Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 3 Sep 2020 20:42:31 +0000 (UTC)
From:      Rick Macklem <rmacklem@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r365309 - head/share/snmp/mibs
Message-ID:  <202009032042.083KgVL7094960@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: rmacklem
Date: Thu Sep  3 20:42:30 2020
New Revision: 365309
URL: https://svnweb.freebsd.org/changeset/base/365309

Log:
  Add entries for the OID used for NFS-over-TLS "user@domain".
  
  The NFS-over-TLS server daemon (rpc.tlsservd) can optionally replace user
  credentials in the RPC header with ones derived from a username specified
  by the form "user@domain", if this exists in the client's X.509 v3 certificate.
  Specifically, "user@domain" needs to be in the "otherName" component of
  subjectjAltName, with a unique OID as assigned by this update.
  
  This patch adds a subtree for the "otherName" component of subjectAltName in
  X.509 v3 cerificates and a value for "user@domain" as used by NFS-over-TLS.
  
  Reviewed by:	phk, gordon
  Differential Revision:	https://reviews.freebsd.org/D26225

Modified:
  head/share/snmp/mibs/FREEBSD-MIB.txt

Modified: head/share/snmp/mibs/FREEBSD-MIB.txt
==============================================================================
--- head/share/snmp/mibs/FREEBSD-MIB.txt	Thu Sep  3 20:30:52 2020	(r365308)
+++ head/share/snmp/mibs/FREEBSD-MIB.txt	Thu Sep  3 20:42:30 2020	(r365309)
@@ -16,7 +16,7 @@ IMPORTS
 		FROM SNMPv2-SMI;
 
 freeBSD MODULE-IDENTITY
-	LAST-UPDATED "200610311000Z"
+	LAST-UPDATED "202009032030Z"
 	ORGANIZATION "The FreeBSD Project."
 	CONTACT-INFO
 		"phk@FreeBSD.org is contact person for this file.
@@ -24,6 +24,9 @@ freeBSD MODULE-IDENTITY
 	DESCRIPTION
 		"The Structure of Management Information for the
 		FreeBSD Project enterprise MIB subtree."
+	REVISION      "202009031900Z"
+	DESCRIPTION
+		"Added entries for the otherName component of a X.509 cert"
 	REVISION      "200610310800Z"
 	DESCRIPTION
 		"Initial version of this MIB module."
@@ -35,6 +38,21 @@ freeBSDsrc OBJECT-IDENTITY
 	DESCRIPTION
 		"Subtree for things which lives in the src tree."
 	::= { freeBSD 1 }
+
+freeBSDsrcCertOtherName OBJECT-IDENTITY
+	STATUS	current
+	DESCRIPTION
+		"Subtree for X.509 Certificate otherName entries"
+	::= { freeBSDsrc 1 }
+
+--
+-- For NFS over TLS, a user@domain can optionally be handled by rpc.tlsservd
+--
+freeBSDsrcCertNFSuser OBJECT-IDENTITY
+	STATUS	current
+	DESCRIPTION
+		"Entry for X.509 Certificate for NFS user@domain name"
+	::= { freeBSDsrcCertOtherName 1 }
 
 freeBSDports OBJECT-IDENTITY
 	STATUS	current

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202009032042.083KgVL7094960>