--- /dev/null
+NFSv4 in Debian
+===============
+
+NFSv4 support in Debian is rather new, and not fully supported yet. If you want
+to experiment, make sure you have:
+
+ - a recent 2.6 kernel on both client and server; newer is better. You might even
+ want to use CITI's patch set from http://www.citi.umich.edu/projects/nfsv4/linux/ .
+ - a recent enough version of nfs-utils on both client and server (you probably
+ have on at least one of them, since you're reading this file!).
+ - a patched mount, which will hopefully enter the archive soon at the time of
+ writing -- otherwise, you'll have to enable the patch in the Debian package
+ yourself and rebuild it. (It is not enabled by default, since the current version
+ of the patch breaks mounting against NFSv2-only servers, such as nfs-user-server.)
+
+The export structure might be a bit confusing if you're already familiar with
+NFSv2 or NFSv3. The biggest difference is that you will need to export an explicit
+root of your pseudofilesystem, like this /etc/exports fragment:
+
+ /nfs4 hostname(rw,sync,fsid=0,crossmnt)
+
+(It doesn't need to be named "nfs4".) Then you can mount other volumes under that,
+like:
+
+ /nfs4/music hostname(rw,sync)
+ /nfs4/movies hostname(rw,sync)
+
+Then your client can mount shares like this:
+
+ mount -t nfs4 server:/music /mnt/music
+
+Since you might not have everything under one root, you might want /nfs4/* on the
+server to be bind mounts, ie.:
+
+ mount --bind /srv/music /nfs4/music
+
+or in /etc/fstab:
+
+ /srv/music /nfs4/music none bind 0 0
+
+If you do not wish to use host-based authentication, you can specify "gss/krb5"
+instead of a hostname to get Kerberos-based authentication instead. For this,
+you will need an "nfs/hostname@REALM" entry in /etc/krb5.keytab, as well as
+rpc.gssd running on the client (enable it manually in /etc/default/nfs-common)
+and rpc.svcgssd running on the server (it should be autodetected once you put
+Kerberos mounts in /etc/exports).
+
+If you use "gss/krb5i", you will also get integrity (ie. authentication), and
+with "gss/krb5p", you'll also get privacy (ie. encryption). Make sure your
+kernel supports this; not all kernels do.
+
+ -- Steinar H. Gunderson <sesse@debian.org>, Wed, 05 Apr 2006 18:09:47 +0200
+nfs-utils (1:1.0.7-7) unstable; urgency=high
+
+ * urgency=high, fixes an RC bug.
+ * Let the init script test for kernel support before trying to start
+ nfs-kernel-server. (Closes: #360420)
+ * Include help on how to activate /etc/exports changes; text from
+ Martin Pool. (Closes: #239286)
+ * Document sync option in exports man page. (Closes: #297135)
+ * Give an example in /etc/exports. (Closes: #345460)
+ * Write a mini-HOWTO on how to get NFSv4 up and running. (Closes: #294468)
+ * Install it in debian/rules.
+
+ -- Steinar H. Gunderson <sesse@debian.org> Wed, 5 Apr 2006 18:15:20 +0200
+
nfs-utils (1:1.0.7-6) unstable; urgency=low
* Let the man-page fixup script in debian/rules look for the man pages in
# /etc/exports: the access control list for filesystems which may be exported
# to NFS clients. See exports(5).
+#
+# Example for NFSv2 and NFSv3:
+# /srv/homes hostname1(rw,sync) hostname2(ro,sync)
+#
+# Example for NFSv4:
+# /srv/nfs4 gss/krb5i(rw,sync,fsid=0,crossmnt)
+# /srv/nfs4/homes gss/krb5i(rw,sync)
+#
the export name using a backslash followed by the character code as three
octal digits.
.PP
+To apply changes to this file, run exportfs -ra or (on Debian)
+/etc/init.d/nfs-kernel-server reload.
+.PP
.SS Machine Name Formats
NFS clients may be specified in a number of ways:
.IP "single host
an unclean server restart (i.e. a crash) can cause data to be lost or
corrupted.
+.TP
+.IR sync
+Reply to requests only after the changes have been committed to stable
+storage (see
+.IR async
+above).
+
In releases of nfs-utils upto and including 1.0.0, this option was the
default. In this and future releases,
.I sync
projects / nfs-utils.git / commitdiff