Clean up: The usual convention for the values of command line
options and for pathnames is for them to appear italicized,
rather than emboldened or in double quotes.
Acked-by: J. Bruce Fields <bfields@fieldses.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
.SH NAME
rpc.gssd \- rpcsec_gss daemon
.SH SYNOPSIS
.SH NAME
rpc.gssd \- rpcsec_gss daemon
.SH SYNOPSIS
-.B "rpc.gssd [-f] [-n] [-k keytab] [-l] [-p pipefsdir] [-v] [-r] [-d ccachedir]"
+.B rpc.gssd
+.RB [ \-fnlvr ]
+.RB [ \-k
+.IR keytab ]
+.RB [ \-p
+.IR pipefsdir ]
+.RB [ \-d
+.IR ccachedir ]
+.RB [ \-t
+.IR timeout ]
+.RB [ \-R
+.IR realm ]
.SH DESCRIPTION
The rpcsec_gss protocol gives a means of using the gss-api generic security
api to provide security for protocols using rpc (in particular, nfs). Before
.SH DESCRIPTION
The rpcsec_gss protocol gives a means of using the gss-api generic security
api to provide security for protocols using rpc (in particular, nfs). Before
attempting to mount an nfs filesystem requiring Kerberos
authentication.
.TP
attempting to mount an nfs filesystem requiring Kerberos
authentication.
.TP
Tells
.B rpc.gssd
to use the keys found in
.I keytab
to obtain "machine credentials".
Tells
.B rpc.gssd
to use the keys found in
.I keytab
to obtain "machine credentials".
-The default value is "/etc/krb5.keytab".
+The default value is
+.I /etc/krb5.keytab.
.IP
Previous versions of
.B rpc.gssd
.IP
Previous versions of
.B rpc.gssd
This option is only available with Kerberos libraries that
support setable encryption types.
.TP
This option is only available with Kerberos libraries that
support setable encryption types.
.TP
Tells
.B rpc.gssd
where to look for the rpc_pipefs filesystem. The default value is
Tells
.B rpc.gssd
where to look for the rpc_pipefs filesystem. The default value is
-"/var/lib/nfs/rpc_pipefs".
+.IR /var/lib/nfs/rpc_pipefs .
Tells
.B rpc.gssd
where to look for Kerberos credential files. The default value is
Tells
.B rpc.gssd
where to look for Kerberos credential files. The default value is
This can also be a colon separated list of directories to be searched for
Kerberos credential files. The sequence "%U", if used, is replaced with
the UID of the user for whom credentials are being searched.
This can also be a colon separated list of directories to be searched for
Kerberos credential files. The sequence "%U", if used, is replaced with
the UID of the user for whom credentials are being searched.
If the rpcsec_gss library supports setting debug level,
increases the verbosity of the output (can be specified multiple times).
.TP
If the rpcsec_gss library supports setting debug level,
increases the verbosity of the output (can be specified multiple times).
.TP
Kerberos tickets from this
.I realm
will be preferred when scanning available credentials cache files to be
used to create a context. By default, the default realm, as configured
in the Kerberos configuration file, is preferred.
.TP
Kerberos tickets from this
.I realm
will be preferred when scanning available credentials cache files to be
used to create a context. By default, the default realm, as configured
in the Kerberos configuration file, is preferred.
.TP
Timeout, in seconds, for kernel gss contexts. This option allows you to force
new kernel contexts to be negotiated after
.I timeout
Timeout, in seconds, for kernel gss contexts. This option allows you to force
new kernel contexts to be negotiated after
.I timeout