1 # SPDX-License-Identifier: GPL-2.0-only
11 config SUNRPC_BACKCHANNEL
19 config RPCSEC_GSS_KRB5
20 tristate "Secure RPC: Kerberos V mechanism"
21 depends on SUNRPC && CRYPTO
22 depends on CRYPTO_MD5 && CRYPTO_DES && CRYPTO_CBC && CRYPTO_CTS
23 depends on CRYPTO_ECB && CRYPTO_HMAC && CRYPTO_SHA1 && CRYPTO_AES
27 Choose Y here to enable Secure RPC using the Kerberos version 5
28 GSS-API mechanism (RFC 1964).
30 Secure RPC calls with Kerberos require an auxiliary user-space
31 daemon which may be found in the Linux nfs-utils package
32 available from http://linux-nfs.org/. In addition, user-space
33 Kerberos support should be installed.
37 config SUNRPC_DISABLE_INSECURE_ENCTYPES
38 bool "Secure RPC: Disable insecure Kerberos encryption types"
39 depends on RPCSEC_GSS_KRB5
42 Choose Y here to disable the use of deprecated encryption types
43 with the Kerberos version 5 GSS-API mechanism (RFC 1964). The
44 deprecated encryption types include DES-CBC-MD5, DES-CBC-CRC,
45 and DES-CBC-MD4. These types were deprecated by RFC 6649 because
46 they were found to be insecure.
48 N is the default because many sites have deployed KDCs and
49 keytabs that contain only these deprecated encryption types.
50 Choosing Y prevents the use of known-insecure encryption types
51 but might result in compatibility problems.
54 bool "RPC: Enable dprintk debugging"
55 depends on SUNRPC && SYSCTL
58 This option enables a sysctl-based debugging interface
59 that is be used by the 'rpcdebug' utility to turn on or off
60 logging of different aspects of the kernel RPC activity.
62 Disabling this option will make your kernel slightly smaller,
63 but makes troubleshooting NFS issues significantly harder.
67 config SUNRPC_XPRT_RDMA
68 tristate "RPC-over-RDMA transport"
69 depends on SUNRPC && INFINIBAND && INFINIBAND_ADDR_TRANS
70 default SUNRPC && INFINIBAND
73 This option allows the NFS client and server to use RDMA
74 transports (InfiniBand, iWARP, or RoCE).
76 To compile this support as a module, choose M. The module
77 will be called rpcrdma.ko.
79 If unsure, or you know there is no RDMA capability on your
80 hardware platform, say N.