Documentation: nfs: rpc-server-gss: convert to ReST

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Convert rpc-server-gss.txt to ReST. Content remains mostly unchanged.

Signed-off-by: Daniel W. S. Almeida <dwlsalmeida@gmail.com>
Link: https://lore.kernel.org/r/20200129044917.566906-4-dwlsalmeida@gmail.com
Signed-off-by: Jonathan Corbet <corbet@lwn.net>

authored by

Daniel W. S. Almeida and committed by

Jonathan Corbet 6 years ago 250baf06 f0bf8a98

+12 -8

2 changed files

expand all

Documentation

filesystems

nfs

index.rst

rpc-server-gss.rst

Documentation/filesystems/nfs/index.rst

··· 8 8 9 9 pnfs 10 10 rpc-cache 11 + rpc-server-gss

+11 -8

Documentation/filesystems/nfs/rpc-server-gss.txt Documentation/filesystems/nfs/rpc-server-gss.rst

··· 1 - 1 + ========================================= 2 2 rpcsec_gss support for kernel RPC servers 3 3 ========================================= 4 4 ··· 9 9 purposes of authentication.) 10 10 11 11 RPCGSS is specified in a few IETF documents: 12 + 12 13 - RFC2203 v1: http://tools.ietf.org/rfc/rfc2203.txt 13 14 - RFC5403 v2: http://tools.ietf.org/rfc/rfc5403.txt 15 + 14 16 and there is a 3rd version being proposed: 17 + 15 18 - http://tools.ietf.org/id/draft-williams-rpcsecgssv3.txt 16 19 (At draft n. 02 at the time of writing) 17 20 18 21 Background 19 - ---------- 22 + ========== 20 23 21 24 The RPCGSS Authentication method describes a way to perform GSSAPI 22 25 Authentication for NFS. Although GSSAPI is itself completely mechanism ··· 32 29 GSSAPI is a complex library, and implementing it completely in kernel is 33 30 unwarranted. However GSSAPI operations are fundementally separable in 2 34 31 parts: 32 + 35 33 - initial context establishment 36 34 - integrity/privacy protection (signing and encrypting of individual 37 35 packets) ··· 45 41 need upcalls to request userspace to perform context establishment. 46 42 47 43 NFS Server Legacy Upcall Mechanism 48 - ---------------------------------- 44 + ================================== 49 45 50 46 The classic upcall mechanism uses a custom text based upcall mechanism 51 47 to talk to a custom daemon called rpc.svcgssd that is provide by the ··· 66 62 back to the kernel (4KiB). 67 63 68 64 NFS Server New RPC Upcall Mechanism 69 - ----------------------------------- 65 + =================================== 70 66 71 67 The newer upcall mechanism uses RPC over a unix socket to a daemon 72 68 called gss-proxy, implemented by a userspace program called Gssproxy. 73 69 74 - The gss_proxy RPC protocol is currently documented here: 75 - 76 - https://fedorahosted.org/gss-proxy/wiki/ProtocolDocumentation 70 + The gss_proxy RPC protocol is currently documented `here 71 + <https://fedorahosted.org/gss-proxy/wiki/ProtocolDocumentation>`_. 77 72 78 73 This upcall mechanism uses the kernel rpc client and connects to the gssproxy 79 74 userspace program over a regular unix socket. The gssproxy protocol does not 80 75 suffer from the size limitations of the legacy protocol. 81 76 82 77 Negotiating Upcall Mechanisms 83 - ----------------------------- 78 + ============================= 84 79 85 80 To provide backward compatibility, the kernel defaults to using the 86 81 legacy mechanism. To switch to the new mechanism, gss-proxy must bind