB.txt Thu Sep 3 20:30:52 2020 (r365308)
+++ head/share/snmp/mibs/FREEBSD-MIB.txt Thu Sep 3 20:42:30 2020 (r365309)
@@ -16,7 +16,7 @@ IMPORTS
FROM SNMPv2-SMI;
freeBSD MODULE-IDENTITY
- LAST-UPDATED "200610311000Z"
+ LAST-UPDATED "202009032030Z"
ORGANIZATION "The FreeBSD Project."
CONTACT-INFO
"phk at FreeBSD.org is contact person for this file.
@@ -24,6 +24,9 @@ freeBSD MODULE-IDENTITY
DESCRIPTION
"The Structure of Management Information for the
FreeBSD Project enterprise MIB subtree."
+ REVISION "202009031900Z"
+ DESCRIPTION
+ "Added entries for the otherName component of a X.509 cert"
REVISION "200610310800Z"
DESCRIPTION
"Initial version of this MIB module."
@@ -35,6 +38,21 @@ freeBSDsrc OBJECT-IDENTITY
DESCRIPTION
"Subtree for things which lives in the src tree."
::= { freeBSD 1 }
+
+freeBSDsrcCertOtherName OBJECT-IDENTITY
+ STATUS current
+ DESCRIPTION
+ "Subtree for X.509 Certificate otherName entries"
+ ::= { freeBSDsrc 1 }
+
+--
+-- For NFS over TLS, a user at domain can optionally be handled by rpc.tlsservd
+--
+freeBSDsrcCertNFSuser OBJECT-IDENTITY
+ STATUS current
+ DESCRIPTION
+ "Entry for X.509 Certificate for NFS user at domain name"
+ ::= { freeBSDsrcCertOtherName 1 }
freeBSDports OBJECT-IDENTITY
STATUS current
More information about the svn-src-head
mailing list