From owner-freebsd-fs@FreeBSD.ORG  Sun Apr 29 03:54:12 2012
Return-Path: <owner-freebsd-fs@FreeBSD.ORG>
Delivered-To: freebsd-fs@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 469A91065673
	for <freebsd-fs@freebsd.org>; Sun, 29 Apr 2012 03:54:12 +0000 (UTC)
	(envelope-from rsimmons0@gmail.com)
Received: from mail-vb0-f54.google.com (mail-vb0-f54.google.com
	[209.85.212.54])
	by mx1.freebsd.org (Postfix) with ESMTP id EE0FE8FC12
	for <freebsd-fs@freebsd.org>; Sun, 29 Apr 2012 03:54:11 +0000 (UTC)
Received: by vbmv11 with SMTP id v11so1833534vbm.13
	for <freebsd-fs@freebsd.org>; Sat, 28 Apr 2012 20:54:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=mime-version:date:message-id:subject:from:to:content-type;
	bh=gwE1Xl/ZBLEap+t1OAsUywEVLXwLbV01B5c3ruiGNAw=;
	b=nhKCoaWBkTgrFsS2T4R5g91m6QuQp1SLFxivAeCk9Qoh6fKFGlO4Kwbg50Y/cKqrNt
	SLC0PGm6wAjK8SQrvQzrtH2syeB7ZTpIxnxmWHtV0BV7ZXOF/CWCSm3D/KCLC3W1d4Po
	IZoBdj0NBYtxmYTgrjssHpQt7e7nyyCxZL+sPTJfqysWX9eCFbcz/X0UCb4e+vCe+cM1
	Zjosa02EpSjqkgzy6SNi6EBLJSxn/NeAKYSqpdOvJ6gNxZFDJ491EDTEEWk/WkF1p+5F
	8GM2rnz4P0GANH4abM0Tg94wW+aXX+ekKUrPISPz2K1qVgrgonp19eIf7c60j9y8JSvb
	e3aA==
MIME-Version: 1.0
Received: by 10.220.108.16 with SMTP id d16mr16765561vcp.51.1335671645142;
	Sat, 28 Apr 2012 20:54:05 -0700 (PDT)
Received: by 10.52.66.239 with HTTP; Sat, 28 Apr 2012 20:54:05 -0700 (PDT)
Date: Sat, 28 Apr 2012 23:54:05 -0400
Message-ID: <CA+QLa9A-ZzupAaLxiuc_0uGYyOOmgcYfxE8SH5cxzMR8gxOGpQ@mail.gmail.com>
From: Robert Simmons <rsimmons0@gmail.com>
To: freebsd-fs@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1
Subject: NFSv4 Questions
X-BeenThere: freebsd-fs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Filesystems <freebsd-fs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-fs>,
	<mailto:freebsd-fs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-fs>
List-Post: <mailto:freebsd-fs@freebsd.org>
List-Help: <mailto:freebsd-fs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-fs>,
	<mailto:freebsd-fs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 29 Apr 2012 03:54:12 -0000

I've been digging and digging to find sources to clarify the
exports(5) man page with no luck.  What I have read differs from what
I see on my server.  From the man page examples section:

V4: /   -sec=krb5:krb5i:krb5p -network 131.104.48 -mask 255.255.255.0

Now, here is what I have put as an experiment to try to understand
what's happening here (my /etc/exports):

V4: / -sec=krb5 -network 192.168.1 -mask 255.255.255.0
/

In this case, -sec=krb5 is totally ignored.  I can mount / using sys.

If I use this:

V4: /
/ -sec=krb5

It requires proper kerberos authentication.

My next question is can I reject NFSv3/v2 clients/connections?

Third question is: how can I disable rpcbind?  It seems that the
following does not work in rc.conf:
rpcbind_enable="NO"
When I'm running NFSv4 rpcbind is not needed, but it seems that mountd
always starts rpcbind no matter what I do:
/etc/rc.d/rpcbind stop
is the only way to do it, and that is only after boot, or mountd starting.