diff options
author | Chuck Lever <chuck.lever@oracle.com> | 2020-05-26 11:02:16 -0400 |
---|---|---|
committer | Steve Dickson <steved@redhat.com> | 2020-05-26 11:07:19 -0400 |
commit | 2ebde7aadbcb05e6bc5b6537bfa405e3196cccd2 (patch) | |
tree | a33f08014abbc1bfb2a36ed4d039328073f896c5 /tools | |
parent | 244dbb5208e2a07568313dd0685be58bc014e453 (diff) | |
download | nfs-utils-2ebde7aadbcb05e6bc5b6537bfa405e3196cccd2.tar.gz |
man: Update nfs(5) and rpc.gssd(8) discussion of keytab needs
Because of the <anyname> wildcard feature in rpc.gssd, it's possible
for a customer to deploy the same keytab on many of her NFSv4 clients
to reduce the overhead of keytab distribution.
However, the practice of sharing the same service principal amongst
NFSv4 clients brings with it some hazards. Add documentation of those
exposures in our man pages.
The rpc.gssd(8) changes:
- Remove some needless redundancy
- Clarify the definition of "machine credentials"
- Update the use of <anyname> to explicitly not recommend sharing
service principals
The nfs(5) changes add two things:
- A brief discussion of the primary security exposure of sharing
service principals
- A mention of the nfs4.nfs_unique_id module parameter
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
Diffstat (limited to 'tools')
0 files changed, 0 insertions, 0 deletions