Copy stable/10@r272459 to releng/10.1 as part of
the 10.1-RELEASE process.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

MFC: r270005
Try to clarify how file systems are exported for NFSv4.
This is a content change.

Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Attempt to clarify that for ZFS, all file systems under
the NFSv4 root must be exported. This is because ZFS
checks exports itself.
This is a content change.

MFC after: 2 weeks

Minor mdoc fixes.

Remove trailing whitespace per mdoc lint warning

Disussed with: gavin
No objection from: doc
Approved by: joel
MFC after: 3 days

Try and fix the exports.5 man page so that it clarifies how
NFSv4 exports are handled. Improved by informal review comments from
mckusick, kudak at mit.edu and bde.
This is a content change.

MFC after: 2 weeks

o Fix typo: sepcify -> specify.

PR: docs/148499
Submitted by: Warren Block
MFC after: 1 week

Description of steps required to setup NFSv4 server is in nfsv4(4);
add reference to exports(5), since that's the obvious starting point
for searching for this.

Modify mountd to handle the experimental nfs server as well as the
regular one. It now takes a "-4" command line argument to force it
to use the experimental server. Otherwise it will use the regular
server unless the experimental server is the only one linked into
the kernel. A third kind of line has been added to /etc/exports,
which is specific to NFSv4 and defines where the NFSv4 tree root is
and can be used to limit access to NFSv4 state handling operations
that do not use any file handle.

Approved by: kib (mentor)

Implement support for RPCSEC_GSS authentication to both the NFS client
and server. This replaces the RPC implementation of the NFS client and
server with the newer RPC implementation originally developed
(actually ported from the userland sunrpc code) to support the NFS
Lock Manager. I have tested this code extensively and I believe it is
stable and that performance is at least equal to the legacy RPC
implementation.

The NFS code currently contains support for both the new RPC
implementation and the older legacy implementation inherited from the
original NFS codebase. The default is to use the new implementation -
add the NFS_LEGACYRPC option to fall back to the old code. When I
merge this support back to RELENG_7, I will probably change this so
that users have to 'opt in' to get the new code.

To use RPCSEC_GSS on either client or server, you must build a kernel
which includes the KGSSAPI option and the crypto device. On the
userland side, you must build at least a new libc, mountd, mount_nfs
and gssd. You must install new versions of /etc/rc.d/gssd and
/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.

As long as gssd is running, you should be able to mount an NFS
filesystem from a server that requires RPCSEC_GSS authentication. The
mount itself can happen without any kerberos credentials but all
access to the filesystem will be denied unless the accessing user has
a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There
is currently no support for situations where the ticket file is in a
different place, such as when the user logged in via SSH and has
delegated credentials from that login. This restriction is also
present in Solaris and Linux. In theory, we could improve this in
future, possibly using Brooks Davis' implementation of variant
symlinks.

Supporting RPCSEC_GSS on a server is nearly as simple. You must create
service creds for the server in the form 'nfs/<fqdn>@<REALM>' and
install them in /etc/krb5.keytab. The standard heimdal utility ktutil
makes this fairly easy. After the service creds have been created, you
can add a '-sec=krb5' option to /etc/exports and restart both mountd
and nfsd.

The only other difference an administrator should notice is that nfsd
doesn't fork to create service threads any more. In normal operation,
there will be two nfsd processes, one in userland waiting for TCP
connections and one in the kernel handling requests. The latter
process will create as many kthreads as required - these should be
visible via 'top -H'. The code has some support for varying the number
of service threads according to load but initially at least, nfsd uses
a fixed number of threads according to the value supplied to its '-n'
option.

Sponsored by: Isilon Systems
MFC after: 1 month

- more mark-up fixes

Submitted by: ru

- add some missing words
- we don't have ne(4), replace it with re(4)
- fix markup
- bump date

Submitted by: ru
MFC after: 3 days

- markup fixes
- advise to use rc script to SIGHUP mountd
- add information about possiblity of using /prefix network notation [1]

PR: docs/124373
Reviewed by: jhb
Obtained from: NetBSD [1]
MFC after: 3 days

Use ".Pa" for path names.

MFC after: 3 days

Per letter dated July 22, 1999 remove 3rd clause of Berkeley derived software
(with permission of addtional copyright holders where appropriate)

Correct typo in the last revision.

Note that only one webnfs share is allowed per NFS server.

PR: docs/45371
Submitted by: Mattias Pantzare <pantzer@ludd.luth.se>,
Matthew D. Fuller <fullermd@over-yonder.net>
MFC after: 2 days

Be consistent in the EXAMPLES formatting.

english(4) police.

Uniformly refer to a file system as "file system".

Approved by: re

Kerberised NFS has never (as far as I can tell) worked outside
BSD 4.4. Nuke mention of Kerberos from the documentation here.

MFC after: 1 week

Try to give a more descriptive error message for the pilot error of
attempting to export the non-root of a filesystem with -alldirs. This
pilot error seems to be very common, and the "could not remount" error
message doesn't give much hints about the real reason. See the old PR
below for an example.

While i was at it, make it possible to entirely omit the often
annoying error message in that case by specifying the "quiet" exports
flag. This allows to specify something like

/cdrom -alldirs,ro,quiet <where to export to>

which will silently fail if nothing is mounted under /cdrom, but do
the rigth thing as soon as you mount something.

While doing this, i've put the embedded example in the exports(5) man
page into a subsection of its own as it ought to be.

Thanks for Paul Southworth for reminding me about this problem.

PR: bin/4448
MFC after: 1 month

mdoc(7) police: join split punctuation to macro calls.

mdoc(7) police: cosmetics.

Document continuation line support.

PR: 8479
Submitted by: Adrian Filipi-Martin <adrian@ubergeeks.com>

mdoc(7) police: split punctuation characters + misc fixes.

Prepare for mdoc(7)NG.

Prepare for mdoc(7)NG.

mdoc(7) police: use the new features of the Nm macro.

Explain why adding ``options NFSKERB'' breaks the kernel build.

PR: 10642
Reported by: Stefan Eggers <seggers@semyam.dinoco.de>
Submitted by: johan

Explicitly state that mountd can be made to re-read the exports file,
even though this may seem obvious to some folks.

Requested by: obrien

Remove single-space hard sentence breaks. These degrade the quality
of the typeset output, tend to make diffs harder to read and provide
bad examples for new-comers to mdoc.

$Id$ -> $FreeBSD$

Xref mountd in text.

Submitted by: Philippe Charnier

Correct improper use of .Sm. Document -d flag. Correct use of .Nm. Remove
unused #includes. Add usage(). Use warnx(). Correct spelling. Abort when
malloc() fails.

Merge WebNFS support from NetBSD.

Obtained from: NetBSD

Add cvs Id.

Merge from Lite2 (use new getvfsbyname() and mount(2) interface, cleanup)

Correct some man page cross references and file location references.

Changes to support version 3 of the NFS protocol.
The version 2 support has been tested (client+server) against FreeBSD-2.0,
IRIX 5.3 and FreeBSD-current (using a loopback mount). The version 2 support
is stable AFAIK.
The version 3 support has been tested with a loopback mount and minimally
against an IRIX 5.3 server. It needs more testing and may have problems.
I have patched amd to support the new variable length filehandles although
it will still only use version 2 of the protocol.

Before booting a kernel with these changes, nfs clients will need to at least
build and install /usr/sbin/mount_nfs. Servers will need to build and
install /usr/sbin/mountd.

NFS diskless support is untested.

Obtained from: Rick Macklem <rick@snowhite.cis.uoguelph.ca>

BSD 4.4 Lite sbin Sources

Note: XNSrouted and routed NOT imported here, they shall be imported with
usr.sbin.