The client now supports multiple sec= options as a colon delimited list.
Signed-off-by: Weston Andros Adamson <[email protected]>
---
utils/mount/nfs.man | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/utils/mount/nfs.man b/utils/mount/nfs.man
index 2a42b93..17b8d88 100644
--- a/utils/mount/nfs.man
+++ b/utils/mount/nfs.man
@@ -380,9 +380,10 @@ If a value of zero is specified, the
.BR mount (8)
command exits immediately after the first failure.
.TP 1.5i
-.BI sec= flavor
-The security flavor to use for accessing files on this mount point.
-If the server does not support this flavor, the mount operation fails.
+.BI sec= flavors
+A colon-delimited list of security flavors to use for accessing files on
+this mount point. If the server does not support any of these flavors,
+the mount operation fails.
If
.B sec=
is not specified, the client attempts to find
--
1.8.3.1 (Apple Git-46)
On Oct 29, 2013, at 12:30 PM, Chuck Lever <[email protected]> wrote:
>
> On Oct 29, 2013, at 12:27 PM, Weston Andros Adamson <[email protected]> wrote:
>
>> The client now supports multiple sec= options as a colon delimited list.
>>
>> Signed-off-by: Weston Andros Adamson <[email protected]>
>> ---
>> utils/mount/nfs.man | 7 ++++---
>> 1 file changed, 4 insertions(+), 3 deletions(-)
>>
>> diff --git a/utils/mount/nfs.man b/utils/mount/nfs.man
>> index 2a42b93..17b8d88 100644
>> --- a/utils/mount/nfs.man
>> +++ b/utils/mount/nfs.man
>> @@ -380,9 +380,10 @@ If a value of zero is specified, the
>> .BR mount (8)
>> command exits immediately after the first failure.
>> .TP 1.5i
>> -.BI sec= flavor
>> -The security flavor to use for accessing files on this mount point.
>> -If the server does not support this flavor, the mount operation fails.
>> +.BI sec= flavors
>> +A colon-delimited list of security flavors to use for accessing files on
>> +this mount point. If the server does not support any of these flavors,
>> +the mount operation fails.
>
> Just a nit: The new text kind of suggests that the colons are required. "sec=single flavor" is also still supported. Typically man page language is careful to show both.
Good point.
Should there be separate sections or should we do something like:
sec=flavor(s)
The security flavor or flavors to use for accessing files on this
mount point. Multiple security flavors may be specified as a
colon-delimited list. If the server does not support any of these flavors
the mount operation fails.
...
-dros
>
>
>> If
>> .B sec=
>> is not specified, the client attempts to find
>> --
>> 1.8.3.1 (Apple Git-46)
>>
>> --
>> To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
>> the body of a message to [email protected]
>> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
> --
> Chuck Lever
> chuck[dot]lever[at]oracle[dot]com
On Oct 29, 2013, at 12:36 PM, "Myklebust, Trond" <[email protected]> wrote:
>> -----Original Message-----
>> From: [email protected] [mailto:linux-nfs-
>> [email protected]] On Behalf Of Chuck Lever
>> Sent: Tuesday, October 29, 2013 12:30 PM
>> To: Weston Andros Adamson
>> Cc: [email protected]; [email protected]
>> Subject: Re: [PATCH] nfs.man: add description of multiple sec= options
>>
>>
>> On Oct 29, 2013, at 12:27 PM, Weston Andros Adamson <[email protected]>
>> wrote:
>>
>>> The client now supports multiple sec= options as a colon delimited list.
>>>
>>> Signed-off-by: Weston Andros Adamson <[email protected]>
>>> ---
>>> utils/mount/nfs.man | 7 ++++---
>>> 1 file changed, 4 insertions(+), 3 deletions(-)
>>>
>>> diff --git a/utils/mount/nfs.man b/utils/mount/nfs.man index
>>> 2a42b93..17b8d88 100644
>>> --- a/utils/mount/nfs.man
>>> +++ b/utils/mount/nfs.man
>>> @@ -380,9 +380,10 @@ If a value of zero is specified, the .BR mount
>>> (8) command exits immediately after the first failure.
>>> .TP 1.5i
>>> -.BI sec= flavor
>>> -The security flavor to use for accessing files on this mount point.
>>> -If the server does not support this flavor, the mount operation fails.
>>> +.BI sec= flavors
>>> +A colon-delimited list of security flavors to use for accessing files
>>> +on this mount point. If the server does not support any of these
>>> +flavors, the mount operation fails.
>>
>> Just a nit: The new text kind of suggests that the colons are required.
>> "sec=single flavor" is also still supported. Typically man page language is
>> careful to show both.
>
> How about "colon-separated list of one or more security flavours"? That's less ambiguous than "colon-delimited"...
Maybe Dros could also update the EXAMPLES section with one of each. Just a thought.
--
Chuck Lever
chuck[dot]lever[at]oracle[dot]com
On Oct 29, 2013, at 12:27 PM, Weston Andros Adamson <[email protected]> wrote:
> The client now supports multiple sec= options as a colon delimited list.
>
> Signed-off-by: Weston Andros Adamson <[email protected]>
> ---
> utils/mount/nfs.man | 7 ++++---
> 1 file changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/utils/mount/nfs.man b/utils/mount/nfs.man
> index 2a42b93..17b8d88 100644
> --- a/utils/mount/nfs.man
> +++ b/utils/mount/nfs.man
> @@ -380,9 +380,10 @@ If a value of zero is specified, the
> .BR mount (8)
> command exits immediately after the first failure.
> .TP 1.5i
> -.BI sec= flavor
> -The security flavor to use for accessing files on this mount point.
> -If the server does not support this flavor, the mount operation fails.
> +.BI sec= flavors
> +A colon-delimited list of security flavors to use for accessing files on
> +this mount point. If the server does not support any of these flavors,
> +the mount operation fails.
Just a nit: The new text kind of suggests that the colons are required. "sec=single flavor" is also still supported. Typically man page language is careful to show both.
> If
> .B sec=
> is not specified, the client attempts to find
> --
> 1.8.3.1 (Apple Git-46)
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
Chuck Lever
chuck[dot]lever[at]oracle[dot]com
On Oct 29, 2013, at 12:40 PM, Weston Andros Adamson <[email protected]> wrote:
>
> On Oct 29, 2013, at 12:30 PM, Chuck Lever <[email protected]> wrote:
>
>>
>> On Oct 29, 2013, at 12:27 PM, Weston Andros Adamson <[email protected]> wrote:
>>
>>> The client now supports multiple sec= options as a colon delimited list.
>>>
>>> Signed-off-by: Weston Andros Adamson <[email protected]>
>>> ---
>>> utils/mount/nfs.man | 7 ++++---
>>> 1 file changed, 4 insertions(+), 3 deletions(-)
>>>
>>> diff --git a/utils/mount/nfs.man b/utils/mount/nfs.man
>>> index 2a42b93..17b8d88 100644
>>> --- a/utils/mount/nfs.man
>>> +++ b/utils/mount/nfs.man
>>> @@ -380,9 +380,10 @@ If a value of zero is specified, the
>>> .BR mount (8)
>>> command exits immediately after the first failure.
>>> .TP 1.5i
>>> -.BI sec= flavor
>>> -The security flavor to use for accessing files on this mount point.
>>> -If the server does not support this flavor, the mount operation fails.
>>> +.BI sec= flavors
>>> +A colon-delimited list of security flavors to use for accessing files on
>>> +this mount point. If the server does not support any of these flavors,
>>> +the mount operation fails.
>>
>> Just a nit: The new text kind of suggests that the colons are required. "sec=single flavor" is also still supported. Typically man page language is careful to show both.
>
> Good point.
>
> Should there be separate sections or should we do something like:
>
> sec=flavor(s)
>
> The security flavor or flavors to use for accessing files on this
> mount point. Multiple security flavors may be specified as a
> colon-delimited list. If the server does not support any of these flavors
> the mount operation fails.
The current text is:
sec=flavor The security flavor to use for accessing files on this mount
point. If the server does not support this flavor, the mount
operation fails. If sec= is not specified, the client attempts
to find a security flavor that both the client and the server
supports. Valid flavors are none, sys, krb5, krb5i, and krb5p.
Refer to the SECURITY CONSIDERATIONS section for details.
You might consider:
> sec=flavorlist
>
> The security flavor or flavors to use when accessing files on this mount point. Multiple flavors are specified as a colon-delimited list. If sec= is not specified, the mount's security flavor list contains all security flavors the client supports.
>
> The client chooses the strongest flavor on this list that is supported by the export's security policy. If the server does not support any of these flavors, the mount operation fails.
>
> Valid flavors are ....
I think my description of the negotiation strategy could be made more accurate, and you should mention how (whether?) flavor list ordering works. Do you feel this is too much for a single section? Some detail can be moved to SECURITY CONSIDERATIONS.
--
Chuck Lever
chuck[dot]lever[at]oracle[dot]com
> -----Original Message-----
> From: [email protected] [mailto:linux-nfs-
> [email protected]] On Behalf Of Chuck Lever
> Sent: Tuesday, October 29, 2013 12:30 PM
> To: Weston Andros Adamson
> Cc: [email protected]; [email protected]
> Subject: Re: [PATCH] nfs.man: add description of multiple sec= options
>
>
> On Oct 29, 2013, at 12:27 PM, Weston Andros Adamson <[email protected]>
> wrote:
>
> > The client now supports multiple sec= options as a colon delimited list.
> >
> > Signed-off-by: Weston Andros Adamson <[email protected]>
> > ---
> > utils/mount/nfs.man | 7 ++++---
> > 1 file changed, 4 insertions(+), 3 deletions(-)
> >
> > diff --git a/utils/mount/nfs.man b/utils/mount/nfs.man index
> > 2a42b93..17b8d88 100644
> > --- a/utils/mount/nfs.man
> > +++ b/utils/mount/nfs.man
> > @@ -380,9 +380,10 @@ If a value of zero is specified, the .BR mount
> > (8) command exits immediately after the first failure.
> > .TP 1.5i
> > -.BI sec= flavor
> > -The security flavor to use for accessing files on this mount point.
> > -If the server does not support this flavor, the mount operation fails.
> > +.BI sec= flavors
> > +A colon-delimited list of security flavors to use for accessing files
> > +on this mount point. If the server does not support any of these
> > +flavors, the mount operation fails.
>
> Just a nit: The new text kind of suggests that the colons are required.
> "sec=single flavor" is also still supported. Typically man page language is
> careful to show both.
How about "colon-separated list of one or more security flavours"? That's less ambiguous than "colon-delimited"...
Cheers
Trond
DQpPbiBPY3QgMjksIDIwMTMsIGF0IDEyOjM2IFBNLCBNeWtsZWJ1c3QsIFRyb25kIDxUcm9uZC5N
eWtsZWJ1c3RAbmV0YXBwLmNvbT4gd3JvdGU6DQoNCj4+IC0tLS0tT3JpZ2luYWwgTWVzc2FnZS0t
LS0tDQo+PiBGcm9tOiBsaW51eC1uZnMtb3duZXJAdmdlci5rZXJuZWwub3JnIFttYWlsdG86bGlu
dXgtbmZzLQ0KPj4gb3duZXJAdmdlci5rZXJuZWwub3JnXSBPbiBCZWhhbGYgT2YgQ2h1Y2sgTGV2
ZXINCj4+IFNlbnQ6IFR1ZXNkYXksIE9jdG9iZXIgMjksIDIwMTMgMTI6MzAgUE0NCj4+IFRvOiBX
ZXN0b24gQW5kcm9zIEFkYW1zb24NCj4+IENjOiBzdGV2ZWRAcmVkaGF0LmNvbTsgbGludXgtbmZz
QHZnZXIua2VybmVsLm9yZw0KPj4gU3ViamVjdDogUmU6IFtQQVRDSF0gbmZzLm1hbjogYWRkIGRl
c2NyaXB0aW9uIG9mIG11bHRpcGxlIHNlYz0gb3B0aW9ucw0KPj4gDQo+PiANCj4+IE9uIE9jdCAy
OSwgMjAxMywgYXQgMTI6MjcgUE0sIFdlc3RvbiBBbmRyb3MgQWRhbXNvbiA8ZHJvc0BuZXRhcHAu
Y29tPg0KPj4gd3JvdGU6DQo+PiANCj4+PiBUaGUgY2xpZW50IG5vdyBzdXBwb3J0cyBtdWx0aXBs
ZSBzZWM9IG9wdGlvbnMgYXMgYSBjb2xvbiBkZWxpbWl0ZWQgbGlzdC4NCj4+PiANCj4+PiBTaWdu
ZWQtb2ZmLWJ5OiBXZXN0b24gQW5kcm9zIEFkYW1zb24gPGRyb3NAbmV0YXBwLmNvbT4NCj4+PiAt
LS0NCj4+PiB1dGlscy9tb3VudC9uZnMubWFuIHwgNyArKysrLS0tDQo+Pj4gMSBmaWxlIGNoYW5n
ZWQsIDQgaW5zZXJ0aW9ucygrKSwgMyBkZWxldGlvbnMoLSkNCj4+PiANCj4+PiBkaWZmIC0tZ2l0
IGEvdXRpbHMvbW91bnQvbmZzLm1hbiBiL3V0aWxzL21vdW50L25mcy5tYW4gaW5kZXgNCj4+PiAy
YTQyYjkzLi4xN2I4ZDg4IDEwMDY0NA0KPj4+IC0tLSBhL3V0aWxzL21vdW50L25mcy5tYW4NCj4+
PiArKysgYi91dGlscy9tb3VudC9uZnMubWFuDQo+Pj4gQEAgLTM4MCw5ICszODAsMTAgQEAgSWYg
YSB2YWx1ZSBvZiB6ZXJvIGlzIHNwZWNpZmllZCwgdGhlIC5CUiBtb3VudA0KPj4+ICg4KSBjb21t
YW5kIGV4aXRzIGltbWVkaWF0ZWx5IGFmdGVyIHRoZSBmaXJzdCBmYWlsdXJlLg0KPj4+IC5UUCAx
LjVpDQo+Pj4gLS5CSSBzZWM9IGZsYXZvcg0KPj4+IC1UaGUgc2VjdXJpdHkgZmxhdm9yIHRvIHVz
ZSBmb3IgYWNjZXNzaW5nIGZpbGVzIG9uIHRoaXMgbW91bnQgcG9pbnQuDQo+Pj4gLUlmIHRoZSBz
ZXJ2ZXIgZG9lcyBub3Qgc3VwcG9ydCB0aGlzIGZsYXZvciwgdGhlIG1vdW50IG9wZXJhdGlvbiBm
YWlscy4NCj4+PiArLkJJIHNlYz0gZmxhdm9ycw0KPj4+ICtBIGNvbG9uLWRlbGltaXRlZCBsaXN0
IG9mIHNlY3VyaXR5IGZsYXZvcnMgdG8gdXNlIGZvciBhY2Nlc3NpbmcgZmlsZXMNCj4+PiArb24g
dGhpcyBtb3VudCBwb2ludC4gSWYgdGhlIHNlcnZlciBkb2VzIG5vdCBzdXBwb3J0IGFueSBvZiB0
aGVzZQ0KPj4+ICtmbGF2b3JzLCB0aGUgbW91bnQgb3BlcmF0aW9uIGZhaWxzLg0KPj4gDQo+PiBK
dXN0IGEgbml0OiAgVGhlIG5ldyB0ZXh0IGtpbmQgb2Ygc3VnZ2VzdHMgdGhhdCB0aGUgY29sb25z
IGFyZSByZXF1aXJlZC4NCj4+ICJzZWM9c2luZ2xlIGZsYXZvciIgaXMgYWxzbyBzdGlsbCBzdXBw
b3J0ZWQuICBUeXBpY2FsbHkgbWFuIHBhZ2UgbGFuZ3VhZ2UgaXMNCj4+IGNhcmVmdWwgdG8gc2hv
dyBib3RoLg0KPiANCj4gSG93IGFib3V0ICJjb2xvbi1zZXBhcmF0ZWQgbGlzdCBvZiBvbmUgb3Ig
bW9yZSBzZWN1cml0eSBmbGF2b3VycyI/IFRoYXQncyBsZXNzIGFtYmlndW91cyB0aGFuICJjb2xv
bi1kZWxpbWl0ZWQi4oCmDQoNCk9LLCBidXQgZndpdyBJIGFwZWQgdGhhdCBmcm9tIHRoZSBleHBv
cnRzIG1hbnBhZ2U6DQoNCiAgICAgICBzZWM9ICAgVGhlICBzZWM9IG9wdGlvbiwgZm9sbG93ZWQg
YnkgYSBjb2xvbi1kZWxpbWl0ZWQgbGlzdCBvZiBzZWN1cml0eQ0KICAgICAgICAgICAgICBmbGF2
b3JzLCByZXN0cmljdHMgdGhlIGV4cG9ydCB0byBjbGllbnRzICB1c2luZyAgdGhvc2UgIGZsYXZv
cnMuDQogICAgICAgICAgICAgIEF2YWlsYWJsZSAgc2VjdXJpdHkgZmxhdm9ycyBpbmNsdWRlIHN5
cyAodGhlIGRlZmF1bHQtLW5vIGNyeXB0b+KAkA0K4oCmDQoNClNvIGl0Og0KIDEpIGlzbuKAmXQg
Y2xlYXIgdGhhdCBvbmUgZmxhdm9yIGlzIGFuIG9wdGlvbi4NCiAyKSBzYXlzIOKAnGNvbG9uLWRl
bGltaXRlZCINCg0KU2hvdWxkIHdlIGNsZWFuIHRoaXMgdXAgdG9vPw0KDQotZHJvcw==