mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-11-15 14:56:13 +01:00
9c4368e73c
The NFS-over-TLS server daemon (rpc.tlsservd) can optionally replace user credentials in the RPC header with ones derived from a username specified by the form "user@domain", if this exists in the client's X.509 v3 certificate. Specifically, "user@domain" needs to be in the "otherName" component of subjectjAltName, with a unique OID as assigned by this update. This patch adds a subtree for the "otherName" component of subjectAltName in X.509 v3 cerificates and a value for "user@domain" as used by NFS-over-TLS. Reviewed by: phk, gordon Differential Revision: https://reviews.freebsd.org/D26225 |
||
---|---|---|
.. | ||
mibs | ||
Makefile |