From: "Daniel W. S. Almeida" <dwlsalmeida@gmail.com>
To: corbet@lwn.net, mchehab+samsung@kernel.org
Cc: linux-kernel@vger.kernel.org,
linux-kernel-mentees@lists.linuxfoundation.org,
"Daniel W. S. Almeida" <dwlsalmeida@gmail.com>,
linux-doc@vger.kernel.org
Subject: [Linux-kernel-mentees] [PATCH 3/5] Documentation: nfs: rpc-server-gss: convert to ReST
Date: Mon, 30 Dec 2019 02:04:45 -0300 [thread overview]
Message-ID: <a86269bc495edfc827e7c80ffe038f410315f028.1577681894.git.dwlsalmeida@gmail.com> (raw)
In-Reply-To: <cover.1577681894.git.dwlsalmeida@gmail.com>
From: "Daniel W. S. Almeida" <dwlsalmeida@gmail.com>
Convert rpc-server-gss.txt to ReST. Content remains mostly unchanged.
Signed-off-by: Daniel W. S. Almeida <dwlsalmeida@gmail.com>
---
Documentation/filesystems/nfs/index.rst | 1 +
...{rpc-server-gss.txt => rpc-server-gss.rst} | 19 +++++++++++--------
2 files changed, 12 insertions(+), 8 deletions(-)
rename Documentation/filesystems/nfs/{rpc-server-gss.txt => rpc-server-gss.rst} (92%)
diff --git a/Documentation/filesystems/nfs/index.rst b/Documentation/filesystems/nfs/index.rst
index 52f4956e7770..9d5365cbe2c3 100644
--- a/Documentation/filesystems/nfs/index.rst
+++ b/Documentation/filesystems/nfs/index.rst
@@ -8,3 +8,4 @@ NFS
pnfs
rpc-cache
+ rpc-server-gss
diff --git a/Documentation/filesystems/nfs/rpc-server-gss.txt b/Documentation/filesystems/nfs/rpc-server-gss.rst
similarity index 92%
rename from Documentation/filesystems/nfs/rpc-server-gss.txt
rename to Documentation/filesystems/nfs/rpc-server-gss.rst
index 310bbbaf9080..812754576845 100644
--- a/Documentation/filesystems/nfs/rpc-server-gss.txt
+++ b/Documentation/filesystems/nfs/rpc-server-gss.rst
@@ -1,4 +1,4 @@
-
+=========================================
rpcsec_gss support for kernel RPC servers
=========================================
@@ -9,14 +9,17 @@ NFSv4.1 and higher don't require the client to act as a server for the
purposes of authentication.)
RPCGSS is specified in a few IETF documents:
+
- RFC2203 v1: http://tools.ietf.org/rfc/rfc2203.txt
- RFC5403 v2: http://tools.ietf.org/rfc/rfc5403.txt
+
and there is a 3rd version being proposed:
+
- http://tools.ietf.org/id/draft-williams-rpcsecgssv3.txt
(At draft n. 02 at the time of writing)
Background
-----------
+==========
The RPCGSS Authentication method describes a way to perform GSSAPI
Authentication for NFS. Although GSSAPI is itself completely mechanism
@@ -29,6 +32,7 @@ depends on GSSAPI extensions that are KRB5 specific.
GSSAPI is a complex library, and implementing it completely in kernel is
unwarranted. However GSSAPI operations are fundementally separable in 2
parts:
+
- initial context establishment
- integrity/privacy protection (signing and encrypting of individual
packets)
@@ -41,7 +45,7 @@ kernel, but leave the initial context establishment to userspace. We
need upcalls to request userspace to perform context establishment.
NFS Server Legacy Upcall Mechanism
-----------------------------------
+==================================
The classic upcall mechanism uses a custom text based upcall mechanism
to talk to a custom daemon called rpc.svcgssd that is provide by the
@@ -62,21 +66,20 @@ groups) due to limitation on the size of the buffer that can be send
back to the kernel (4KiB).
NFS Server New RPC Upcall Mechanism
------------------------------------
+===================================
The newer upcall mechanism uses RPC over a unix socket to a daemon
called gss-proxy, implemented by a userspace program called Gssproxy.
-The gss_proxy RPC protocol is currently documented here:
-
- https://fedorahosted.org/gss-proxy/wiki/ProtocolDocumentation
+The gss_proxy RPC protocol is currently documented `here
+<https://fedorahosted.org/gss-proxy/wiki/ProtocolDocumentation>`_.
This upcall mechanism uses the kernel rpc client and connects to the gssproxy
userspace program over a regular unix socket. The gssproxy protocol does not
suffer from the size limitations of the legacy protocol.
Negotiating Upcall Mechanisms
------------------------------
+=============================
To provide backward compatibility, the kernel defaults to using the
legacy mechanism. To switch to the new mechanism, gss-proxy must bind
--
2.24.1
_______________________________________________
Linux-kernel-mentees mailing list
Linux-kernel-mentees@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/linux-kernel-mentees
next prev parent reply other threads:[~2019-12-30 5:05 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-30 5:04 [Linux-kernel-mentees] [PATCH 0/5] Documentation: nfs: convert remaining files to ReST Daniel W. S. Almeida
2019-12-30 5:04 ` [Linux-kernel-mentees] [PATCH 1/5] Documentation: nfs: convert pnfs.txt " Daniel W. S. Almeida
2019-12-30 5:04 ` [Linux-kernel-mentees] [PATCH 2/5] Documentation: nfs: rpc-cache: convert " Daniel W. S. Almeida
2019-12-30 5:04 ` Daniel W. S. Almeida [this message]
2019-12-30 5:04 ` [Linux-kernel-mentees] [PATCH 4/5] Documentation: nfs: nfs41-server: " Daniel W. S. Almeida
2019-12-30 5:04 ` [Linux-kernel-mentees] [PATCH 5/5] Documentation: nfs: knfsd-stats: " Daniel W. S. Almeida
2020-01-17 17:32 ` [Linux-kernel-mentees] [PATCH 0/5] Documentation: nfs: convert remaining files " Jonathan Corbet
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a86269bc495edfc827e7c80ffe038f410315f028.1577681894.git.dwlsalmeida@gmail.com \
--to=dwlsalmeida@gmail.com \
--cc=corbet@lwn.net \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel-mentees@lists.linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mchehab+samsung@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).