NFSSEC.CONF(4) NFSSEC.CONF(4) NAME nfssec.conf - Network File System security mode configuration SYNOPSIS /etc/nfssec.conf DESCRIPTION /etc/nfssec.conf file is used to map symbolic names for Network File System (NFS) security modes used with sec= options for exportfs(1M) and mount(1M) to the RPC authentication flavours and NFS security pseudoflavours as described in RFC 2623 ``NFS Version 2 and Version 3 Security Issues and the NFS Protocol's Use of RPCSEC_GSS and Kerberos V5''. # is used to start a comment and whitespaces are used as field separators. Each non-comment line represent one entry which defines one security mode. There is no provision for wrapping the long lines. Each security mode definition is in the form of name number gss_mech gss_qop gss_service where name the name of the NFS security mode which can be used with mount(1M) or exportfs(1M) sec= option. number the NFS security number. Numbers 1 to 4 are the RPC authentication flavours which do not use RPCSEC_GSS authentication, numbers from 390000 onward repsesent pseudoflavours used to to negotiate security modes between client and server. The pseudoflavours are assigned by IANA. Note that AUTH_DES(3) and AUTH_KERB(4) RPC authentication flavours are not supported on Irix. gss_mech GSS mechanism name, e.g. kerberos_v5. '-' is used if the mode does not use RPCSEC_GSS authentication. gss_qop GSS Quality of Protection(QOP) name. 'default' or '-' can be used to select default QOP for the specified mechanism. gss_service GSS data protection service - can be one of - lone dash selects default service for the specified mechanism, usually it is the same as 'integrity' but may change, depending on the mechanism used. none authentication only, RPC header is protected by GSS signature but the data is unprotected. integrity both RPC call header and data are protected from unauthorized modification by GSS signature privacy RPC call header is protected by GSS signature, RPC call data is encrypted. SEE ALSO exports (4), fstab (4), rpcsec_gss (7). Page 2