1 # SPDX-License-Identifier: GPL-2.0-only 1 # SPDX-License-Identifier: GPL-2.0-only 2 config SUNRPC 2 config SUNRPC 3 tristate 3 tristate 4 depends on MULTIUSER 4 depends on MULTIUSER 5 5 6 config SUNRPC_GSS 6 config SUNRPC_GSS 7 tristate 7 tristate 8 select OID_REGISTRY 8 select OID_REGISTRY 9 depends on MULTIUSER 9 depends on MULTIUSER 10 10 11 config SUNRPC_BACKCHANNEL 11 config SUNRPC_BACKCHANNEL 12 bool 12 bool 13 depends on SUNRPC 13 depends on SUNRPC 14 14 15 config SUNRPC_SWAP 15 config SUNRPC_SWAP 16 bool 16 bool 17 depends on SUNRPC 17 depends on SUNRPC 18 18 19 config RPCSEC_GSS_KRB5 19 config RPCSEC_GSS_KRB5 20 tristate "Secure RPC: Kerberos V mecha 20 tristate "Secure RPC: Kerberos V mechanism" 21 depends on SUNRPC && CRYPTO 21 depends on SUNRPC && CRYPTO >> 22 depends on CRYPTO_MD5 && CRYPTO_DES && CRYPTO_CBC && CRYPTO_CTS >> 23 depends on CRYPTO_ECB && CRYPTO_HMAC && CRYPTO_SHA1 && CRYPTO_AES >> 24 depends on CRYPTO_ARC4 22 default y 25 default y 23 select SUNRPC_GSS 26 select SUNRPC_GSS 24 select CRYPTO_SKCIPHER << 25 select CRYPTO_HASH << 26 help 27 help 27 Choose Y here to enable Secure RPC u 28 Choose Y here to enable Secure RPC using the Kerberos version 5 28 GSS-API mechanism (RFC 1964). 29 GSS-API mechanism (RFC 1964). 29 30 30 Secure RPC calls with Kerberos requi 31 Secure RPC calls with Kerberos require an auxiliary user-space 31 daemon which may be found in the Lin 32 daemon which may be found in the Linux nfs-utils package 32 available from http://linux-nfs.org/ 33 available from http://linux-nfs.org/. In addition, user-space 33 Kerberos support should be installed 34 Kerberos support should be installed. 34 35 35 If unsure, say Y. 36 If unsure, say Y. 36 37 37 config RPCSEC_GSS_KRB5_ENCTYPES_AES_SHA1 !! 38 config CONFIG_SUNRPC_DISABLE_INSECURE_ENCTYPES 38 bool "Enable Kerberos enctypes based o !! 39 bool "Secure RPC: Disable insecure Kerberos encryption types" 39 depends on RPCSEC_GSS_KRB5 40 depends on RPCSEC_GSS_KRB5 40 depends on CRYPTO_CBC && CRYPTO_CTS << 41 depends on CRYPTO_HMAC && CRYPTO_SHA1 << 42 depends on CRYPTO_AES << 43 default y << 44 help << 45 Choose Y to enable the use of Kerber << 46 that utilize Advanced Encryption Sta << 47 SHA-1 digests. These include aes128- << 48 aes256-cts-hmac-sha1-96. << 49 << 50 config RPCSEC_GSS_KRB5_ENCTYPES_CAMELLIA << 51 bool "Enable Kerberos encryption types << 52 depends on RPCSEC_GSS_KRB5 << 53 depends on CRYPTO_CBC && CRYPTO_CTS && << 54 depends on CRYPTO_CMAC << 55 default n << 56 help << 57 Choose Y to enable the use of Kerber << 58 that utilize Camellia ciphers (RFC 3 << 59 (NIST Special Publication 800-38B). << 60 camellia128-cts-cmac and camellia256 << 61 << 62 config RPCSEC_GSS_KRB5_ENCTYPES_AES_SHA2 << 63 bool "Enable Kerberos enctypes based o << 64 depends on RPCSEC_GSS_KRB5 << 65 depends on CRYPTO_CBC && CRYPTO_CTS << 66 depends on CRYPTO_HMAC && CRYPTO_SHA25 << 67 depends on CRYPTO_AES << 68 default n 41 default n 69 help 42 help 70 Choose Y to enable the use of Kerber !! 43 Choose Y here to disable the use of deprecated encryption types 71 that utilize Advanced Encryption Sta !! 44 with the Kerberos version 5 GSS-API mechanism (RFC 1964). The 72 SHA-2 digests. These include aes128- !! 45 deprecated encryption types include DES-CBC-MD5, DES-CBC-CRC, 73 aes256-cts-hmac-sha384-192. !! 46 and DES-CBC-MD4. These types were deprecated by RFC 6649 because 74 !! 47 they were found to be insecure. 75 config RPCSEC_GSS_KRB5_KUNIT_TEST !! 48 76 tristate "KUnit tests for RPCSEC GSS K !! 49 N is the default because many sites have deployed KDCs and 77 depends on RPCSEC_GSS_KRB5 && KUNIT !! 50 keytabs that contain only these deprecated encryption types. 78 default KUNIT_ALL_TESTS !! 51 Choosing Y prevents the use of known-insecure encryption types 79 help !! 52 but might result in compatibility problems. 80 This builds the KUnit tests for RPCS << 81 << 82 KUnit tests run during boot and outp << 83 log in TAP format (https://testanyth << 84 kernel devs running KUnit test harne << 85 into a production build. << 86 << 87 For more information on KUnit and un << 88 to the KUnit documentation in Docume << 89 53 90 config SUNRPC_DEBUG 54 config SUNRPC_DEBUG 91 bool "RPC: Enable dprintk debugging" 55 bool "RPC: Enable dprintk debugging" 92 depends on SUNRPC && SYSCTL 56 depends on SUNRPC && SYSCTL 93 select DEBUG_FS 57 select DEBUG_FS 94 help 58 help 95 This option enables a sysctl-based d 59 This option enables a sysctl-based debugging interface 96 that is be used by the 'rpcdebug' ut 60 that is be used by the 'rpcdebug' utility to turn on or off 97 logging of different aspects of the 61 logging of different aspects of the kernel RPC activity. 98 62 99 Disabling this option will make your 63 Disabling this option will make your kernel slightly smaller, 100 but makes troubleshooting NFS issues 64 but makes troubleshooting NFS issues significantly harder. 101 65 102 If unsure, say Y. 66 If unsure, say Y. 103 67 104 config SUNRPC_XPRT_RDMA 68 config SUNRPC_XPRT_RDMA 105 tristate "RPC-over-RDMA transport" 69 tristate "RPC-over-RDMA transport" 106 depends on SUNRPC && INFINIBAND && INF 70 depends on SUNRPC && INFINIBAND && INFINIBAND_ADDR_TRANS 107 default SUNRPC && INFINIBAND 71 default SUNRPC && INFINIBAND 108 select SG_POOL 72 select SG_POOL 109 help 73 help 110 This option allows the NFS client an 74 This option allows the NFS client and server to use RDMA 111 transports (InfiniBand, iWARP, or Ro 75 transports (InfiniBand, iWARP, or RoCE). 112 76 113 To compile this support as a module, 77 To compile this support as a module, choose M. The module 114 will be called rpcrdma.ko. 78 will be called rpcrdma.ko. 115 79 116 If unsure, or you know there is no R 80 If unsure, or you know there is no RDMA capability on your 117 hardware platform, say N. 81 hardware platform, say N.
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.