f783288f0c
The current GSS mech switch can find and load GSS pseudoflavor
modules by name ("krb5") or pseudoflavor number ("390003"), but
cannot find GSS modules by GSS tuple:
[ "1.2.840.113554.1.2.2", GSS_C_QOP_DEFAULT, RPC_GSS_SVC_NONE ]
This is important when dealing with a SECINFO request. A SECINFO
reply contains a list of flavors the server supports for the
requested export, but GSS flavors also have a GSS tuple that maps
to a pseudoflavor (like 390003 for krb5).
If the GSS module that supports the OID in the tuple is not loaded,
our client is not able to load that module dynamically to support
that pseudoflavor.
Add a way for the GSS mech switch to load GSS pseudoflavor support
by OID before searching for the pseudoflavor that matches the OID
and service.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Cc: David Howells <dhowells@redhat.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
61 lines
1.6 KiB
Plaintext
61 lines
1.6 KiB
Plaintext
config SUNRPC
|
|
tristate
|
|
|
|
config SUNRPC_GSS
|
|
tristate
|
|
select OID_REGISTRY
|
|
|
|
config SUNRPC_BACKCHANNEL
|
|
bool
|
|
depends on SUNRPC
|
|
|
|
config SUNRPC_XPRT_RDMA
|
|
tristate
|
|
depends on SUNRPC && INFINIBAND && INFINIBAND_ADDR_TRANS
|
|
default SUNRPC && INFINIBAND
|
|
help
|
|
This option allows the NFS client and server to support
|
|
an RDMA-enabled transport.
|
|
|
|
To compile RPC client RDMA transport support as a module,
|
|
choose M here: the module will be called xprtrdma.
|
|
|
|
If unsure, say N.
|
|
|
|
config SUNRPC_SWAP
|
|
bool
|
|
depends on SUNRPC
|
|
select NETVM
|
|
|
|
config RPCSEC_GSS_KRB5
|
|
tristate "Secure RPC: Kerberos V mechanism"
|
|
depends on SUNRPC && CRYPTO
|
|
depends on CRYPTO_MD5 && CRYPTO_DES && CRYPTO_CBC && CRYPTO_CTS
|
|
depends on CRYPTO_ECB && CRYPTO_HMAC && CRYPTO_SHA1 && CRYPTO_AES
|
|
depends on CRYPTO_ARC4
|
|
default y
|
|
select SUNRPC_GSS
|
|
help
|
|
Choose Y here to enable Secure RPC using the Kerberos version 5
|
|
GSS-API mechanism (RFC 1964).
|
|
|
|
Secure RPC calls with Kerberos require an auxiliary user-space
|
|
daemon which may be found in the Linux nfs-utils package
|
|
available from http://linux-nfs.org/. In addition, user-space
|
|
Kerberos support should be installed.
|
|
|
|
If unsure, say Y.
|
|
|
|
config SUNRPC_DEBUG
|
|
bool "RPC: Enable dprintk debugging"
|
|
depends on SUNRPC && SYSCTL
|
|
help
|
|
This option enables a sysctl-based debugging interface
|
|
that is be used by the 'rpcdebug' utility to turn on or off
|
|
logging of different aspects of the kernel RPC activity.
|
|
|
|
Disabling this option will make your kernel slightly smaller,
|
|
but makes troubleshooting NFS issues significantly harder.
|
|
|
|
If unsure, say Y.
|