diff options
author | Rick Macklem <rmacklem@FreeBSD.org> | 2020-09-03 20:42:30 +0000 |
---|---|---|
committer | Rick Macklem <rmacklem@FreeBSD.org> | 2020-09-03 20:42:30 +0000 |
commit | 9c4368e73ce3635f53b8d0a5979dd80fb7546150 (patch) | |
tree | 047a929fe32910beebb235a0a39d62b9b7eb515b /share/snmp | |
parent | 137d26e8a378c50b439f3bc3f26ea5d7660c5607 (diff) | |
download | src-test2-9c4368e73ce3635f53b8d0a5979dd80fb7546150.tar.gz src-test2-9c4368e73ce3635f53b8d0a5979dd80fb7546150.zip |
Add entries for the OID used for NFS-over-TLS "user@domain".
The NFS-over-TLS server daemon (rpc.tlsservd) can optionally replace user
credentials in the RPC header with ones derived from a username specified
by the form "user@domain", if this exists in the client's X.509 v3 certificate.
Specifically, "user@domain" needs to be in the "otherName" component of
subjectjAltName, with a unique OID as assigned by this update.
This patch adds a subtree for the "otherName" component of subjectAltName in
X.509 v3 cerificates and a value for "user@domain" as used by NFS-over-TLS.
Reviewed by: phk, gordon
Differential Revision: https://reviews.freebsd.org/D26225
Notes
Notes:
svn path=/head/; revision=365309
Diffstat (limited to 'share/snmp')
-rw-r--r-- | share/snmp/mibs/FREEBSD-MIB.txt | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/share/snmp/mibs/FREEBSD-MIB.txt b/share/snmp/mibs/FREEBSD-MIB.txt index cf6f08042ac5..0a745c3a3754 100644 --- a/share/snmp/mibs/FREEBSD-MIB.txt +++ b/share/snmp/mibs/FREEBSD-MIB.txt @@ -16,7 +16,7 @@ IMPORTS FROM SNMPv2-SMI; freeBSD MODULE-IDENTITY - LAST-UPDATED "200610311000Z" + LAST-UPDATED "202009032030Z" ORGANIZATION "The FreeBSD Project." CONTACT-INFO "phk@FreeBSD.org is contact person for this file. @@ -24,6 +24,9 @@ freeBSD MODULE-IDENTITY DESCRIPTION "The Structure of Management Information for the FreeBSD Project enterprise MIB subtree." + REVISION "202009031900Z" + DESCRIPTION + "Added entries for the otherName component of a X.509 cert" REVISION "200610310800Z" DESCRIPTION "Initial version of this MIB module." @@ -36,6 +39,21 @@ freeBSDsrc OBJECT-IDENTITY "Subtree for things which lives in the src tree." ::= { freeBSD 1 } +freeBSDsrcCertOtherName OBJECT-IDENTITY + STATUS current + DESCRIPTION + "Subtree for X.509 Certificate otherName entries" + ::= { freeBSDsrc 1 } + +-- +-- For NFS over TLS, a user@domain can optionally be handled by rpc.tlsservd +-- +freeBSDsrcCertNFSuser OBJECT-IDENTITY + STATUS current + DESCRIPTION + "Entry for X.509 Certificate for NFS user@domain name" + ::= { freeBSDsrcCertOtherName 1 } + freeBSDports OBJECT-IDENTITY STATUS current DESCRIPTION |