svn commit: r365309 - head/share/snmp/mibs

Rick Macklem rmacklem at FreeBSD.org
Thu Sep 3 20:42:31 UTC 2020 

Author: rmacklem
Date: Thu Sep  3 20:42:30 2020
New Revision: 365309
URL: https://svnweb.freebsd.org/changeset/base/365309

Log:
  Add entries for the OID used for NFS-over-TLS "user at domain".
  
  The NFS-over-TLS server daemon (rpc.tlsservd) can optionally replace user
  credentials in the RPC header with ones derived from a username specified
  by the form "user at domain", if this exists in the client's X.509 v3 certificate.
  Specifically, "user at domain" needs to be in the "otherName" component of
  subjectjAltName, with a unique OID as assigned by this update.
  
  This patch adds a subtree for the "otherName" component of subjectAltName in
  X.509 v3 cerificates and a value for "user at domain" as used by NFS-over-TLS.
  
  Reviewed by:	phk, gordon
  Differential Revision:	https://reviews.freebsd.org/D26225

Modified:
  head/share/snmp/mibs/FREEBSD-MIB.txt

Modified: head/share/snmp/mibs/FREEBSD-MIB.txt
==============================================================================
--- head/share/snmp/mibs/FREEBSD-MIB.txt	Thu Sep  3 20:30:52 2020	(r365308)
+++ head/share/snmp/mibs/FREEBSD-MIB.txt	Thu Sep  3 20:42:30 2020	(r365309)
@@ -16,7 +16,7 @@ IMPORTS
 		FROM SNMPv2-SMI;
 
 freeBSD MODULE-IDENTITY
-	LAST-UPDATED "200610311000Z"
+	LAST-UPDATED "202009032030Z"
 	ORGANIZATION "The FreeBSD Project."
 	CONTACT-INFO
 		"phk at FreeBSD.org is contact person for this file.
@@ -24,6 +24,9 @@ freeBSD MODULE-IDENTITY
 	DESCRIPTION
 		"The Structure of Management Information for the
 		FreeBSD Project enterprise MIB subtree."
+	REVISION      "202009031900Z"
+	DESCRIPTION
+		"Added entries for the otherName component of a X.509 cert"
 	REVISION      "200610310800Z"
 	DESCRIPTION
 		"Initial version of this MIB module."
@@ -35,6 +38,21 @@ freeBSDsrc OBJECT-IDENTITY
 	DESCRIPTION
 		"Subtree for things which lives in the src tree."
 	::= { freeBSD 1 }
+
+freeBSDsrcCertOtherName OBJECT-IDENTITY
+	STATUS	current
+	DESCRIPTION
+		"Subtree for X.509 Certificate otherName entries"
+	::= { freeBSDsrc 1 }
+
+--
+-- For NFS over TLS, a user at domain can optionally be handled by rpc.tlsservd
+--
+freeBSDsrcCertNFSuser OBJECT-IDENTITY
+	STATUS	current
+	DESCRIPTION
+		"Entry for X.509 Certificate for NFS user at domain name"
+	::= { freeBSDsrcCertOtherName 1 }
 
 freeBSDports OBJECT-IDENTITY
 	STATUS	current

More information about the svn-src-head mailing list