NFSSEC.CONF(4)NFSSEC.CONF(4)NAMEnfssec.conf - Network File System security mode configuration
SYNOPSIS
/etc/nfssec.conf
DESCRIPTION
/etc/nfssec.conf file is used to map symbolic names for Network File
System (NFS) security modes used with sec= options for exportfs(1M) and
mount(1M) to the RPC authentication flavours and NFS security
pseudoflavours as described in RFC 2623 ``NFS Version 2 and Version 3
Security Issues and the NFS Protocol's Use of RPCSEC_GSS and Kerberos
V5''.
# is used to start a comment and whitespaces are used as field
separators. Each non-comment line represent one entry which defines one
security mode. There is no provision for wrapping the long lines.
Each security mode definition is in the form of
name number gss_mech gss_qop gss_service
where
name the name of the NFS security mode which can be used with mount(1M)
or exportfs(1M) sec= option.
number
the NFS security number. Numbers 1 to 4 are the RPC authentication
flavours which do not use RPCSEC_GSS authentication, numbers from
390000 onward repsesent pseudoflavours used to to negotiate security
modes between client and server. The pseudoflavours are assigned by
IANA.
Note that AUTH_DES(3) and AUTH_KERB(4) RPC authentication flavours
are not supported on Irix.
gss_mech
GSS mechanism name, e.g. kerberos_v5. '-' is used if the mode does
not use RPCSEC_GSS authentication.
gss_qop
GSS Quality of Protection(QOP) name. 'default' or '-' can be used to
select default QOP for the specified mechanism.
gss_service
GSS data protection service - can be one of
- lone dash selects default service for the specified mechanism,
usually it is the same as 'integrity' but may change, depending
on the mechanism used.
Page 1
NFSSEC.CONF(4)NFSSEC.CONF(4)
none authentication only, RPC header is protected by GSS signature
but the data is unprotected.
integrity
both RPC call header and data are protected from unauthorized
modification by GSS signature
privacy
RPC call header is protected by GSS signature, RPC call data is
encrypted.
SEE ALSO
exports (4), fstab (4), rpcsec_gss (7).
Page 2