for accesses by UID 0. Instead, credentials must be obtained
manually like all other users. Use of this option means that
"root" must manually obtain Kerberos credentials before
-attemtpting to mount an nfs filesystem requiring Kerberos
+attempting to mount an nfs filesystem requiring Kerberos
authentication.
.TP
.B -k keytab
.B -d directory
Tells
.B rpc.gssd
-where to look for kerberos credential files. The default value is "/tmp".
+where to look for Kerberos credential files. The default value is "/tmp".
+This can also be a colon separated list of directories to be searched
+for Kerberos credential files. Note that if machine credentials are being
+stored in files, then the first directory on this list is where the
+machine credentials are stored.
.TP
.B -v
Increases the verbosity of the output (can be specified multiple times).
.B -r
If the rpcsec_gss library supports setting debug level,
increases the verbosity of the output (can be specified multiple times).
+.TP
+.B -R realm
+Kerberos tickets from this
+.I realm
+will be preferred when scanning available credentials cache files to be
+used to create a context. By default, the default realm, as configured
+in the Kerberos configuration file, is preferred.
+.TP
+.B -t timeout
+Timeout, in seconds, for kernel gss contexts. This option allows you to force
+new kernel contexts to be negotiated after
+.I timeout
+seconds, which allows changing Kerberos tickets and identities frequently.
+The default is no explicit timeout, which means the kernel context will live
+the lifetime of the Kerberos service ticket used in its creation.
.SH SEE ALSO
.BR rpc.svcgssd(8)
.SH AUTHORS