mount_nfs.8: Update man page for the "syskrb5" option

Commit 896516e54a added a new NFS mount option
used for Kerberized NFSv4.1/4.2 mounts. It specifies that
AUTH_SYS be used for state maintenance (also called system)
operations. This allows the mount to be done without the
"gssname" option or a valid Kerberos TGT being held by the
user doing the mount (so it can be specified in fstab(5) for
example).

Reviewed by:	gbe (manpages), karels
MFC after:	3 months
Differential Revision:	https://reviews.freebsd.org/D39469
This commit is contained in:
Rick Macklem
2023-04-11 12:17:09 -07:00
parent 2169f71277
commit 61330e494f
+17 -2
View File
@@ -28,7 +28,7 @@
.\" @(#)mount_nfs.8 8.3 (Berkeley) 3/29/95
.\" $FreeBSD$
.\"
.Dd September 24, 2022
.Dd April 3, 2023
.Dt MOUNT_NFS 8
.Os
.Sh NAME
@@ -166,7 +166,7 @@ It allows the mount to be performed by
and avoids problems with
cached credentials for the system operations expiring.
The
.Dq "service-prinicpal-name"
.Dq "service-principal-name"
should be specified without instance or domain and is typically
.Dq "host" ,
.Dq "nfs"
@@ -441,6 +441,21 @@ A soft mount, which implies that file system calls will fail
after
.Ar retrycnt
round trip timeout intervals.
.It Cm syskrb5
This option specifies that a KerberosV NFSv4 minor version 1 or 2 mount
uses AUTH_SYS for system operations.
Using this option avoids the need for a KerberosV mount to have a
host-based principal entry in the default keytab file
(no
.Cm gssname
option) or a requirement for the user doing the mount to have a
valid KerberosV ticket granting ticket (TGT) when the mount is done.
This option is intended to be used with the
.Cm sec Ns = Ns krb5
and
.Cm tls
options and can only be used for
NFSv4 mounts with minor version 1 or 2.
.It Cm tcp
Use TCP transport.
This is the default option, as it provides for increased reliability on both