[illumos-gate merge]

commit 0cc80ade12a7ed4a67d90f6496ecf40c87e8ff16
    5335 psrset should support specifying a zone to bind
commit 89621fe174cf95ae903df6ceab605bf24d696ac3
    5296 Support for more than 16 groups with AUTH_SYS
commit 64e4e50ab4bc3670a29e5691e3dd935c94f0a5d7
    5341 gcore fails with "no such file or directory" if write fails ... error is misleading

Conflicts:
	usr/src/cmd/mdb/common/modules/genunix/gcore.c
	usr/src/cmd/mdb/common/mdb/mdb_err.c
	usr/src/cmd/fs.d/nfs/mountd/mountd.c

1 files changed, 10 insertions, 6 deletions

diff --git a/usr/src/man/man5/nfssec.5 b/usr/src/man/man5/nfssec.5
index 69ddf2b9b6..da696103ca 100644
--- a/usr/src/man/man5/nfssec.5
+++ b/usr/src/man/man5/nfssec.5
@@ -1,13 +1,13 @@
 '\" te
+.\" Copyright 2014 Nexenta Systems, Inc.  All rights reserved.
 .\" Copyright (c) 2001, Sun Microsystems, Inc. All Rights Reserved
 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.
 .\" See the License for the specific language governing permissions and limitations under the License. When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the
 .\" fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
-.TH NFSSEC 5 "Mar 16, 2009"
+.TH NFSSEC 5 "Nov 20, 2014"
 .SH NAME
 nfssec \- overview of NFS security modes
 .SH DESCRIPTION
-.sp
 .LP
 The \fBmount_nfs\fR(1M) and \fBshare_nfs\fR(1M) commands each provide a way to
 specify the security mode to be used on an \fBNFS\fR file system through the
@@ -53,6 +53,13 @@ passed in the clear on the network, unauthenticated by the \fBNFS\fR server.
 This is the simplest security method and requires no additional administration.
 It is the default used by Solaris \fBNFS\fR Version 2 clients and Solaris
 \fBNFS\fR servers.
+.sp
+According to the ONC RPC specification (RFC 5531), \fBAUTH_SYS\fR
+authentication supports up to 16 groups for a user only.  To workaround this
+limitation, in the case where the \fBNFS\fR client supplied 16 groups in
+\fBAUTH_SYS\fR and \fBNGROUPS_MAX\fR is more than 16, the \fBNFS\fR server
+will lookup the user's groups on the server instead of relying on the list of
+groups provided by the \fBNFS\fR client via \fBAUTH_SYS\fR.
 .RE
 
 .sp
@@ -109,13 +116,12 @@ Use null authentication (\fBAUTH_NONE\fR). \fBNFS\fR clients using
 \fBnobody\fR by \fBNFS\fR servers. A client using a security mode other than
 the one with which a Solaris \fBNFS\fR server shares the file system has its
 security mode mapped to \fBAUTH_NONE.\fR In this case, if the file system is
-shared with \fBsec=\fR\fInone,\fR users from the client are mapped to the
+shared with \fBsec=none,\fR users from the client are mapped to the
 anonymous user. The \fBNFS\fR security mode \fBnone\fR is supported by
 \fBshare_nfs\fR(1M), but not by \fBmount_nfs\fR(1M) or \fBautomount\fR(1M).
 .RE
 
 .SH FILES
-.sp
 .ne 2
 .na
 \fB\fB/etc/nfssec.conf\fR\fR
@@ -125,13 +131,11 @@ anonymous user. The \fBNFS\fR security mode \fBnone\fR is supported by
 .RE
 
 .SH SEE ALSO
-.sp
 .LP
 \fBautomount\fR(1M), \fBkclient\fR(1M), \fBmount_nfs\fR(1M),
 \fBshare_nfs\fR(1M), \fBrpc_clnt_auth\fR(3NSL), \fBsecure_rpc\fR(3NSL),
 \fBnfssec.conf\fR(4), \fBattributes\fR(5), \fBkerberos\fR(5)
 .SH NOTES
-.sp
 .LP
 \fB/etc/nfssec.conf\fR lists the \fBNFS\fR security services. Do not edit this
 file. It is not intended to be user-configurable. See \fBkclient\fR(1M).