1 .\" Copyright (c) 2008 Isilon Inc http://www.isilon.com/
2 .\" Authors: Doug Rabson <dfr@rabson.org>
3 .\" Developed with Red Inc: Alfred Perlstein <alfred@FreeBSD.org>
5 .\" Redistribution and use in source and binary forms, with or without
6 .\" modification, are permitted provided that the following conditions
8 .\" 1. Redistributions of source code must retain the above copyright
9 .\" notice, this list of conditions and the following disclaimer.
10 .\" 2. Redistributions in binary form must reproduce the above copyright
11 .\" notice, this list of conditions and the following disclaimer in the
12 .\" documentation and/or other materials provided with the distribution.
14 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28 .\" Modified from gssd.8 for rpc.tlsservd.8 by Rick Macklem.
34 .Nd "Sun RPC over TLS Server Daemon"
38 .Op Fl C Ar available_ciphers
44 .Op Fl N Ar num_servers
55 program provides support for the server side of the kernel Sun RPC over TLS
57 This daemon must be running to allow the kernel RPC to perform the TLS
58 handshake after a TCP client has sent the STARTTLS Null RPC request to
60 This daemon requires that the kernel be built with
61 .Dq options KERNEL_TLS
62 and be running on an architecture such as
64 that supports a direct map (not i386) with
71 file specifies that the client must use RPC over TLS.
76 file specifies that the client must provide a certificate
82 file specifies that the client must provide a certificate
83 that verifies and has a otherName:1.3.6.1.4.1.2238.1.1.1;UTF8: field of
84 subjectAltName of the form
88 matches the one for this server and
90 is a valid user name that maps to a <uid, gid_list>.
91 For the latter two cases, the
97 options must be specified.
100 option also requires that the
102 option on this daemon be specified.
104 Also, if the IP address used by the client cannot be trusted,
107 cannot be applied safely.
110 option can be used along with
116 options to require that the client certificate have the correct
117 Fully Qualified Domain Name (FQDN) in it.
119 A certificate and associated key must exist in /etc/rpc.tlsservd
130 If a SIGHUP signal is sent to the daemon it will reload the
132 and will shut down any extant connections that presented certificates
133 during TLS handshake that have been revoked.
136 option was not specified, the SIGHUP signal will be ignored.
138 The daemon will log failed certificate verifications via
140 using LOG_INFO | LOG_DAEMON when the
142 option has been specified.
144 The options are as follows:
145 .Bl -tag -width indent
146 .It Fl 2 , Fl Fl allowtls1_2
147 Permit clients to mount using TLS version 1.2.
148 By default, the daemon will only allow mounts
149 using TLS version 1.3, as required by the RFC.
154 this option, since they use TLS version 1.2.
155 .It Fl C Ar available_ciphers , Fl Fl ciphers= Ns Ar available_ciphers
156 Specify which ciphers are available during TLS handshake.
157 If this option is specified,
158 .Dq SSL_CTX_set_ciphersuites()
160 .Dq available_ciphers
162 If this option is not specified, the cipher will be chosen by
164 which should be adequate for most cases.
165 The format for the available ciphers is a simple
169 separated list, in order of preference.
171 .Dq openssl ciphers -s -tls1_3
172 lists available ciphers.
173 .It Fl D Ar certdir , Fl Fl certdir= Ns Ar certdir
176 instead of /etc/rpc.tlsservd as the location for the
177 certificate in a file called
179 and associated key in
181 .It Fl d , Fl Fl debuglevel
185 will not fork when it starts.
186 .It Fl h , Fl Fl checkhost
187 This option specifies that the client must provide a certificate
188 that both verifies and has a FQDN that matches the reverse
189 DNS name for the IP address that
190 the client uses to connect to the server.
192 in the DNS field of the subjectAltName, but is also allowed
193 to be in the CN field of the
194 subjectName in the certificate.
195 By default, a wildcard "*" in the FQDN is not allowed.
196 With this option, a failure to verify the client certificate
197 or match the FQDN will result in the
198 server sending AUTH_REJECTEDCRED replies to all client RPCs.
199 This option requires the
206 .It Fl l Ar CAfile , Fl Fl verifylocs= Ns Ar CAfile
207 This option specifies the path name of a CA certificate(s) file
208 in pem format, which is used to verify client certificates and to
209 set the list of CA(s) sent to the client so that it knows which
210 certificate to send to the server during the TLS handshake.
211 This path name is used in
212 .Dq SSL_CTX_load_verify_locations(ctx,CAfile,NULL)
214 .Dq SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile))
215 openssl library calls.
216 Note that this is a path name for the file and is not assumed to be
219 Either this option or the
221 option must be specified when the
223 option is specified so that the daemon can verify the client's
225 .It Fl m , Fl Fl mutualverf
226 This option specifies that the server is to request a certificate
227 from the client during the TLS handshake.
228 It does not require that the client provide a certificate.
229 It should be specified unless no client doing RPC over TLS is
230 required to have a certificate.
237 may be used to require a client to provide a certificate
241 .It Fl N Ar num_servers , Fl Fl numdaemons= Ns Ar num_servers
242 For a server with a large number of NFS-over-TLS client mounts,
243 this daemon might get overloaded after a reboot, when many
244 clients attempt to do a TLS handshake at the same time.
245 This option may be used to specify that
247 daemons are to be run instead of a single daemon.
248 When this is done, the TLS handshakes are spread across the
250 daemons in a round robin fashion to spread out the load.
251 .It Fl n Ar domain , Fl Fl domain= Ns Ar domain
252 This option specifies what the
256 option, overriding the domain taken from the
258 of the server this daemon is running on.
259 If you have specified the
261 command line option for
263 then you should specify this option with the same
265 that was specified for
267 This option is only meaningful when used with the
270 .It Fl p Ar CApath , Fl Fl verifydir= Ns Ar CApath
271 This option is similar to the
273 option, but specifies the path of a directory with CA
275 When this option is used,
276 .Dq SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file())
277 is not called, so a list of CA names might not be passed
278 to the client during the TLS handshake.
279 .It Fl r Ar CRLfile , Fl Fl crl= Ns Ar CRLfile
280 This option specifies a Certificate Revocation List (CRL) file
281 that is to be loaded into the verify certificate store and
282 checked during verification.
283 This option is only meaningful when either the
288 .It Fl u , Fl Fl certuser
289 This option specifies that if the client provides a certificate
290 that both verifies and has a subjectAltName with an otherName
291 component of the form
292 .Dq otherName:1.3.6.1.4.1.2238.1.1.1;UTF8:user@domain
295 matches the one for this server,
296 then the daemon will attempt to map
299 to a user credential <uid, gid_list>.
300 There should only be one of these otherName components for each
304 is a valid username in the password database,
305 then the <uid, gid_list> for
308 RPCs on the mount instead of the credentials in the RPC request
310 This option requires the
317 Use of this option might not conform to RFC-9289, which does
318 not allow certificates to be used for user authentication.
319 .It Fl v , Fl Fl verbose
323 will log activity messages to
325 using LOG_INFO | LOG_DAEMON or to
328 option has also been specified.
329 .It Fl W , Fl Fl multiwild
330 This option is used with the
332 option to allow use of a wildcard
334 that matches multiple
335 components of the reverse DNS name for the client's IP
337 For example, the FQDN
340 .Dq laptop21.uoguelph.ca
342 .Dq laptop3.cis.uoguelph.ca .
343 .It Fl w , Fl Fl singlewild
346 but allows the wildcard
348 to match a single component of the reverse DNS name.
349 For example, the FQDN
352 .Dq laptop21.uoguelph.ca
354 .Dq laptop3.cis.uoguelph.ca .
373 The implementation is based on the specification in
376 .%T "Towards Remote Procedure Call Encryption By Default"
381 manual page first appeared in
384 This daemon cannot be safely shut down and restarted if there are
385 any active RPC-over-TLS connections.
386 Doing so will orphan the KERNEL_TLS connections, so that they
387 can no longer do upcalls successfully, since the
389 structures in userspace have been lost.