diff mbox series

[v2,4/4] nfs(5): Document the new "xprtsec=" mount option

Message ID 168009891187.2522.6811718417615257679.stgit@manet.1015granger.net (mailing list archive)
State New, archived
Headers show
Series nfs-utils changes for RPC-with-TLS | expand

Commit Message

Chuck Lever March 29, 2023, 2:08 p.m. UTC
From: Chuck Lever <chuck.lever@oracle.com>

More information about RPC-with-TLS and some brief set-up guidance
are to be provided in a separate man page in Section 7.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
---
 utils/mount/nfs.man |   34 +++++++++++++++++++++++++++++++++-
 1 file changed, 33 insertions(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/utils/mount/nfs.man b/utils/mount/nfs.man
index d9f34df36b42..7a410422897c 100644
--- a/utils/mount/nfs.man
+++ b/utils/mount/nfs.man
@@ -574,7 +574,39 @@  The
 .B sloppy
 option is an alternative to specifying
 .BR mount.nfs " -s " option.
-
+.TP 1.5i
+.BI xprtsec= policy
+Specifies the use of transport layer security to protect NFS network
+traffic on behalf of this mount point.
+.I policy
+can be one of
+.BR none ,
+.BR tls ,
+or
+.BR mtls .
+.IP
+If
+.B none
+is specified,
+transport layer security is forced off, even if the NFS server supports
+transport layer security.
+If
+.B tls
+is specified, the client uses RPC-with-TLS to provide in-transit
+confidentiality.
+If
+.B mtls
+is specified, the client uses RPC-with-TLS to authenticate itself and
+to provide in-transit confidentiality.
+If the server does not support RPC-with-TLS or peer authentication
+fails, the mount attempt fails.
+.IP
+If the
+.B xprtsec=
+option is not specified,
+the default behavior depends on the kernel,
+but is usually equivalent to
+.BR "xprtsec=none" .
 .SS "Options for NFS versions 2 and 3 only"
 Use these options, along with the options in the above subsection,
 for NFS versions 2 and 3 only.