nfs and kerberos authentification problem.

nfs and kerberos authentification problem.

[François Valenduc]

[-- Attachment #1: Type: text/plain, Size: 1297 bytes --]

Hello everybody,

I am trying to set up kerberos authentification with nfs but it doesn't 
succeed. I have created to principals for the client and the server. I 
have added the client's principal to the keytab file by setting 
des-encryption (with ktadd -e des-cbc-crc:normal 
nfs/ordi-francois.homenetwork.net). I have changed the /etc/krb5.conf on 
the client file to use des encryption. So, it's set like this;

[libdefaults]
   default_realm = HOMENETWORK.NET
   default_tkt_enctypes = aes256-cts-hmac-sha1-96 des-cbc-crc
   default_tgs_enctypes = aes256-cts-hmac-sha1-96 des-cbc-crc
   permitted_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc 
des3-hmac-sha1
   forwardable = true

[realms]
   HOMENETWORK.NET = {
      admin_server = pc-francois.homenetwork.net:749
      kdc = pc-francois.homenetwork.net:88
      }

[domain_realm]
   .homenetwork.net = HOMENETWORK.NET
   homenetwork.net = HOMENETWORK.NET

But, it doesn't succeed. I can see in the log of the server 
(pc-francois) that the client (ordi-francois) get's a kerberos ticket 
but each time I mount a nfs share, it fails with this error:
mount.nfs: permission denied.

Does anybody know what's happening ?
I have put the log of the server in the attached file.

Thanks in advance for your help,

François Valenduc




[-- Attachment #2: nfs-kerberos --]
[-- Type: text/plain, Size: 3982 bytes --]

Sep  3 19:36:22 pc-francois mountd[7747]: authenticated mount request from ordi-francois:865 for /home/francois (/home/francois)
Sep  3 19:36:22 pc-francois krb5kdc[9787]: AS_REQ (2 etypes {18 1}) 192.168.1.3: ISSUE: authtime 1220463382, etypes {rep=1 tkt=18 ses=18}, nfs/ordi-francois.homenetwork.net-wmZDWbG+120CDknkFGB/9A@public.gmane.org for krbtgt/HOMENETWORK.NET-wmZDWbG+120CDknkFGB/9A@public.gmane.org
Sep  3 19:36:22 pc-francois krb5kdc[9787]: AS_REQ (2 etypes {18 1}) 192.168.1.3: ISSUE: authtime 1220463382, etypes {rep=1 tkt=18 ses=18}, nfs/ordi-francois.homenetwork.net-wmZDWbG+120CDknkFGB/9A@public.gmane.org for krbtgt/HOMENETWORK.NET-wmZDWbG+120CDknkFGB/9A@public.gmane.org
Sep  3 19:36:22 pc-francois krb5kdc[9787]: TGS_REQ (2 etypes {18 1}) 192.168.1.3: ISSUE: authtime 1220463382, etypes {rep=18 tkt=1 ses=1}, nfs/ordi-francois.homenetwork.net-wmZDWbG+120CDknkFGB/9A@public.gmane.org for nfs/pc-francois.homenetwork.net-wmZDWbG+120CDknkFGB/9A@public.gmane.org
Sep  3 19:36:22 pc-francois krb5kdc[9787]: TGS_REQ (2 etypes {18 1}) 192.168.1.3: ISSUE: authtime 1220463382, etypes {rep=18 tkt=1 ses=1}, nfs/ordi-francois.homenetwork.net-wmZDWbG+120CDknkFGB/9A@public.gmane.org for nfs/pc-francois.homenetwork.net-wmZDWbG+120CDknkFGB/9A@public.gmane.org
Sep  3 19:36:22 pc-francois rpc.svcgssd[7008]: leaving poll
Sep  3 19:36:22 pc-francois rpc.svcgssd[7008]: handling null request
Sep  3 19:36:22 pc-francois rpc.svcgssd[7008]: readline: read 1106 chars into buffer of size 2048: \x \x6082022206092a864886f71201020201006e8202113082020da003020105a10302010ea20703050020000000a3820125618201213082011da003020105a11b825f74da9da214cf8780d29b9e4d2020640fbd2c598eb5e23ec084f9a8...

Sep  3 19:36:22 pc-francois rpc.svcgssd[7008]: in_handle:
Sep  3 19:36:22 pc-francois rpc.svcgssd[7008]: length 0
Sep  3 19:36:22 pc-francois rpc.svcgssd[7008]:
Sep  3 19:36:22 pc-francois rpc.svcgssd[7008]: in_tok:
Sep  3 19:36:22 pc-francois rpc.svcgssd[7008]: length 550
Sep  3 19:36:22 pc-francois rpc.svcgssd[7008]:
Sep  3 19:36:22 pc-francois rpc.svcgssd[7008]:   0000: 6082 0222 0609 2a86 4886 f712 0102 0201  `.."..*.H.......
Sep  3 19:36:22 pc-francois rpc.svcgssd[7008]:   0010: 006e 8202 1130 8202 0da0 0302 0105 a103  .n...0..........
Sep  3 19:36:22 pc-francois rpc.svcgssd[7008]:   0020: 0201 0ea2 0703 0500 2000 0000 a382 0125  ........ ......%
Sep  3 19:36:22 pc-francois rpc.svcgssd[7008]:   0030: 6182 0121 3082 011d a003 0201 05a1 111b  a..!0...........
Sep  3 19:36:22 pc-francois rpc.svcgssd[7008]:   0040: 0f48 4f4d 454e 4554 574f 524b 2e4e 4554  .HOMENETWORK.NET
Sep  3 19:36:22 pc-francois rpc.svcgssd[7008]:   0050: a22d 302b a003 0201 03a1 2430 221b 036e  .-0+......$0"..n
Sep  3 19:36:22 pc-francois rpc.svcgssd[7008]:   0060: 6673 1b1b 7063 2d66 7261 6e63 6f69 732e  fs..pc-francois.
Sep  3 19:36:22 pc-francois rpc.svcgssd[7008]:   0070: 686f 6d65 6e65 7477 6f72 6b2e 6e65 74a3  homenetwork.net.

...

Sep  3 19:36:22 pc-francois rpc.svcgssd[7008]: sname = nfs/ordi-francois.homenetwork.net-wmZDWbG+120CDknkFGB/9A@public.gmane.org
Sep  3 19:36:22 pc-francois rpc.svcgssd[7008]: DEBUG: serialize_krb5_ctx: lucid version!
Sep  3 19:36:22 pc-francois rpc.svcgssd[7008]: prepare_krb5_rfc1964_buffer: serializing keys with enctype 4 and length 8
Sep  3 19:36:22 pc-francois rpc.svcgssd[7008]: doing downcall
Sep  3 19:36:22 pc-francois rpc.svcgssd[7008]: \x01000000 2147483647 -1 -1 0 krb5 \x0000000000000000b46525b6ff7f00000000000000000000000000000000000016acbf48c5090c26090000002a864886f7120102020400000008000000a2df25511fa8fb680400000008000000522fd5a1ef580b98
Sep  3 19:36:22 pc-francois rpc.svcgssd[7008]: sending null reply
Sep  3 19:36:22 pc-francois rpc.svcgssd[7008]: writing message: \x \x6082022206092a864886f71201020201006e8202113082020da003020105a10302010ea20703050020000000a3820125618201213082011da003020105a11
...

Sep  3 19:36:22 pc-francois rpc.svcgssd[7008]: finished handling null request
Sep  3 19:36:22 pc-francois rpc.svcgssd[7008]: entering poll

Re: nfs and kerberos authentification problem.

[Kevin Coffman]

Hello Fran=E7ois,
=46irst, you should not need to limit the encryption types in
/etc/krb5.conf as you have done.  None of the following lines are
necessary in either the client or server's /etc/krb5.conf file.
(Leaving them in will probably lead to headaches with other Kerberos
applications in the future.)

  default_tkt_enctypes =3D aes256-cts-hmac-sha1-96 des-cbc-crc
  default_tgs_enctypes =3D aes256-cts-hmac-sha1-96 des-cbc-crc
  permitted_enctypes =3D aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc
des3-hmac-sha1

You said that you limited the client's keytab to des-cbc-crc.  It
appears you have done the same for the server's keytab since the
ticket and session key the client gets are des-cbc-crc.

> Sep  3 19:36:22 pc-francois krb5kdc[9787]: TGS_REQ (2 etypes {18 1})
> 192.168.1.3: ISSUE: authtime 1220463382, etypes {rep=3D18 tkt=3D1 ses=
=3D1},
> nfs/ordi-francois.homenetwork.net-wmZDWbG+120CDknkFGB/9A@public.gmane.org for
> nfs/pc-francois.homenetwork.net-wmZDWbG+120CDknkFGB/9A@public.gmane.org

It looks like the client is successfully authenticating as
"nfs/ordi-francois.homenetwork.net-wmZDWbG+120CDknkFGB/9A@public.gmane.org".

> Sep  3 19:36:22 pc-francois rpc.svcgssd[7008]: sname =3D
> nfs/ordi-francois.homenetwork.net-wmZDWbG+120CDknkFGB/9A@public.gmane.org

However, mapping that gss_auth_name to a local ID is failing, and is
being mapped to uid/gid of "-1 -1"
=2E

> Sep  3 19:36:22 pc-francois rpc.svcgssd[7008]: \x01000000 2147483647 =
-1 -1 0 krb5
> \x000000000000[...]80b98

The "-1" should be interpreted in the kernel as nfsnobody.  What are
the permissions on the exported filesystem?

K.C.

On Wed, Sep 3, 2008 at 2:19 PM, Fran=E7ois Valenduc
<francois.valenduc@skynet.be> wrote:
> Hello everybody,
>
> I am trying to set up kerberos authentification with nfs but it doesn=
't
> succeed. I have created to principals for the client and the server. =
I have
> added the client's principal to the keytab file by setting des-encryp=
tion
> (with ktadd -e des-cbc-crc:normal nfs/ordi-francois.homenetwork.net).=
 I have
> changed the /etc/krb5.conf on the client file to use des encryption. =
So,
> it's set like this;
>
> [libdefaults]
>  default_realm =3D HOMENETWORK.NET
>  default_tkt_enctypes =3D aes256-cts-hmac-sha1-96 des-cbc-crc
>  default_tgs_enctypes =3D aes256-cts-hmac-sha1-96 des-cbc-crc
>  permitted_enctypes =3D aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc
> des3-hmac-sha1
>  forwardable =3D true
>
> [realms]
>  HOMENETWORK.NET =3D {
>     admin_server =3D pc-francois.homenetwork.net:749
>     kdc =3D pc-francois.homenetwork.net:88
>     }
>
> [domain_realm]
>  .homenetwork.net =3D HOMENETWORK.NET
>  homenetwork.net =3D HOMENETWORK.NET
>
> But, it doesn't succeed. I can see in the log of the server (pc-franc=
ois)
> that the client (ordi-francois) get's a kerberos ticket but each time=
 I
> mount a nfs share, it fails with this error:
> mount.nfs: permission denied.
>
> Does anybody know what's happening ?
> I have put the log of the server in the attached file.
>
> Thanks in advance for your help,
>
> Fran=E7ois Valenduc
>
>
>
>
> Sep  3 19:36:22 pc-francois mountd[7747]: authenticated mount request=
 from
> ordi-francois:865 for /home/francois (/home/francois)
> Sep  3 19:36:22 pc-francois krb5kdc[9787]: AS_REQ (2 etypes {18 1})
> 192.168.1.3: ISSUE: authtime 1220463382, etypes {rep=3D1 tkt=3D18 ses=
=3D18},
> nfs/ordi-francois.homenetwork.net-wmZDWbG+120CDknkFGB/9A@public.gmane.org for
> krbtgt/HOMENETWORK.NET-wmZDWbG+120CDknkFGB/9A@public.gmane.org
> Sep  3 19:36:22 pc-francois krb5kdc[9787]: AS_REQ (2 etypes {18 1})
> 192.168.1.3: ISSUE: authtime 1220463382, etypes {rep=3D1 tkt=3D18 ses=
=3D18},
> nfs/ordi-francois.homenetwork.net-wmZDWbG+120CDknkFGB/9A@public.gmane.org for
> krbtgt/HOMENETWORK.NET-wmZDWbG+120CDknkFGB/9A@public.gmane.org
> Sep  3 19:36:22 pc-francois krb5kdc[9787]: TGS_REQ (2 etypes {18 1})
> 192.168.1.3: ISSUE: authtime 1220463382, etypes {rep=3D18 tkt=3D1 ses=
=3D1},
> nfs/ordi-francois.homenetwork.net-wmZDWbG+120CDknkFGB/9A@public.gmane.org for
> nfs/pc-francois.homenetwork.net-wmZDWbG+120CDknkFGB/9A@public.gmane.org
> Sep  3 19:36:22 pc-francois krb5kdc[9787]: TGS_REQ (2 etypes {18 1})
> 192.168.1.3: ISSUE: authtime 1220463382, etypes {rep=3D18 tkt=3D1 ses=
=3D1},
> nfs/ordi-francois.homenetwork.net-wmZDWbG+120CDknkFGB/9A@public.gmane.org for
> nfs/pc-francois.homenetwork.net-wmZDWbG+120CDknkFGB/9A@public.gmane.org
> Sep  3 19:36:22 pc-francois rpc.svcgssd[7008]: leaving poll
> Sep  3 19:36:22 pc-francois rpc.svcgssd[7008]: handling null request
> Sep  3 19:36:22 pc-francois rpc.svcgssd[7008]: readline: read 1106 ch=
ars
> into buffer of size 2048: \x
> \x6082022206092a864886f71201020201006e8202113082020da003020105a103020=
10ea20703050020000000a3820125618201213082011da003020105a11b825f74da9da2=
14cf8780d29b9e4d2020640fbd2c598eb5e23ec084f9a8...
>
> Sep  3 19:36:22 pc-francois rpc.svcgssd[7008]: in_handle:
> Sep  3 19:36:22 pc-francois rpc.svcgssd[7008]: length 0
> Sep  3 19:36:22 pc-francois rpc.svcgssd[7008]:
> Sep  3 19:36:22 pc-francois rpc.svcgssd[7008]: in_tok:
> Sep  3 19:36:22 pc-francois rpc.svcgssd[7008]: length 550
> Sep  3 19:36:22 pc-francois rpc.svcgssd[7008]:
> Sep  3 19:36:22 pc-francois rpc.svcgssd[7008]:   0000: 6082 0222 0609=
 2a86
> 4886 f712 0102 0201  `.."..*.H.......
> Sep  3 19:36:22 pc-francois rpc.svcgssd[7008]:   0010: 006e 8202 1130=
 8202
> 0da0 0302 0105 a103  .n...0..........
> Sep  3 19:36:22 pc-francois rpc.svcgssd[7008]:   0020: 0201 0ea2 0703=
 0500
> 2000 0000 a382 0125  ........ ......%
> Sep  3 19:36:22 pc-francois rpc.svcgssd[7008]:   0030: 6182 0121 3082=
 011d
> a003 0201 05a1 111b  a..!0...........
> Sep  3 19:36:22 pc-francois rpc.svcgssd[7008]:   0040: 0f48 4f4d 454e=
 4554
> 574f 524b 2e4e 4554  .HOMENETWORK.NET
> Sep  3 19:36:22 pc-francois rpc.svcgssd[7008]:   0050: a22d 302b a003=
 0201
> 03a1 2430 221b 036e  .-0+......$0"..n
> Sep  3 19:36:22 pc-francois rpc.svcgssd[7008]:   0060: 6673 1b1b 7063=
 2d66
> 7261 6e63 6f69 732e  fs..pc-francois.
> Sep  3 19:36:22 pc-francois rpc.svcgssd[7008]:   0070: 686f 6d65 6e65=
 7477
> 6f72 6b2e 6e65 74a3  homenetwork.net.
>
> ...
>
> Sep  3 19:36:22 pc-francois rpc.svcgssd[7008]: sname =3D
> nfs/ordi-francois.homenetwork.net-wmZDWbG+120CDknkFGB/9A@public.gmane.org
> Sep  3 19:36:22 pc-francois rpc.svcgssd[7008]: DEBUG: serialize_krb5_=
ctx:
> lucid version!
> Sep  3 19:36:22 pc-francois rpc.svcgssd[7008]: prepare_krb5_rfc1964_b=
uffer:
> serializing keys with enctype 4 and length 8
> Sep  3 19:36:22 pc-francois rpc.svcgssd[7008]: doing downcall
> Sep  3 19:36:22 pc-francois rpc.svcgssd[7008]: \x01000000 2147483647 =
-1 -1 0
> krb5
> \x0000000000000000b46525b6ff7f00000000000000000000000000000000000016a=
cbf48c5090c26090000002a864886f7120102020400000008000000a2df25511fa8fb68=
0400000008000000522fd5a1ef580b98
> Sep  3 19:36:22 pc-francois rpc.svcgssd[7008]: sending null reply
> Sep  3 19:36:22 pc-francois rpc.svcgssd[7008]: writing message: \x
> \x6082022206092a864886f71201020201006e8202113082020da003020105a103020=
10ea20703050020000000a3820125618201213082011da003020105a11
> ...
>
> Sep  3 19:36:22 pc-francois rpc.svcgssd[7008]: finished handling null
> request
> Sep  3 19:36:22 pc-francois rpc.svcgssd[7008]: entering poll
>
>
>

Re: nfs and kerberos authentification problem.

[François Valenduc]

Kevin Coffman a =E9crit :
> Hello Fran=E7ois,
> First, you should not need to limit the encryption types in
> /etc/krb5.conf as you have done.  None of the following lines are
> necessary in either the client or server's /etc/krb5.conf file.
> (Leaving them in will probably lead to headaches with other Kerberos
> applications in the future.)
>
>   default_tkt_enctypes =3D aes256-cts-hmac-sha1-96 des-cbc-crc
>   default_tgs_enctypes =3D aes256-cts-hmac-sha1-96 des-cbc-crc
>   permitted_enctypes =3D aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc
> des3-hmac-sha1
>
> You said that you limited the client's keytab to des-cbc-crc.  It
> appears you have done the same for the server's keytab since the
> ticket and session key the client gets are des-cbc-crc.
>
>  =20
>> Sep  3 19:36:22 pc-francois krb5kdc[9787]: TGS_REQ (2 etypes {18 1})
>> 192.168.1.3: ISSUE: authtime 1220463382, etypes {rep=3D18 tkt=3D1 se=
s=3D1},
>> nfs/ordi-francois.homenetwork.net-wmZDWbG+120CDknkFGB/9A@public.gmane.org for
>> nfs/pc-francois.homenetwork.net-wmZDWbG+120CDknkFGB/9A@public.gmane.org
>>    =20
>
> It looks like the client is successfully authenticating as
> "nfs/ordi-francois.homenetwork.net-wmZDWbG+120CDknkFGB/9A@public.gmane.org".
>
>  =20
>> Sep  3 19:36:22 pc-francois rpc.svcgssd[7008]: sname =3D
>> nfs/ordi-francois.homenetwork.net-wmZDWbG+120CDknkFGB/9A@public.gmane.org
>>    =20
>
> However, mapping that gss_auth_name to a local ID is failing, and is
> being mapped to uid/gid of "-1 -1"
> .
>
>  =20
>> Sep  3 19:36:22 pc-francois rpc.svcgssd[7008]: \x01000000 2147483647=
 -1 -1 0 krb5
>> \x000000000000[...]80b98
>>    =20
>
> The "-1" should be interpreted in the kernel as nfsnobody.  What are
> the permissions on the exported filesystem?
>
> K.C.
>
>  =20
So, is it normat that gss map the local uid/gid to -1 -1 ? If not, what=
=20
should I change ?
The folder I try to export is configured like this:

/home/francois ordi-francois(rw,root_squash,no_subtree_check)

=46ran=E7ois

Re: nfs and kerberos authentification problem.

[J. Bruce Fields]

On Thu, Sep 04, 2008 at 06:45:03PM +0200, Fran=C3=A7ois Valenduc wrote:
> Kevin Coffman a =C3=A9crit :
>> Hello Fran=C3=A7ois,
>> First, you should not need to limit the encryption types in
>> /etc/krb5.conf as you have done.  None of the following lines are
>> necessary in either the client or server's /etc/krb5.conf file.
>> (Leaving them in will probably lead to headaches with other Kerberos
>> applications in the future.)
>>
>>   default_tkt_enctypes =3D aes256-cts-hmac-sha1-96 des-cbc-crc
>>   default_tgs_enctypes =3D aes256-cts-hmac-sha1-96 des-cbc-crc
>>   permitted_enctypes =3D aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-cr=
c
>> des3-hmac-sha1
>>
>> You said that you limited the client's keytab to des-cbc-crc.  It
>> appears you have done the same for the server's keytab since the
>> ticket and session key the client gets are des-cbc-crc.
>>
>>  =20
>>> Sep  3 19:36:22 pc-francois krb5kdc[9787]: TGS_REQ (2 etypes {18 1}=
)
>>> 192.168.1.3: ISSUE: authtime 1220463382, etypes {rep=3D18 tkt=3D1 s=
es=3D1},
>>> nfs/ordi-francois.homenetwork.net-wmZDWbG+120CDknkFGB/9A@public.gmane.org for
>>> nfs/pc-francois.homenetwork.net-wmZDWbG+120CDknkFGB/9A@public.gmane.org
>>>    =20
>>
>> It looks like the client is successfully authenticating as
>> "nfs/ordi-francois.homenetwork.net-wmZDWbG+120CDknkFGB/9A@public.gmane.org".
>>
>>  =20
>>> Sep  3 19:36:22 pc-francois rpc.svcgssd[7008]: sname =3D
>>> nfs/ordi-francois.homenetwork.net-wmZDWbG+120CDknkFGB/9A@public.gmane.org
>>>    =20
>>
>> However, mapping that gss_auth_name to a local ID is failing, and is
>> being mapped to uid/gid of "-1 -1"
>> .
>>
>>  =20
>>> Sep  3 19:36:22 pc-francois rpc.svcgssd[7008]: \x01000000 214748364=
7 -1 -1 0 krb5
>>> \x000000000000[...]80b98
>>>    =20
>>
>> The "-1" should be interpreted in the kernel as nfsnobody.  What are
>> the permissions on the exported filesystem?
>>
>> K.C.
>>
>>  =20
> So, is it normat that gss map the local uid/gid to -1 -1 ? If not, wh=
at =20
> should I change ?
> The folder I try to export is configured like this:
>
> /home/francois ordi-francois(rw,root_squash,no_subtree_check)

Assyming you're using nfs-utils 1.1.1 or later, add "sec=3Dkrb5" to the
export options.  (Or "sec=3Dkrb5:krb5i:krb5p" if you also want to allow
integrity and privacy; and "sec=3Dsys:krb5:krb5i:krb5p" if you also wan=
t
to allow auth_sys.)

--b.

Re: nfs and kerberos authentification problem.

[François Valenduc]

J. Bruce Fields a =C3=A9crit :
> On Thu, Sep 04, 2008 at 06:45:03PM +0200, Fran=C3=A7ois Valenduc wrot=
e:
>  =20
>> Kevin Coffman a =C3=A9crit :
>>    =20
>>> Hello Fran=C3=A7ois,
>>> First, you should not need to limit the encryption types in
>>> /etc/krb5.conf as you have done.  None of the following lines are
>>> necessary in either the client or server's /etc/krb5.conf file.
>>> (Leaving them in will probably lead to headaches with other Kerbero=
s
>>> applications in the future.)
>>>
>>>   default_tkt_enctypes =3D aes256-cts-hmac-sha1-96 des-cbc-crc
>>>   default_tgs_enctypes =3D aes256-cts-hmac-sha1-96 des-cbc-crc
>>>   permitted_enctypes =3D aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-c=
rc
>>> des3-hmac-sha1
>>>
>>> You said that you limited the client's keytab to des-cbc-crc.  It
>>> appears you have done the same for the server's keytab since the
>>> ticket and session key the client gets are des-cbc-crc.
>>>
>>>  =20
>>>      =20
>>>> Sep  3 19:36:22 pc-francois krb5kdc[9787]: TGS_REQ (2 etypes {18 1=
})
>>>> 192.168.1.3: ISSUE: authtime 1220463382, etypes {rep=3D18 tkt=3D1 =
ses=3D1},
>>>> nfs/ordi-francois.homenetwork.net-wmZDWbG+120CDknkFGB/9A@public.gmane.org for
>>>> nfs/pc-francois.homenetwork.net-wmZDWbG+120CDknkFGB/9A@public.gmane.org
>>>>    =20
>>>>        =20
>>> It looks like the client is successfully authenticating as
>>> "nfs/ordi-francois.homenetwork.net-wmZDWbG+120CDknkFGB/9A@public.gmane.org".
>>>
>>>  =20
>>>      =20
>>>> Sep  3 19:36:22 pc-francois rpc.svcgssd[7008]: sname =3D
>>>> nfs/ordi-francois.homenetwork.net-wmZDWbG+120CDknkFGB/9A@public.gmane.org
>>>>    =20
>>>>        =20
>>> However, mapping that gss_auth_name to a local ID is failing, and i=
s
>>> being mapped to uid/gid of "-1 -1"
>>> .
>>>
>>>  =20
>>>      =20
>>>> Sep  3 19:36:22 pc-francois rpc.svcgssd[7008]: \x01000000 21474836=
47 -1 -1 0 krb5
>>>> \x000000000000[...]80b98
>>>>    =20
>>>>        =20
>>> The "-1" should be interpreted in the kernel as nfsnobody.  What ar=
e
>>> the permissions on the exported filesystem?
>>>
>>> K.C.
>>>
>>>  =20
>>>      =20
>> So, is it normat that gss map the local uid/gid to -1 -1 ? If not, w=
hat =20
>> should I change ?
>> The folder I try to export is configured like this:
>>
>> /home/francois ordi-francois(rw,root_squash,no_subtree_check)
>>    =20
>
> Assyming you're using nfs-utils 1.1.1 or later, add "sec=3Dkrb5" to t=
he
> export options.  (Or "sec=3Dkrb5:krb5i:krb5p" if you also want to all=
ow
> integrity and privacy; and "sec=3Dsys:krb5:krb5i:krb5p" if you also w=
ant
> to allow auth_sys.)
>
> --b.
>
>  =20
I had indeed forgot to add sec=3Dkrb5 to the export options. But even i=
f I=20
add it, it doesn't change anything. Is it really possible to use krb5=20
authentification with nfs ? I have read a lot of howto and follow the=20
instructions and it never succeeds...

=46ran=C3=A7ois

Re: nfs and kerberos authentification problem.

[J. Bruce Fields]

On Thu, Sep 04, 2008 at 07:31:11PM +0200, Fran=C3=A7ois Valenduc wrote:
> I had indeed forgot to add sec=3Dkrb5 to the export options. But even=
 if I =20
> add it, it doesn't change anything.

OK, and you re-exported?  (Just to double-check--what does exportfs -v
say?)

> Is it really possible to use krb5  authentification with nfs ? I have
> read a lot of howto and follow the  instructions and it never
> succeeds...

I'm sorry you've had trouble with it, but yes, it definitely works--I
use it every day.

--b.

Re: nfs and kerberos authentification problem.

[François Valenduc]

J. Bruce Fields a =C3=A9crit :
> On Thu, Sep 04, 2008 at 07:31:11PM +0200, Fran=C3=A7ois Valenduc wrot=
e:
>  =20
>> I had indeed forgot to add sec=3Dkrb5 to the export options. But eve=
n if I =20
>> add it, it doesn't change anything.
>>    =20
>
> OK, and you re-exported?  (Just to double-check--what does exportfs -=
v
> say?)
>
>  =20
>> Is it really possible to use krb5  authentification with nfs ? I hav=
e
>> read a lot of howto and follow the  instructions and it never
>> succeeds...
>>    =20
>
> I'm sorry you've had trouble with it, but yes, it definitely works--I
> use it every day.
>
> --b.
>
>  =20
So, here is the output of exportfs -v relating to my home folder:
/home/francois =20
ordi-francois(rw,wdelay,root_squash,no_subtree_check,sec=3Dkrb5,rw,root=
_squash,no_all_squash)

Re: nfs and kerberos authentification problem.

[J. Bruce Fields]

On Thu, Sep 04, 2008 at 07:41:17PM +0200, Fran=C3=A7ois Valenduc wrote:
> J. Bruce Fields a =C3=A9crit :
>> On Thu, Sep 04, 2008 at 07:31:11PM +0200, Fran=C3=A7ois Valenduc wro=
te:
>>  =20
>>> I had indeed forgot to add sec=3Dkrb5 to the export options. But ev=
en=20
>>> if I  add it, it doesn't change anything.
>>>    =20
>>
>> OK, and you re-exported?  (Just to double-check--what does exportfs =
-v
>> say?)
>>
>>  =20
>>> Is it really possible to use krb5  authentification with nfs ? I ha=
ve
>>> read a lot of howto and follow the  instructions and it never
>>> succeeds...
>>>    =20
>>
>> I'm sorry you've had trouble with it, but yes, it definitely works--=
I
>> use it every day.
>>
>> --b.
>>
>>  =20
> So, here is the output of exportfs -v relating to my home folder:
> /home/francois  =20
> ordi-francois(rw,wdelay,root_squash,no_subtree_check,sec=3Dkrb5,rw,ro=
ot_squash,no_all_squash)
>

Actually, I forgot, if you're using v3, you probably need to allow
auth_sys mounts as well:

	sec=3Dsys:krb5

(Fixed in the latest kernel git, but that's not released yet.)

--b.

Re: nfs and kerberos authentification problem.

[François Valenduc]

J. Bruce Fields a =C3=A9crit :
> On Thu, Sep 04, 2008 at 07:41:17PM +0200, Fran=C3=A7ois Valenduc wrot=
e:
>  =20
>> J. Bruce Fields a =C3=A9crit :
>>    =20
>>> On Thu, Sep 04, 2008 at 07:31:11PM +0200, Fran=C3=A7ois Valenduc wr=
ote:
>>>  =20
>>>      =20
>>>> I had indeed forgot to add sec=3Dkrb5 to the export options. But e=
ven=20
>>>> if I  add it, it doesn't change anything.
>>>>    =20
>>>>        =20
>>> OK, and you re-exported?  (Just to double-check--what does exportfs=
 -v
>>> say?)
>>>
>>>  =20
>>>      =20
>>>> Is it really possible to use krb5  authentification with nfs ? I h=
ave
>>>> read a lot of howto and follow the  instructions and it never
>>>> succeeds...
>>>>    =20
>>>>        =20
>>> I'm sorry you've had trouble with it, but yes, it definitely works-=
-I
>>> use it every day.
>>>
>>> --b.
>>>
>>>  =20
>>>      =20
>> So, here is the output of exportfs -v relating to my home folder:
>> /home/francois  =20
>> ordi-francois(rw,wdelay,root_squash,no_subtree_check,sec=3Dkrb5,rw,r=
oot_squash,no_all_squash)
>>
>>    =20
>
> Actually, I forgot, if you're using v3, you probably need to allow
> auth_sys mounts as well:
>
> 	sec=3Dsys:krb5
>
> (Fixed in the latest kernel git, but that's not released yet.)
>
> --b.
>
>  =20
I have changed it and it's still the same. The main problem seems to be=
=20
the uid and gid mapping. I still get this line:

clnt: nfs-dcgn+4npE+/HutES1ELsHGk/OX1frD/lW0UTeDyZ6EE@public.gmane.org, uid: -1,=20
gid:                                                                   =
        =20
-1, num aux grps: 0

But, exportfs -v now gives the following:
/home/francois =20
ordi-francois(rw,wdelay,root_squash,no_subtree_check,sec=3Dsys:krb5,rw,=
root_squash,no_all_squash)

The line in fstab on the client is the following:
pc-francois:/home/francois      /mnt/pc-francois        nfs    =20
rw,noatime,rsize=3D1024,wsize=3D1024,soft,sec=3Dkrb5,noauto,users 0 0

What else should I do ? I can get a krb5 ticket but this is not enough=20
to mount the filesystem.

=46ran=C3=A7ois

Re: nfs and kerberos authentification problem.

[J. Bruce Fields]

On Thu, Sep 04, 2008 at 07:58:56PM +0200, Fran=C3=A7ois Valenduc wrote:
> J. Bruce Fields a =C3=A9crit :
>> On Thu, Sep 04, 2008 at 07:41:17PM +0200, Fran=C3=A7ois Valenduc wro=
te:
>>  =20
>>> J. Bruce Fields a =C3=A9crit :
>>>    =20
>>>> On Thu, Sep 04, 2008 at 07:31:11PM +0200, Fran=C3=A7ois Valenduc w=
rote:
>>>>        =20
>>>>> I had indeed forgot to add sec=3Dkrb5 to the export options. But=20
>>>>> even if I  add it, it doesn't change anything.
>>>>>            =20
>>>> OK, and you re-exported?  (Just to double-check--what does exportf=
s -v
>>>> say?)
>>>>
>>>>        =20
>>>>> Is it really possible to use krb5  authentification with nfs ? I =
have
>>>>> read a lot of howto and follow the  instructions and it never
>>>>> succeeds...
>>>>>            =20
>>>> I'm sorry you've had trouble with it, but yes, it definitely works=
--I
>>>> use it every day.
>>>>
>>>> --b.
>>>>
>>>>        =20
>>> So, here is the output of exportfs -v relating to my home folder:
>>> /home/francois   =20
>>> ordi-francois(rw,wdelay,root_squash,no_subtree_check,sec=3Dkrb5,rw,=
root_squash,no_all_squash)
>>>
>>>    =20
>>
>> Actually, I forgot, if you're using v3, you probably need to allow
>> auth_sys mounts as well:
>>
>> 	sec=3Dsys:krb5
>>
>> (Fixed in the latest kernel git, but that's not released yet.)
>>
>> --b.
>>
>>  =20
> I have changed it and it's still the same. The main problem seems to =
be =20
> the uid and gid mapping. I still get this line:
>
> clnt: nfs-dcgn+4npE+/HutES1ELsHGk/OX1frD/lW0UTeDyZ6EE@public.gmane.org, uid: -1, gid:               =
    =20
>                                                         -1, num aux g=
rps:=20
> 0

Nah, that's normal--I get the same thing, and everything still works.

Unless maybe the directory you're exporting really requires a particula=
r
uid?  What are the permissions on the directory you're exporting?

--b.

>
> But, exportfs -v now gives the following:
> /home/francois  =20
> ordi-francois(rw,wdelay,root_squash,no_subtree_check,sec=3Dsys:krb5,r=
w,root_squash,no_all_squash)
>
> The line in fstab on the client is the following:
> pc-francois:/home/francois      /mnt/pc-francois        nfs     =20
> rw,noatime,rsize=3D1024,wsize=3D1024,soft,sec=3Dkrb5,noauto,users 0 0
>
> What else should I do ? I can get a krb5 ticket but this is not enoug=
h =20
> to mount the filesystem.
>
> Fran=C3=A7ois

Re: nfs and kerberos authentification problem.

[François Valenduc]

J. Bruce Fields a =C3=A9crit :
> On Thu, Sep 04, 2008 at 07:58:56PM +0200, Fran=C3=A7ois Valenduc wrot=
e:
>  =20
>> J. Bruce Fields a =C3=A9crit :
>>    =20
>>> On Thu, Sep 04, 2008 at 07:41:17PM +0200, Fran=C3=A7ois Valenduc wr=
ote:
>>>  =20
>>>      =20
>>>> J. Bruce Fields a =C3=A9crit :
>>>>    =20
>>>>        =20
>>>>> On Thu, Sep 04, 2008 at 07:31:11PM +0200, Fran=C3=A7ois Valenduc =
wrote:
>>>>>        =20
>>>>>          =20
>>>>>> I had indeed forgot to add sec=3Dkrb5 to the export options. But=
=20
>>>>>> even if I  add it, it doesn't change anything.
>>>>>>            =20
>>>>>>            =20
>>>>> OK, and you re-exported?  (Just to double-check--what does export=
fs -v
>>>>> say?)
>>>>>
>>>>>        =20
>>>>>          =20
>>>>>> Is it really possible to use krb5  authentification with nfs ? I=
 have
>>>>>> read a lot of howto and follow the  instructions and it never
>>>>>> succeeds...
>>>>>>            =20
>>>>>>            =20
>>>>> I'm sorry you've had trouble with it, but yes, it definitely work=
s--I
>>>>> use it every day.
>>>>>
>>>>> --b.
>>>>>
>>>>>        =20
>>>>>          =20
>>>> So, here is the output of exportfs -v relating to my home folder:
>>>> /home/francois   =20
>>>> ordi-francois(rw,wdelay,root_squash,no_subtree_check,sec=3Dkrb5,rw=
,root_squash,no_all_squash)
>>>>
>>>>    =20
>>>>        =20
>>> Actually, I forgot, if you're using v3, you probably need to allow
>>> auth_sys mounts as well:
>>>
>>> 	sec=3Dsys:krb5
>>>
>>> (Fixed in the latest kernel git, but that's not released yet.)
>>>
>>> --b.
>>>
>>>  =20
>>>      =20
>> I have changed it and it's still the same. The main problem seems to=
 be =20
>> the uid and gid mapping. I still get this line:
>>
>> clnt: nfs-dcgn+4npE+/HutES1ELsHGk/OX1frD/lW0UTeDyZ6EE@public.gmane.org, uid: -1, gid:              =
     =20
>>                                                         -1, num aux =
grps:=20
>> 0
>>    =20
>
> Nah, that's normal--I get the same thing, and everything still works.
>
> Unless maybe the directory you're exporting really requires a particu=
lar
> uid?  What are the permissions on the directory you're exporting?
>
> --b.
>
>  =20
>> But, exportfs -v now gives the following:
>> /home/francois  =20
>> ordi-francois(rw,wdelay,root_squash,no_subtree_check,sec=3Dsys:krb5,=
rw,root_squash,no_all_squash)
>>
>> The line in fstab on the client is the following:
>> pc-francois:/home/francois      /mnt/pc-francois        nfs     =20
>> rw,noatime,rsize=3D1024,wsize=3D1024,soft,sec=3Dkrb5,noauto,users 0 =
0
>>
>> What else should I do ? I can get a krb5 ticket but this is not enou=
gh =20
>> to mount the filesystem.
>>
>> Fran=C3=A7ois
>>    =20
>
>  =20
It's my home directory, so it has normal permission for such a director=
y:
drwxrwsr-x 77 francois francois 4,0K sep  4 20:43 francois/

I don't think there is someting strange with this. I start running out=20
of ideas to get it working. I have reenabled nfs4 (which I also tried)=20
and it give the same problem. In order to do that, I off course changed=
=20
the exports file like this;
/export/francois=20
ordi-francois(nohide,rw,root_squash,no_subtree_check,sec=3Dsys:krb5)

And it is not yet working...

=46ran=C3=A7ois
=46ran=C3=A7ois

Re: nfs and kerberos authentification problem.

[J. Bruce Fields]

On Thu, Sep 04, 2008 at 08:53:09PM +0200, Fran=C3=A7ois Valenduc wrote:
> It's my home directory, so it has normal permission for such a direct=
ory:
> drwxrwsr-x 77 francois francois 4,0K sep  4 20:43 francois/

So everybody has permission to read that directory--OK, that shouldn't
be a problem.

> I don't think there is someting strange with this. I start running ou=
t =20
> of ideas to get it working. I have reenabled nfs4 (which I also tried=
) =20
> and it give the same problem. In order to do that, I off course chang=
ed =20
> the exports file like this;

> /export/francois =20
> ordi-francois(nohide,rw,root_squash,no_subtree_check,sec=3Dsys:krb5)

Let's just pick nfsv3 and stick with it; both nfsv3 and nfsv4 should
work, and switching between the two just complicates the debugging.

What does your mount commandline look like?

Could you get a network trace?  Just start

	tcpdump -s0 -wtmp.pcap

then attempt the mount, then after it fails kill tcpdump and send me
tmp.pcap.

--b.

Re: nfs and kerberos authentification problem.

[Kevin Coffman]

On Thu, Sep 4, 2008 at 2:59 PM, J. Bruce Fields <bfields@fieldses.org> =
wrote:
> On Thu, Sep 04, 2008 at 08:53:09PM +0200, Fran=E7ois Valenduc wrote:
>> It's my home directory, so it has normal permission for such a direc=
tory:
>> drwxrwsr-x 77 francois francois 4,0K sep  4 20:43 francois/
>
> So everybody has permission to read that directory--OK, that shouldn'=
t
> be a problem.
>
>> I don't think there is someting strange with this. I start running o=
ut
>> of ideas to get it working. I have reenabled nfs4 (which I also trie=
d)
>> and it give the same problem. In order to do that, I off course chan=
ged
>> the exports file like this;
>
>> /export/francois
>> ordi-francois(nohide,rw,root_squash,no_subtree_check,sec=3Dsys:krb5)
>
> Let's just pick nfsv3 and stick with it; both nfsv3 and nfsv4 should
> work, and switching between the two just complicates the debugging.
>
> What does your mount commandline look like?
>
> Could you get a network trace?  Just start
>
>        tcpdump -s0 -wtmp.pcap
>
> then attempt the mount, then after it fails kill tcpdump and send me
> tmp.pcap.
>
> --b.

This may be a stupid question, but can you access the mount using
auth_sys?  As I think I said before, it looks like the Kerberos part
is working.  (Unless there are errors on the client side from
rpc.gssd.)

Re: nfs and kerberos authentification problem.

[François Valenduc]

Kevin Coffman a =E9crit :
> On Thu, Sep 4, 2008 at 2:59 PM, J. Bruce Fields <bfields@fieldses.org=
> wrote:
>  =20
>> On Thu, Sep 04, 2008 at 08:53:09PM +0200, Fran=E7ois Valenduc wrote:
>>    =20
>>> It's my home directory, so it has normal permission for such a dire=
ctory:
>>> drwxrwsr-x 77 francois francois 4,0K sep  4 20:43 francois/
>>>      =20
>> So everybody has permission to read that directory--OK, that shouldn=
't
>> be a problem.
>>
>>    =20
>>> I don't think there is someting strange with this. I start running =
out
>>> of ideas to get it working. I have reenabled nfs4 (which I also tri=
ed)
>>> and it give the same problem. In order to do that, I off course cha=
nged
>>> the exports file like this;
>>>      =20
>>> /export/francois
>>> ordi-francois(nohide,rw,root_squash,no_subtree_check,sec=3Dsys:krb5=
)
>>>      =20
>> Let's just pick nfsv3 and stick with it; both nfsv3 and nfsv4 should
>> work, and switching between the two just complicates the debugging.
>>
>> What does your mount commandline look like?
>>
>> Could you get a network trace?  Just start
>>
>>        tcpdump -s0 -wtmp.pcap
>>
>> then attempt the mount, then after it fails kill tcpdump and send me
>> tmp.pcap.
>>
>> --b.
>>    =20
>
> This may be a stupid question, but can you access the mount using
> auth_sys?  As I think I said before, it looks like the Kerberos part
> is working.  (Unless there are errors on the client side from
> rpc.gssd.)
>
>  =20
I finally found a solution to the problem. It seems that it's needed to=
=20
compile both NFS v3 and v4 server support to make kerberos support=20
working. I find that a bit strange, but with this kernel configuration,=
=20
it is working fine. I find that a bit strange since I export the=20
filesystem as NFS3.
Should we consider this as a bug ? I am running kernel 2.6.26.3.

Thanks a lot for your patience,
=46ran=E7ois

Re: nfs and kerberos authentification problem.

[J. Bruce Fields]

On Thu, Sep 04, 2008 at 09:38:34PM +0200, Fran=C3=A7ois Valenduc wrote:
> Kevin Coffman a =C3=A9crit :
>> This may be a stupid question, but can you access the mount using
>> auth_sys?  As I think I said before, it looks like the Kerberos part
>> is working.  (Unless there are errors on the client side from
>> rpc.gssd.)
>>
>>  =20
> I finally found a solution to the problem.

Great!

> It seems that it's needed to =20
> compile both NFS v3 and v4 server support to make kerberos support =20
> working. I find that a bit strange, but with this kernel configuratio=
n, =20
> it is working fine. I find that a bit strange since I export the =20
> filesystem as NFS3.
> Should we consider this as a bug ? I am running kernel 2.6.26.3.

Yes, that would be a bug!  But: are you sure gss support was built in o=
n
the server?

--b.

>
> Thanks a lot for your patience,
> Fran=C3=A7ois

Re: nfs and kerberos authentification problem.

[J. Bruce Fields]

On Thu, Sep 04, 2008 at 03:40:46PM -0400, bfields wrote:
> On Thu, Sep 04, 2008 at 09:38:34PM +0200, Fran=C3=A7ois Valenduc wrot=
e:
> > Kevin Coffman a =C3=A9crit :
> >> This may be a stupid question, but can you access the mount using
> >> auth_sys?  As I think I said before, it looks like the Kerberos pa=
rt
> >> is working.  (Unless there are errors on the client side from
> >> rpc.gssd.)
> >>
> >>  =20
> > I finally found a solution to the problem.
>=20
> Great!
>=20
> > It seems that it's needed to =20
> > compile both NFS v3 and v4 server support to make kerberos support =
=20
> > working. I find that a bit strange, but with this kernel configurat=
ion, =20
> > it is working fine. I find that a bit strange since I export the =20
> > filesystem as NFS3.
> > Should we consider this as a bug ? I am running kernel 2.6.26.3.
>=20
> Yes, that would be a bug!  But: are you sure gss support was built in=
 on
> the server?

(Could you send a copy of the non-working config?)

--b.

Re: nfs and kerberos authentification problem.

[François Valenduc]

[-- Attachment #1: Type: text/plain, Size: 1385 bytes --]

J. Bruce Fields a écrit :
> On Thu, Sep 04, 2008 at 03:40:46PM -0400, bfields wrote:
>   
>> On Thu, Sep 04, 2008 at 09:38:34PM +0200, François Valenduc wrote:
>>     
>>> Kevin Coffman a écrit :
>>>       
>>>> This may be a stupid question, but can you access the mount using
>>>> auth_sys?  As I think I said before, it looks like the Kerberos part
>>>> is working.  (Unless there are errors on the client side from
>>>> rpc.gssd.)
>>>>
>>>>   
>>>>         
>>> I finally found a solution to the problem.
>>>       
>> Great!
>>
>>     
>>> It seems that it's needed to  
>>> compile both NFS v3 and v4 server support to make kerberos support  
>>> working. I find that a bit strange, but with this kernel configuration,  
>>> it is working fine. I find that a bit strange since I export the  
>>> filesystem as NFS3.
>>> Should we consider this as a bug ? I am running kernel 2.6.26.3.
>>>       
>> Yes, that would be a bug!  But: are you sure gss support was built in on
>> the server?
>>     
>
> (Could you send a copy of the non-working config?)
>
> --b.
>
>   
I confirm that GSS (CONFIG_SUNRPC_GSS and CONFIG_RPCSEC_GSS_KRB5) 
support was built in the non-working kernel. The only difference between 
the working and the non working kernel is NFS server 4 support.
I don't have the config of the non working kernel. So I send the copy of 
the working one.

François




[-- Attachment #2: config-2.6.26.3 --]
[-- Type: text/plain, Size: 47297 bytes --]

#
# Automatically generated make config: don't edit
# Linux kernel version: 2.6.26.3
# Thu Sep  4 21:21:57 2008
#
CONFIG_64BIT=y
# CONFIG_X86_32 is not set
CONFIG_X86_64=y
CONFIG_X86=y
CONFIG_ARCH_DEFCONFIG="arch/x86/configs/x86_64_defconfig"
# CONFIG_GENERIC_LOCKBREAK is not set
CONFIG_GENERIC_TIME=y
CONFIG_GENERIC_CMOS_UPDATE=y
CONFIG_CLOCKSOURCE_WATCHDOG=y
CONFIG_GENERIC_CLOCKEVENTS=y
CONFIG_GENERIC_CLOCKEVENTS_BROADCAST=y
CONFIG_LOCKDEP_SUPPORT=y
CONFIG_STACKTRACE_SUPPORT=y
CONFIG_HAVE_LATENCYTOP_SUPPORT=y
CONFIG_FAST_CMPXCHG_LOCAL=y
CONFIG_MMU=y
CONFIG_ZONE_DMA=y
CONFIG_GENERIC_ISA_DMA=y
CONFIG_GENERIC_IOMAP=y
CONFIG_GENERIC_BUG=y
CONFIG_GENERIC_HWEIGHT=y
# CONFIG_GENERIC_GPIO is not set
CONFIG_ARCH_MAY_HAVE_PC_FDC=y
CONFIG_RWSEM_GENERIC_SPINLOCK=y
# CONFIG_RWSEM_XCHGADD_ALGORITHM is not set
# CONFIG_ARCH_HAS_ILOG2_U32 is not set
# CONFIG_ARCH_HAS_ILOG2_U64 is not set
CONFIG_ARCH_HAS_CPU_IDLE_WAIT=y
CONFIG_GENERIC_CALIBRATE_DELAY=y
CONFIG_GENERIC_TIME_VSYSCALL=y
CONFIG_ARCH_HAS_CPU_RELAX=y
CONFIG_ARCH_HAS_CACHE_LINE_SIZE=y
CONFIG_HAVE_SETUP_PER_CPU_AREA=y
CONFIG_HAVE_CPUMASK_OF_CPU_MAP=y
CONFIG_ARCH_HIBERNATION_POSSIBLE=y
CONFIG_ARCH_SUSPEND_POSSIBLE=y
CONFIG_ZONE_DMA32=y
CONFIG_ARCH_POPULATES_NODE_MAP=y
CONFIG_AUDIT_ARCH=y
CONFIG_ARCH_SUPPORTS_AOUT=y
CONFIG_ARCH_SUPPORTS_OPTIMIZED_INLINING=y
CONFIG_GENERIC_HARDIRQS=y
CONFIG_GENERIC_IRQ_PROBE=y
CONFIG_GENERIC_PENDING_IRQ=y
CONFIG_X86_SMP=y
CONFIG_X86_64_SMP=y
CONFIG_X86_HT=y
CONFIG_X86_BIOS_REBOOT=y
CONFIG_X86_TRAMPOLINE=y
# CONFIG_KTIME_SCALAR is not set
CONFIG_DEFCONFIG_LIST="/lib/modules/$UNAME_RELEASE/.config"

#
# General setup
#
CONFIG_EXPERIMENTAL=y
CONFIG_LOCK_KERNEL=y
CONFIG_INIT_ENV_ARG_LIMIT=32
CONFIG_LOCALVERSION=""
# CONFIG_LOCALVERSION_AUTO is not set
CONFIG_SWAP=y
CONFIG_SYSVIPC=y
CONFIG_SYSVIPC_SYSCTL=y
# CONFIG_POSIX_MQUEUE is not set
# CONFIG_BSD_PROCESS_ACCT is not set
# CONFIG_TASKSTATS is not set
# CONFIG_AUDIT is not set
CONFIG_IKCONFIG=y
CONFIG_IKCONFIG_PROC=y
CONFIG_LOG_BUF_SHIFT=15
CONFIG_CGROUPS=y
# CONFIG_CGROUP_DEBUG is not set
# CONFIG_CGROUP_NS is not set
# CONFIG_CGROUP_DEVICE is not set
# CONFIG_CPUSETS is not set
CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y
CONFIG_GROUP_SCHED=y
CONFIG_FAIR_GROUP_SCHED=y
# CONFIG_RT_GROUP_SCHED is not set
CONFIG_USER_SCHED=y
# CONFIG_CGROUP_SCHED is not set
CONFIG_CGROUP_CPUACCT=y
CONFIG_RESOURCE_COUNTERS=y
# CONFIG_CGROUP_MEM_RES_CTLR is not set
CONFIG_SYSFS_DEPRECATED=y
CONFIG_SYSFS_DEPRECATED_V2=y
# CONFIG_RELAY is not set
CONFIG_NAMESPACES=y
# CONFIG_UTS_NS is not set
# CONFIG_IPC_NS is not set
# CONFIG_USER_NS is not set
# CONFIG_PID_NS is not set
CONFIG_BLK_DEV_INITRD=y
CONFIG_INITRAMFS_SOURCE=""
# CONFIG_CC_OPTIMIZE_FOR_SIZE is not set
CONFIG_SYSCTL=y
# CONFIG_EMBEDDED is not set
CONFIG_UID16=y
CONFIG_SYSCTL_SYSCALL=y
CONFIG_SYSCTL_SYSCALL_CHECK=y
CONFIG_KALLSYMS=y
# CONFIG_KALLSYMS_EXTRA_PASS is not set
CONFIG_HOTPLUG=y
CONFIG_PRINTK=y
CONFIG_BUG=y
CONFIG_ELF_CORE=y
CONFIG_PCSPKR_PLATFORM=y
# CONFIG_COMPAT_BRK is not set
CONFIG_BASE_FULL=y
CONFIG_FUTEX=y
CONFIG_ANON_INODES=y
CONFIG_EPOLL=y
CONFIG_SIGNALFD=y
CONFIG_TIMERFD=y
CONFIG_EVENTFD=y
CONFIG_SHMEM=y
CONFIG_VM_EVENT_COUNTERS=y
CONFIG_SLUB_DEBUG=y
# CONFIG_SLAB is not set
CONFIG_SLUB=y
# CONFIG_SLOB is not set
# CONFIG_PROFILING is not set
# CONFIG_MARKERS is not set
CONFIG_HAVE_OPROFILE=y
# CONFIG_KPROBES is not set
CONFIG_HAVE_KPROBES=y
CONFIG_HAVE_KRETPROBES=y
# CONFIG_HAVE_DMA_ATTRS is not set
CONFIG_PROC_PAGE_MONITOR=y
CONFIG_SLABINFO=y
CONFIG_RT_MUTEXES=y
# CONFIG_TINY_SHMEM is not set
CONFIG_BASE_SMALL=0
CONFIG_MODULES=y
# CONFIG_MODULE_FORCE_LOAD is not set
CONFIG_MODULE_UNLOAD=y
# CONFIG_MODULE_FORCE_UNLOAD is not set
# CONFIG_MODVERSIONS is not set
# CONFIG_MODULE_SRCVERSION_ALL is not set
CONFIG_KMOD=y
CONFIG_STOP_MACHINE=y
CONFIG_BLOCK=y
# CONFIG_BLK_DEV_IO_TRACE is not set
# CONFIG_BLK_DEV_BSG is not set
CONFIG_BLOCK_COMPAT=y

#
# IO Schedulers
#
CONFIG_IOSCHED_NOOP=y
# CONFIG_IOSCHED_AS is not set
CONFIG_IOSCHED_DEADLINE=y
# CONFIG_IOSCHED_CFQ is not set
# CONFIG_DEFAULT_AS is not set
CONFIG_DEFAULT_DEADLINE=y
# CONFIG_DEFAULT_CFQ is not set
# CONFIG_DEFAULT_NOOP is not set
CONFIG_DEFAULT_IOSCHED="deadline"
CONFIG_CLASSIC_RCU=y

#
# Processor type and features
#
CONFIG_TICK_ONESHOT=y
CONFIG_NO_HZ=y
CONFIG_HIGH_RES_TIMERS=y
CONFIG_GENERIC_CLOCKEVENTS_BUILD=y
CONFIG_SMP=y
CONFIG_X86_PC=y
# CONFIG_X86_ELAN is not set
# CONFIG_X86_VOYAGER is not set
# CONFIG_X86_NUMAQ is not set
# CONFIG_X86_SUMMIT is not set
# CONFIG_X86_BIGSMP is not set
# CONFIG_X86_VISWS is not set
# CONFIG_X86_GENERICARCH is not set
# CONFIG_X86_ES7000 is not set
# CONFIG_X86_RDC321X is not set
# CONFIG_X86_VSMP is not set
# CONFIG_PARAVIRT_GUEST is not set
CONFIG_MEMTEST_BOOTPARAM=y
CONFIG_MEMTEST_BOOTPARAM_VALUE=0
# CONFIG_M386 is not set
# CONFIG_M486 is not set
# CONFIG_M586 is not set
# CONFIG_M586TSC is not set
# CONFIG_M586MMX is not set
# CONFIG_M686 is not set
# CONFIG_MPENTIUMII is not set
# CONFIG_MPENTIUMIII is not set
# CONFIG_MPENTIUMM is not set
# CONFIG_MPENTIUM4 is not set
# CONFIG_MK6 is not set
# CONFIG_MK7 is not set
# CONFIG_MK8 is not set
# CONFIG_MCRUSOE is not set
# CONFIG_MEFFICEON is not set
# CONFIG_MWINCHIPC6 is not set
# CONFIG_MWINCHIP2 is not set
# CONFIG_MWINCHIP3D is not set
# CONFIG_MGEODEGX1 is not set
# CONFIG_MGEODE_LX is not set
# CONFIG_MCYRIXIII is not set
# CONFIG_MVIAC3_2 is not set
# CONFIG_MVIAC7 is not set
# CONFIG_MPSC is not set
CONFIG_MCORE2=y
# CONFIG_GENERIC_CPU is not set
CONFIG_X86_CPU=y
CONFIG_X86_L1_CACHE_BYTES=64
CONFIG_X86_INTERNODE_CACHE_BYTES=64
CONFIG_X86_CMPXCHG=y
CONFIG_X86_L1_CACHE_SHIFT=6
CONFIG_X86_GOOD_APIC=y
CONFIG_X86_INTEL_USERCOPY=y
CONFIG_X86_USE_PPRO_CHECKSUM=y
CONFIG_X86_P6_NOP=y
CONFIG_X86_TSC=y
CONFIG_X86_CMOV=y
CONFIG_X86_MINIMUM_CPU_FAMILY=64
CONFIG_X86_DEBUGCTLMSR=y
CONFIG_HPET_TIMER=y
CONFIG_HPET_EMULATE_RTC=y
CONFIG_DMI=y
CONFIG_GART_IOMMU=y
# CONFIG_CALGARY_IOMMU is not set
CONFIG_SWIOTLB=y
CONFIG_IOMMU_HELPER=y
CONFIG_NR_CPUS=8
# CONFIG_SCHED_SMT is not set
# CONFIG_SCHED_MC is not set
# CONFIG_PREEMPT_NONE is not set
CONFIG_PREEMPT_VOLUNTARY=y
# CONFIG_PREEMPT is not set
CONFIG_X86_LOCAL_APIC=y
CONFIG_X86_IO_APIC=y
# CONFIG_X86_MCE is not set
# CONFIG_I8K is not set
# CONFIG_MICROCODE is not set
# CONFIG_X86_MSR is not set
# CONFIG_X86_CPUID is not set
# CONFIG_NUMA is not set
CONFIG_ARCH_SPARSEMEM_DEFAULT=y
CONFIG_ARCH_SPARSEMEM_ENABLE=y
CONFIG_ARCH_SELECT_MEMORY_MODEL=y
CONFIG_SELECT_MEMORY_MODEL=y
# CONFIG_FLATMEM_MANUAL is not set
# CONFIG_DISCONTIGMEM_MANUAL is not set
CONFIG_SPARSEMEM_MANUAL=y
CONFIG_SPARSEMEM=y
CONFIG_HAVE_MEMORY_PRESENT=y
# CONFIG_SPARSEMEM_STATIC is not set
CONFIG_SPARSEMEM_EXTREME=y
CONFIG_SPARSEMEM_VMEMMAP_ENABLE=y
CONFIG_SPARSEMEM_VMEMMAP=y

#
# Memory hotplug is currently incompatible with Software Suspend
#
CONFIG_PAGEFLAGS_EXTENDED=y
CONFIG_SPLIT_PTLOCK_CPUS=4
CONFIG_RESOURCES_64BIT=y
CONFIG_ZONE_DMA_FLAG=1
CONFIG_BOUNCE=y
CONFIG_VIRT_TO_BUS=y
CONFIG_MTRR=y
CONFIG_X86_PAT=y
# CONFIG_EFI is not set
CONFIG_SECCOMP=y
# CONFIG_HZ_100 is not set
# CONFIG_HZ_250 is not set
# CONFIG_HZ_300 is not set
CONFIG_HZ_1000=y
CONFIG_HZ=1000
CONFIG_SCHED_HRTICK=y
CONFIG_KEXEC=y
# CONFIG_CRASH_DUMP is not set
CONFIG_PHYSICAL_START=0x200000
# CONFIG_RELOCATABLE is not set
CONFIG_PHYSICAL_ALIGN=0x200000
CONFIG_HOTPLUG_CPU=y
# CONFIG_COMPAT_VDSO is not set
CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y

#
# Power management options
#
CONFIG_ARCH_HIBERNATION_HEADER=y
CONFIG_PM=y
# CONFIG_PM_DEBUG is not set
CONFIG_PM_SLEEP_SMP=y
CONFIG_PM_SLEEP=y
# CONFIG_SUSPEND is not set
CONFIG_HIBERNATION=y
CONFIG_PM_STD_PARTITION=""
CONFIG_TOI_CORE=y

#
# Image Storage (you need at least one allocator)
#
# CONFIG_TOI_FILE is not set
CONFIG_TOI_SWAP=y

#
# General Options
#
CONFIG_TOI_DEFAULT_PRE_HIBERNATE=""
CONFIG_TOI_DEFAULT_POST_HIBERNATE=""
CONFIG_TOI_CRYPTO=y
CONFIG_TOI_USERUI=y
CONFIG_TOI_USERUI_DEFAULT_PATH="/sbin/tuxoniceui_fbsplash"
# CONFIG_TOI_KEEP_IMAGE is not set
CONFIG_TOI_REPLACE_SWSUSP=y
# CONFIG_TOI_CHECKSUM is not set
CONFIG_TOI_DEFAULT_WAIT=25
CONFIG_TOI_DEFAULT_EXTRA_PAGES_ALLOWANCE=500
# CONFIG_TOI_PAGEFLAGS_TEST is not set
CONFIG_TOI=y
CONFIG_ACPI=y
CONFIG_ACPI_SLEEP=y
# CONFIG_ACPI_PROCFS is not set
CONFIG_ACPI_PROCFS_POWER=y
# CONFIG_ACPI_SYSFS_POWER is not set
CONFIG_ACPI_PROC_EVENT=y
CONFIG_ACPI_AC=m
CONFIG_ACPI_BATTERY=m
CONFIG_ACPI_BUTTON=m
CONFIG_ACPI_FAN=m
CONFIG_ACPI_DOCK=m
# CONFIG_ACPI_BAY is not set
CONFIG_ACPI_PROCESSOR=m
CONFIG_ACPI_HOTPLUG_CPU=y
CONFIG_ACPI_THERMAL=m
# CONFIG_ACPI_WMI is not set
# CONFIG_ACPI_ASUS is not set
# CONFIG_ACPI_TOSHIBA is not set
# CONFIG_ACPI_CUSTOM_DSDT is not set
CONFIG_ACPI_BLACKLIST_YEAR=0
# CONFIG_ACPI_DEBUG is not set
CONFIG_ACPI_EC=y
CONFIG_ACPI_POWER=y
CONFIG_ACPI_SYSTEM=y
CONFIG_X86_PM_TIMER=y
CONFIG_ACPI_CONTAINER=m
# CONFIG_ACPI_SBS is not set

#
# CPU Frequency scaling
#
CONFIG_CPU_FREQ=y
CONFIG_CPU_FREQ_TABLE=m
# CONFIG_CPU_FREQ_DEBUG is not set
# CONFIG_CPU_FREQ_STAT is not set
CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE=y
# CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE is not set
# CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE is not set
# CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND is not set
# CONFIG_CPU_FREQ_DEFAULT_GOV_CONSERVATIVE is not set
CONFIG_CPU_FREQ_GOV_PERFORMANCE=y
CONFIG_CPU_FREQ_GOV_POWERSAVE=m
CONFIG_CPU_FREQ_GOV_USERSPACE=m
CONFIG_CPU_FREQ_GOV_ONDEMAND=m
CONFIG_CPU_FREQ_GOV_CONSERVATIVE=m

#
# CPUFreq processor drivers
#
CONFIG_X86_ACPI_CPUFREQ=m
# CONFIG_X86_POWERNOW_K8 is not set
# CONFIG_X86_SPEEDSTEP_CENTRINO is not set
# CONFIG_X86_P4_CLOCKMOD is not set

#
# shared options
#
# CONFIG_X86_ACPI_CPUFREQ_PROC_INTF is not set
# CONFIG_X86_SPEEDSTEP_LIB is not set
CONFIG_CPU_IDLE=y
CONFIG_CPU_IDLE_GOV_LADDER=y
CONFIG_CPU_IDLE_GOV_MENU=y

#
# Bus options (PCI etc.)
#
CONFIG_PCI=y
CONFIG_PCI_DIRECT=y
CONFIG_PCI_MMCONFIG=y
CONFIG_PCI_DOMAINS=y
# CONFIG_DMAR is not set
CONFIG_PCIEPORTBUS=y
CONFIG_PCIEAER=y
# CONFIG_PCIEASPM is not set
CONFIG_ARCH_SUPPORTS_MSI=y
CONFIG_PCI_MSI=y
# CONFIG_PCI_LEGACY is not set
CONFIG_HT_IRQ=y
CONFIG_ISA_DMA_API=y
CONFIG_K8_NB=y
# CONFIG_PCCARD is not set
# CONFIG_HOTPLUG_PCI is not set

#
# Executable file formats / Emulations
#
CONFIG_BINFMT_ELF=y
CONFIG_COMPAT_BINFMT_ELF=y
# CONFIG_BINFMT_MISC is not set
CONFIG_IA32_EMULATION=y
# CONFIG_IA32_AOUT is not set
CONFIG_COMPAT=y
CONFIG_COMPAT_FOR_U64_ALIGNMENT=y
CONFIG_SYSVIPC_COMPAT=y

#
# Networking
#
CONFIG_NET=y

#
# Networking options
#
CONFIG_PACKET=y
CONFIG_PACKET_MMAP=y
CONFIG_UNIX=y
CONFIG_XFRM=y
# CONFIG_XFRM_USER is not set
# CONFIG_XFRM_SUB_POLICY is not set
# CONFIG_XFRM_MIGRATE is not set
# CONFIG_XFRM_STATISTICS is not set
# CONFIG_NET_KEY is not set
CONFIG_INET=y
# CONFIG_IP_MULTICAST is not set
# CONFIG_IP_ADVANCED_ROUTER is not set
CONFIG_IP_FIB_HASH=y
# CONFIG_IP_PNP is not set
# CONFIG_NET_IPIP is not set
# CONFIG_NET_IPGRE is not set
# CONFIG_ARPD is not set
# CONFIG_SYN_COOKIES is not set
CONFIG_INET_AH=m
CONFIG_INET_ESP=m
CONFIG_INET_IPCOMP=m
CONFIG_INET_XFRM_TUNNEL=m
CONFIG_INET_TUNNEL=m
CONFIG_INET_XFRM_MODE_TRANSPORT=m
CONFIG_INET_XFRM_MODE_TUNNEL=m
CONFIG_INET_XFRM_MODE_BEET=m
# CONFIG_INET_LRO is not set
# CONFIG_INET_DIAG is not set
# CONFIG_TCP_CONG_ADVANCED is not set
CONFIG_TCP_CONG_CUBIC=y
CONFIG_DEFAULT_TCP_CONG="cubic"
# CONFIG_TCP_MD5SIG is not set
# CONFIG_IP_VS is not set
# CONFIG_IPV6 is not set
# CONFIG_NETWORK_SECMARK is not set
CONFIG_NETFILTER=y
# CONFIG_NETFILTER_DEBUG is not set
# CONFIG_NETFILTER_ADVANCED is not set

#
# Core Netfilter Configuration
#
# CONFIG_NETFILTER_NETLINK_LOG is not set
CONFIG_NF_CONNTRACK=m
CONFIG_NF_CONNTRACK_FTP=m
# CONFIG_NF_CONNTRACK_IRC is not set
# CONFIG_NF_CONNTRACK_SIP is not set
# CONFIG_NF_CT_NETLINK is not set
CONFIG_NETFILTER_XTABLES=m
# CONFIG_NETFILTER_XT_TARGET_MARK is not set
# CONFIG_NETFILTER_XT_TARGET_NFLOG is not set
# CONFIG_NETFILTER_XT_TARGET_TCPMSS is not set
# CONFIG_NETFILTER_XT_MATCH_CONNTRACK is not set
# CONFIG_NETFILTER_XT_MATCH_MARK is not set
# CONFIG_NETFILTER_XT_MATCH_POLICY is not set
CONFIG_NETFILTER_XT_MATCH_STATE=m

#
# IP: Netfilter Configuration
#
CONFIG_NF_CONNTRACK_IPV4=m
CONFIG_NF_CONNTRACK_PROC_COMPAT=y
CONFIG_IP_NF_IPTABLES=m
CONFIG_IP_NF_FILTER=m
CONFIG_IP_NF_TARGET_REJECT=m
# CONFIG_IP_NF_TARGET_LOG is not set
# CONFIG_IP_NF_TARGET_ULOG is not set
CONFIG_NF_NAT=m
CONFIG_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=m
CONFIG_NF_NAT_FTP=m
# CONFIG_NF_NAT_IRC is not set
# CONFIG_NF_NAT_TFTP is not set
# CONFIG_NF_NAT_AMANDA is not set
# CONFIG_NF_NAT_PPTP is not set
# CONFIG_NF_NAT_H323 is not set
# CONFIG_NF_NAT_SIP is not set
# CONFIG_IP_NF_MANGLE is not set
# CONFIG_IP_DCCP is not set
# CONFIG_IP_SCTP is not set
# CONFIG_TIPC is not set
# CONFIG_ATM is not set
# CONFIG_BRIDGE is not set
# CONFIG_VLAN_8021Q is not set
# CONFIG_DECNET is not set
# CONFIG_LLC2 is not set
# CONFIG_IPX is not set
# CONFIG_ATALK is not set
# CONFIG_X25 is not set
# CONFIG_LAPB is not set
# CONFIG_ECONET is not set
# CONFIG_WAN_ROUTER is not set
# CONFIG_NET_SCHED is not set
CONFIG_NET_SCH_FIFO=y

#
# Network testing
#
# CONFIG_NET_PKTGEN is not set
# CONFIG_HAMRADIO is not set
# CONFIG_CAN is not set
# CONFIG_IRDA is not set
CONFIG_BT=m
# CONFIG_BT_L2CAP is not set
# CONFIG_BT_SCO is not set

#
# Bluetooth device drivers
#
CONFIG_BT_HCIUSB=m
CONFIG_BT_HCIUSB_SCO=y
# CONFIG_BT_HCIBTSDIO is not set
# CONFIG_BT_HCIUART is not set
# CONFIG_BT_HCIBCM203X is not set
# CONFIG_BT_HCIBPA10X is not set
# CONFIG_BT_HCIBFUSB is not set
# CONFIG_BT_HCIVHCI is not set
# CONFIG_AF_RXRPC is not set

#
# Wireless
#
CONFIG_CFG80211=m
# CONFIG_NL80211 is not set
CONFIG_WIRELESS_EXT=y
CONFIG_MAC80211=m

#
# Rate control algorithm selection
#
CONFIG_MAC80211_RC_DEFAULT_PID=y
# CONFIG_MAC80211_RC_DEFAULT_NONE is not set

#
# Selecting 'y' for an algorithm will
#

#
# build the algorithm into mac80211.
#
CONFIG_MAC80211_RC_DEFAULT="pid"
CONFIG_MAC80211_RC_PID=y
# CONFIG_MAC80211_MESH is not set
# CONFIG_MAC80211_LEDS is not set
# CONFIG_MAC80211_DEBUG_PACKET_ALIGNMENT is not set
# CONFIG_MAC80211_DEBUG is not set
# CONFIG_IEEE80211 is not set
# CONFIG_RFKILL is not set
# CONFIG_NET_9P is not set

#
# Device Drivers
#

#
# Generic Driver Options
#
CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug"
CONFIG_STANDALONE=y
CONFIG_PREVENT_FIRMWARE_BUILD=y
CONFIG_FW_LOADER=y
# CONFIG_SYS_HYPERVISOR is not set
CONFIG_CONNECTOR=y
CONFIG_PROC_EVENTS=y
# CONFIG_MTD is not set
# CONFIG_PARPORT is not set
CONFIG_PNP=y
# CONFIG_PNP_DEBUG is not set

#
# Protocols
#
CONFIG_PNPACPI=y
CONFIG_BLK_DEV=y
# CONFIG_BLK_DEV_FD is not set
# CONFIG_BLK_CPQ_DA is not set
# CONFIG_BLK_CPQ_CISS_DA is not set
# CONFIG_BLK_DEV_DAC960 is not set
# CONFIG_BLK_DEV_UMEM is not set
# CONFIG_BLK_DEV_COW_COMMON is not set
CONFIG_BLK_DEV_LOOP=m
# CONFIG_BLK_DEV_CRYPTOLOOP is not set
# CONFIG_BLK_DEV_NBD is not set
# CONFIG_BLK_DEV_SX8 is not set
# CONFIG_BLK_DEV_UB is not set
# CONFIG_BLK_DEV_RAM is not set
# CONFIG_CDROM_PKTCDVD is not set
# CONFIG_ATA_OVER_ETH is not set
# CONFIG_MISC_DEVICES is not set
CONFIG_HAVE_IDE=y
CONFIG_IDE=y
CONFIG_BLK_DEV_IDE=m

#
# Please see Documentation/ide/ide.txt for help/info on IDE drives
#
# CONFIG_BLK_DEV_IDE_SATA is not set
CONFIG_BLK_DEV_IDEDISK=m
# CONFIG_IDEDISK_MULTI_MODE is not set
CONFIG_BLK_DEV_IDECD=m
CONFIG_BLK_DEV_IDECD_VERBOSE_ERRORS=y
# CONFIG_BLK_DEV_IDETAPE is not set
# CONFIG_BLK_DEV_IDEFLOPPY is not set
# CONFIG_BLK_DEV_IDESCSI is not set
# CONFIG_BLK_DEV_IDEACPI is not set
# CONFIG_IDE_TASK_IOCTL is not set
CONFIG_IDE_PROC_FS=y

#
# IDE chipset support/bugfixes
#
# CONFIG_IDE_GENERIC is not set
# CONFIG_BLK_DEV_PLATFORM is not set
# CONFIG_BLK_DEV_CMD640 is not set
# CONFIG_BLK_DEV_IDEPNP is not set
CONFIG_BLK_DEV_IDEDMA_SFF=y

#
# PCI IDE chipsets support
#
CONFIG_BLK_DEV_IDEPCI=y
# CONFIG_BLK_DEV_GENERIC is not set
# CONFIG_BLK_DEV_OPTI621 is not set
# CONFIG_BLK_DEV_RZ1000 is not set
CONFIG_BLK_DEV_IDEDMA_PCI=y
# CONFIG_BLK_DEV_AEC62XX is not set
# CONFIG_BLK_DEV_ALI15X3 is not set
# CONFIG_BLK_DEV_AMD74XX is not set
# CONFIG_BLK_DEV_ATIIXP is not set
# CONFIG_BLK_DEV_CMD64X is not set
# CONFIG_BLK_DEV_TRIFLEX is not set
# CONFIG_BLK_DEV_CY82C693 is not set
# CONFIG_BLK_DEV_CS5520 is not set
# CONFIG_BLK_DEV_CS5530 is not set
# CONFIG_BLK_DEV_HPT34X is not set
# CONFIG_BLK_DEV_HPT366 is not set
# CONFIG_BLK_DEV_JMICRON is not set
# CONFIG_BLK_DEV_SC1200 is not set
CONFIG_BLK_DEV_PIIX=m
# CONFIG_BLK_DEV_IT8213 is not set
# CONFIG_BLK_DEV_IT821X is not set
# CONFIG_BLK_DEV_NS87415 is not set
# CONFIG_BLK_DEV_PDC202XX_OLD is not set
# CONFIG_BLK_DEV_PDC202XX_NEW is not set
# CONFIG_BLK_DEV_SVWKS is not set
# CONFIG_BLK_DEV_SIIMAGE is not set
# CONFIG_BLK_DEV_SIS5513 is not set
# CONFIG_BLK_DEV_SLC90E66 is not set
# CONFIG_BLK_DEV_TRM290 is not set
# CONFIG_BLK_DEV_VIA82CXXX is not set
# CONFIG_BLK_DEV_TC86C001 is not set
CONFIG_BLK_DEV_IDEDMA=y
# CONFIG_BLK_DEV_HD_ONLY is not set
# CONFIG_BLK_DEV_HD is not set

#
# SCSI device support
#
# CONFIG_RAID_ATTRS is not set
CONFIG_SCSI=y
CONFIG_SCSI_DMA=y
# CONFIG_SCSI_TGT is not set
# CONFIG_SCSI_NETLINK is not set
# CONFIG_SCSI_PROC_FS is not set

#
# SCSI support type (disk, tape, CD-ROM)
#
CONFIG_BLK_DEV_SD=y
# CONFIG_CHR_DEV_ST is not set
# CONFIG_CHR_DEV_OSST is not set
# CONFIG_BLK_DEV_SR is not set
# CONFIG_CHR_DEV_SG is not set
# CONFIG_CHR_DEV_SCH is not set

#
# Some SCSI devices (e.g. CD jukebox) support multiple LUNs
#
# CONFIG_SCSI_MULTI_LUN is not set
# CONFIG_SCSI_CONSTANTS is not set
# CONFIG_SCSI_LOGGING is not set
# CONFIG_SCSI_SCAN_ASYNC is not set
CONFIG_SCSI_WAIT_SCAN=m

#
# SCSI Transports
#
# CONFIG_SCSI_SPI_ATTRS is not set
# CONFIG_SCSI_FC_ATTRS is not set
# CONFIG_SCSI_ISCSI_ATTRS is not set
# CONFIG_SCSI_SAS_LIBSAS is not set
# CONFIG_SCSI_SRP_ATTRS is not set
# CONFIG_SCSI_LOWLEVEL is not set
CONFIG_ATA=m
# CONFIG_ATA_NONSTANDARD is not set
# CONFIG_ATA_ACPI is not set
# CONFIG_SATA_PMP is not set
CONFIG_SATA_AHCI=m
# CONFIG_SATA_SIL24 is not set
CONFIG_ATA_SFF=y
# CONFIG_SATA_SVW is not set
# CONFIG_ATA_PIIX is not set
# CONFIG_SATA_MV is not set
# CONFIG_SATA_NV is not set
# CONFIG_PDC_ADMA is not set
# CONFIG_SATA_QSTOR is not set
# CONFIG_SATA_PROMISE is not set
# CONFIG_SATA_SX4 is not set
# CONFIG_SATA_SIL is not set
# CONFIG_SATA_SIS is not set
# CONFIG_SATA_ULI is not set
# CONFIG_SATA_VIA is not set
# CONFIG_SATA_VITESSE is not set
# CONFIG_SATA_INIC162X is not set
# CONFIG_PATA_ALI is not set
# CONFIG_PATA_AMD is not set
# CONFIG_PATA_ARTOP is not set
# CONFIG_PATA_ATIIXP is not set
# CONFIG_PATA_CMD640_PCI is not set
# CONFIG_PATA_CMD64X is not set
# CONFIG_PATA_CS5520 is not set
# CONFIG_PATA_CS5530 is not set
# CONFIG_PATA_CYPRESS is not set
# CONFIG_PATA_EFAR is not set
# CONFIG_ATA_GENERIC is not set
# CONFIG_PATA_HPT366 is not set
# CONFIG_PATA_HPT37X is not set
# CONFIG_PATA_HPT3X2N is not set
# CONFIG_PATA_HPT3X3 is not set
# CONFIG_PATA_IT821X is not set
# CONFIG_PATA_IT8213 is not set
# CONFIG_PATA_JMICRON is not set
# CONFIG_PATA_TRIFLEX is not set
# CONFIG_PATA_MARVELL is not set
# CONFIG_PATA_MPIIX is not set
# CONFIG_PATA_OLDPIIX is not set
# CONFIG_PATA_NETCELL is not set
# CONFIG_PATA_NINJA32 is not set
# CONFIG_PATA_NS87410 is not set
# CONFIG_PATA_NS87415 is not set
# CONFIG_PATA_OPTI is not set
# CONFIG_PATA_OPTIDMA is not set
# CONFIG_PATA_PDC_OLD is not set
# CONFIG_PATA_RADISYS is not set
# CONFIG_PATA_RZ1000 is not set
# CONFIG_PATA_SC1200 is not set
# CONFIG_PATA_SERVERWORKS is not set
# CONFIG_PATA_PDC2027X is not set
# CONFIG_PATA_SIL680 is not set
# CONFIG_PATA_SIS is not set
# CONFIG_PATA_VIA is not set
# CONFIG_PATA_WINBOND is not set
# CONFIG_PATA_SCH is not set
CONFIG_MD=y
# CONFIG_BLK_DEV_MD is not set
CONFIG_BLK_DEV_DM=m
# CONFIG_DM_DEBUG is not set
CONFIG_DM_CRYPT=m
CONFIG_DM_SNAPSHOT=m
# CONFIG_DM_MIRROR is not set
# CONFIG_DM_ZERO is not set
# CONFIG_DM_MULTIPATH is not set
# CONFIG_DM_DELAY is not set
# CONFIG_DM_UEVENT is not set
# CONFIG_FUSION is not set

#
# IEEE 1394 (FireWire) support
#

#
# Enable only one of the two stacks, unless you know what you are doing
#
# CONFIG_FIREWIRE is not set
CONFIG_IEEE1394=m
CONFIG_IEEE1394_OHCI1394=m
# CONFIG_IEEE1394_PCILYNX is not set
CONFIG_IEEE1394_SBP2=m
# CONFIG_IEEE1394_SBP2_PHYS_DMA is not set
# CONFIG_IEEE1394_ETH1394_ROM_ENTRY is not set
# CONFIG_IEEE1394_ETH1394 is not set
# CONFIG_IEEE1394_RAWIO is not set
# CONFIG_IEEE1394_VIDEO1394 is not set
# CONFIG_IEEE1394_DV1394 is not set
# CONFIG_IEEE1394_VERBOSEDEBUG is not set
# CONFIG_I2O is not set
# CONFIG_MACINTOSH_DRIVERS is not set
CONFIG_NETDEVICES=y
# CONFIG_NETDEVICES_MULTIQUEUE is not set
# CONFIG_DUMMY is not set
# CONFIG_BONDING is not set
# CONFIG_MACVLAN is not set
# CONFIG_EQUALIZER is not set
# CONFIG_TUN is not set
# CONFIG_VETH is not set
# CONFIG_NET_SB1000 is not set
# CONFIG_ARCNET is not set
# CONFIG_NET_ETHERNET is not set
CONFIG_NETDEV_1000=y
# CONFIG_ACENIC is not set
# CONFIG_DL2K is not set
# CONFIG_E1000 is not set
# CONFIG_E1000E is not set
# CONFIG_E1000E_ENABLED is not set
# CONFIG_IP1000 is not set
# CONFIG_IGB is not set
# CONFIG_NS83820 is not set
# CONFIG_HAMACHI is not set
# CONFIG_YELLOWFIN is not set
# CONFIG_R8169 is not set
# CONFIG_SIS190 is not set
# CONFIG_SKGE is not set
CONFIG_SKY2=m
# CONFIG_VIA_VELOCITY is not set
# CONFIG_TIGON3 is not set
# CONFIG_BNX2 is not set
# CONFIG_QLA3XXX is not set
# CONFIG_ATL1 is not set
# CONFIG_NETDEV_10000 is not set
# CONFIG_TR is not set

#
# Wireless LAN
#
# CONFIG_WLAN_PRE80211 is not set
CONFIG_WLAN_80211=y
# CONFIG_IPW2100 is not set
# CONFIG_IPW2200 is not set
# CONFIG_LIBERTAS is not set
# CONFIG_AIRO is not set
# CONFIG_HERMES is not set
# CONFIG_ATMEL is not set
# CONFIG_PRISM54 is not set
# CONFIG_USB_ZD1201 is not set
# CONFIG_USB_NET_RNDIS_WLAN is not set
# CONFIG_RTL8180 is not set
# CONFIG_RTL8187 is not set
# CONFIG_ADM8211 is not set
# CONFIG_P54_COMMON is not set
# CONFIG_ATH5K is not set
CONFIG_IWLWIFI=m
CONFIG_IWLCORE=m
# CONFIG_IWLWIFI_LEDS is not set
# CONFIG_IWLWIFI_RFKILL is not set
CONFIG_IWL4965=m
CONFIG_IWL4965_HT=y
# CONFIG_IWL4965_LEDS is not set
# CONFIG_IWL4965_SPECTRUM_MEASUREMENT is not set
# CONFIG_IWL4965_SENSITIVITY is not set
# CONFIG_IWLWIFI_DEBUG is not set
# CONFIG_IWL3945 is not set
# CONFIG_HOSTAP is not set
# CONFIG_B43 is not set
# CONFIG_B43LEGACY is not set
# CONFIG_ZD1211RW is not set
# CONFIG_RT2X00 is not set

#
# USB Network Adapters
#
# CONFIG_USB_CATC is not set
# CONFIG_USB_KAWETH is not set
# CONFIG_USB_PEGASUS is not set
# CONFIG_USB_RTL8150 is not set
# CONFIG_USB_USBNET is not set
# CONFIG_WAN is not set
# CONFIG_FDDI is not set
# CONFIG_HIPPI is not set
# CONFIG_PPP is not set
# CONFIG_SLIP is not set
# CONFIG_NET_FC is not set
# CONFIG_NETCONSOLE is not set
# CONFIG_NETPOLL is not set
# CONFIG_NET_POLL_CONTROLLER is not set
# CONFIG_ISDN is not set
# CONFIG_PHONE is not set

#
# Input device support
#
CONFIG_INPUT=y
# CONFIG_INPUT_FF_MEMLESS is not set
# CONFIG_INPUT_POLLDEV is not set

#
# Userland interfaces
#
CONFIG_INPUT_MOUSEDEV=y
CONFIG_INPUT_MOUSEDEV_PSAUX=y
CONFIG_INPUT_MOUSEDEV_SCREEN_X=1024
CONFIG_INPUT_MOUSEDEV_SCREEN_Y=768
# CONFIG_INPUT_JOYDEV is not set
CONFIG_INPUT_EVDEV=y
# CONFIG_INPUT_EVBUG is not set

#
# Input Device Drivers
#
CONFIG_INPUT_KEYBOARD=y
CONFIG_KEYBOARD_ATKBD=y
# CONFIG_KEYBOARD_SUNKBD is not set
# CONFIG_KEYBOARD_LKKBD is not set
# CONFIG_KEYBOARD_XTKBD is not set
# CONFIG_KEYBOARD_NEWTON is not set
# CONFIG_KEYBOARD_STOWAWAY is not set
CONFIG_INPUT_MOUSE=y
CONFIG_MOUSE_PS2=m
CONFIG_MOUSE_PS2_ALPS=y
CONFIG_MOUSE_PS2_LOGIPS2PP=y
CONFIG_MOUSE_PS2_SYNAPTICS=y
CONFIG_MOUSE_PS2_LIFEBOOK=y
CONFIG_MOUSE_PS2_TRACKPOINT=y
# CONFIG_MOUSE_PS2_TOUCHKIT is not set
# CONFIG_MOUSE_SERIAL is not set
# CONFIG_MOUSE_APPLETOUCH is not set
# CONFIG_MOUSE_VSXXXAA is not set
# CONFIG_INPUT_JOYSTICK is not set
# CONFIG_INPUT_TABLET is not set
# CONFIG_INPUT_TOUCHSCREEN is not set
# CONFIG_INPUT_MISC is not set

#
# Hardware I/O ports
#
CONFIG_SERIO=y
CONFIG_SERIO_I8042=y
# CONFIG_SERIO_SERPORT is not set
# CONFIG_SERIO_CT82C710 is not set
# CONFIG_SERIO_PCIPS2 is not set
CONFIG_SERIO_LIBPS2=y
# CONFIG_SERIO_RAW is not set
# CONFIG_GAMEPORT is not set

#
# Character devices
#
CONFIG_VT=y
CONFIG_VT_CONSOLE=y
CONFIG_HW_CONSOLE=y
# CONFIG_VT_HW_CONSOLE_BINDING is not set
# CONFIG_DEVKMEM is not set
# CONFIG_SERIAL_NONSTANDARD is not set
# CONFIG_NOZOMI is not set

#
# Serial drivers
#
# CONFIG_SERIAL_8250 is not set
CONFIG_FIX_EARLYCON_MEM=y

#
# Non-8250 serial port support
#
# CONFIG_SERIAL_JSM is not set
CONFIG_UNIX98_PTYS=y
# CONFIG_LEGACY_PTYS is not set
# CONFIG_IPMI_HANDLER is not set
CONFIG_HW_RANDOM=m
CONFIG_HW_RANDOM_INTEL=m
# CONFIG_HW_RANDOM_AMD is not set
CONFIG_NVRAM=m
# CONFIG_R3964 is not set
# CONFIG_APPLICOM is not set
# CONFIG_MWAVE is not set
# CONFIG_PC8736x_GPIO is not set
# CONFIG_RAW_DRIVER is not set
# CONFIG_HPET is not set
# CONFIG_HANGCHECK_TIMER is not set
# CONFIG_TCG_TPM is not set
# CONFIG_TELCLOCK is not set
CONFIG_DEVPORT=y
CONFIG_I2C=m
CONFIG_I2C_BOARDINFO=y
# CONFIG_I2C_CHARDEV is not set
CONFIG_I2C_HELPER_AUTO=y

#
# I2C Hardware Bus support
#
# CONFIG_I2C_ALI1535 is not set
# CONFIG_I2C_ALI1563 is not set
# CONFIG_I2C_ALI15X3 is not set
# CONFIG_I2C_AMD756 is not set
# CONFIG_I2C_AMD8111 is not set
# CONFIG_I2C_I801 is not set
# CONFIG_I2C_I810 is not set
# CONFIG_I2C_PIIX4 is not set
# CONFIG_I2C_NFORCE2 is not set
# CONFIG_I2C_OCORES is not set
# CONFIG_I2C_PARPORT_LIGHT is not set
# CONFIG_I2C_PROSAVAGE is not set
# CONFIG_I2C_SAVAGE4 is not set
# CONFIG_I2C_SIMTEC is not set
# CONFIG_I2C_SIS5595 is not set
# CONFIG_I2C_SIS630 is not set
# CONFIG_I2C_SIS96X is not set
# CONFIG_I2C_TAOS_EVM is not set
# CONFIG_I2C_STUB is not set
# CONFIG_I2C_TINY_USB is not set
# CONFIG_I2C_VIA is not set
# CONFIG_I2C_VIAPRO is not set
# CONFIG_I2C_VOODOO3 is not set
# CONFIG_I2C_PCA_PLATFORM is not set

#
# Miscellaneous I2C Chip support
#
# CONFIG_DS1682 is not set
# CONFIG_SENSORS_EEPROM is not set
# CONFIG_SENSORS_PCF8574 is not set
# CONFIG_PCF8575 is not set
# CONFIG_SENSORS_PCF8591 is not set
# CONFIG_SENSORS_MAX6875 is not set
# CONFIG_SENSORS_TSL2550 is not set
# CONFIG_I2C_DEBUG_CORE is not set
# CONFIG_I2C_DEBUG_ALGO is not set
# CONFIG_I2C_DEBUG_BUS is not set
# CONFIG_I2C_DEBUG_CHIP is not set
# CONFIG_SPI is not set
# CONFIG_W1 is not set
# CONFIG_POWER_SUPPLY is not set
# CONFIG_HWMON is not set
CONFIG_THERMAL=m
# CONFIG_WATCHDOG is not set

#
# Sonics Silicon Backplane
#
CONFIG_SSB_POSSIBLE=y
# CONFIG_SSB is not set

#
# Multifunction device drivers
#
# CONFIG_MFD_SM501 is not set
# CONFIG_HTC_PASIC3 is not set

#
# Multimedia devices
#

#
# Multimedia core support
#
CONFIG_VIDEO_DEV=m
CONFIG_VIDEO_V4L2_COMMON=m
# CONFIG_VIDEO_ALLOW_V4L1 is not set
# CONFIG_VIDEO_V4L1_COMPAT is not set
# CONFIG_DVB_CORE is not set
CONFIG_VIDEO_MEDIA=m

#
# Multimedia drivers
#
# CONFIG_MEDIA_ATTACH is not set
CONFIG_MEDIA_TUNER=m
# CONFIG_MEDIA_TUNER_CUSTOMIZE is not set
CONFIG_MEDIA_TUNER_SIMPLE=m
CONFIG_MEDIA_TUNER_TDA8290=m
CONFIG_MEDIA_TUNER_TDA9887=m
CONFIG_MEDIA_TUNER_TEA5761=m
CONFIG_MEDIA_TUNER_TEA5767=m
CONFIG_MEDIA_TUNER_MT20XX=m
CONFIG_MEDIA_TUNER_XC2028=m
CONFIG_MEDIA_TUNER_XC5000=m
CONFIG_VIDEO_V4L2=m
CONFIG_VIDEO_CAPTURE_DRIVERS=y
# CONFIG_VIDEO_ADV_DEBUG is not set
# CONFIG_VIDEO_HELPER_CHIPS_AUTO is not set

#
# Encoders/decoders and other helper chips
#

#
# Audio decoders
#
# CONFIG_VIDEO_TVAUDIO is not set
# CONFIG_VIDEO_TDA7432 is not set
# CONFIG_VIDEO_TDA9840 is not set
# CONFIG_VIDEO_TDA9875 is not set
# CONFIG_VIDEO_TEA6415C is not set
# CONFIG_VIDEO_TEA6420 is not set
# CONFIG_VIDEO_MSP3400 is not set
# CONFIG_VIDEO_CS5345 is not set
# CONFIG_VIDEO_CS53L32A is not set
# CONFIG_VIDEO_M52790 is not set
# CONFIG_VIDEO_TLV320AIC23B is not set
# CONFIG_VIDEO_WM8775 is not set
# CONFIG_VIDEO_WM8739 is not set
# CONFIG_VIDEO_VP27SMPX is not set

#
# Video decoders
#
# CONFIG_VIDEO_OV7670 is not set
# CONFIG_VIDEO_TCM825X is not set
# CONFIG_VIDEO_SAA711X is not set
# CONFIG_VIDEO_SAA717X is not set
# CONFIG_VIDEO_TVP5150 is not set

#
# Video and audio decoders
#
# CONFIG_VIDEO_CX25840 is not set

#
# MPEG video encoders
#
# CONFIG_VIDEO_CX2341X is not set

#
# Video encoders
#
# CONFIG_VIDEO_SAA7127 is not set

#
# Video improvement chips
#
# CONFIG_VIDEO_UPD64031A is not set
# CONFIG_VIDEO_UPD64083 is not set
# CONFIG_VIDEO_VIVI is not set
# CONFIG_VIDEO_BT848 is not set
# CONFIG_VIDEO_SAA5246A is not set
# CONFIG_VIDEO_SAA5249 is not set
# CONFIG_VIDEO_SAA7134 is not set
# CONFIG_VIDEO_HEXIUM_ORION is not set
# CONFIG_VIDEO_HEXIUM_GEMINI is not set
# CONFIG_VIDEO_CX88 is not set
# CONFIG_VIDEO_CAFE_CCIC is not set
CONFIG_V4L_USB_DRIVERS=y
CONFIG_USB_VIDEO_CLASS=m
CONFIG_USB_VIDEO_CLASS_INPUT_EVDEV=y
# CONFIG_VIDEO_PVRUSB2 is not set
# CONFIG_VIDEO_EM28XX is not set
# CONFIG_VIDEO_USBVISION is not set
# CONFIG_USB_ET61X251 is not set
# CONFIG_USB_SN9C102 is not set
# CONFIG_USB_ZC0301 is not set
# CONFIG_USB_ZR364XX is not set
# CONFIG_USB_STKWEBCAM is not set
# CONFIG_SOC_CAMERA is not set
# CONFIG_RADIO_ADAPTERS is not set
# CONFIG_DAB is not set

#
# Graphics support
#
CONFIG_AGP=y
CONFIG_AGP_AMD64=y
# CONFIG_AGP_INTEL is not set
# CONFIG_AGP_SIS is not set
# CONFIG_AGP_VIA is not set
# CONFIG_DRM is not set
# CONFIG_VGASTATE is not set
# CONFIG_VIDEO_OUTPUT_CONTROL is not set
CONFIG_FB=y
# CONFIG_FIRMWARE_EDID is not set
# CONFIG_FB_DDC is not set
CONFIG_FB_CFB_FILLRECT=y
CONFIG_FB_CFB_COPYAREA=y
CONFIG_FB_CFB_IMAGEBLIT=y
# CONFIG_FB_CFB_REV_PIXELS_IN_BYTE is not set
# CONFIG_FB_SYS_FILLRECT is not set
# CONFIG_FB_SYS_COPYAREA is not set
# CONFIG_FB_SYS_IMAGEBLIT is not set
# CONFIG_FB_FOREIGN_ENDIAN is not set
# CONFIG_FB_SYS_FOPS is not set
# CONFIG_FB_SVGALIB is not set
# CONFIG_FB_MACMODES is not set
# CONFIG_FB_BACKLIGHT is not set
CONFIG_FB_MODE_HELPERS=y
# CONFIG_FB_TILEBLITTING is not set

#
# Frame buffer hardware drivers
#
# CONFIG_FB_CIRRUS is not set
# CONFIG_FB_PM2 is not set
# CONFIG_FB_CYBER2000 is not set
# CONFIG_FB_ARC is not set
# CONFIG_FB_ASILIANT is not set
# CONFIG_FB_IMSTT is not set
# CONFIG_FB_VGA16 is not set
CONFIG_FB_UVESA=y
# CONFIG_FB_VESA is not set
# CONFIG_FB_EFI is not set
# CONFIG_FB_N411 is not set
# CONFIG_FB_HGA is not set
# CONFIG_FB_S1D13XXX is not set
# CONFIG_FB_NVIDIA is not set
# CONFIG_FB_RIVA is not set
# CONFIG_FB_LE80578 is not set
# CONFIG_FB_INTEL is not set
# CONFIG_FB_MATROX is not set
# CONFIG_FB_RADEON is not set
# CONFIG_FB_ATY128 is not set
# CONFIG_FB_ATY is not set
# CONFIG_FB_S3 is not set
# CONFIG_FB_SAVAGE is not set
# CONFIG_FB_SIS is not set
# CONFIG_FB_NEOMAGIC is not set
# CONFIG_FB_KYRO is not set
# CONFIG_FB_3DFX is not set
# CONFIG_FB_VOODOO1 is not set
# CONFIG_FB_VT8623 is not set
# CONFIG_FB_TRIDENT is not set
# CONFIG_FB_ARK is not set
# CONFIG_FB_PM3 is not set
# CONFIG_FB_GEODE is not set
# CONFIG_FB_VIRTUAL is not set
# CONFIG_BACKLIGHT_LCD_SUPPORT is not set

#
# Display device support
#
# CONFIG_DISPLAY_SUPPORT is not set

#
# Console display driver support
#
CONFIG_VGA_CONSOLE=y
# CONFIG_VGACON_SOFT_SCROLLBACK is not set
CONFIG_VIDEO_SELECT=y
CONFIG_DUMMY_CONSOLE=y
CONFIG_FRAMEBUFFER_CONSOLE=y
CONFIG_FRAMEBUFFER_CONSOLE_DETECT_PRIMARY=y
# CONFIG_FRAMEBUFFER_CONSOLE_ROTATION is not set
CONFIG_FB_CON_DECOR=y
# CONFIG_FONTS is not set
CONFIG_FONT_8x8=y
CONFIG_FONT_8x16=y
# CONFIG_LOGO is not set

#
# Sound
#
CONFIG_SOUND=m

#
# Advanced Linux Sound Architecture
#
CONFIG_SND=m
CONFIG_SND_TIMER=m
CONFIG_SND_PCM=m
CONFIG_SND_HWDEP=m
CONFIG_SND_RAWMIDI=m
CONFIG_SND_SEQUENCER=m
# CONFIG_SND_SEQ_DUMMY is not set
CONFIG_SND_OSSEMUL=y
CONFIG_SND_MIXER_OSS=m
CONFIG_SND_PCM_OSS=m
CONFIG_SND_PCM_OSS_PLUGINS=y
# CONFIG_SND_SEQUENCER_OSS is not set
# CONFIG_SND_DYNAMIC_MINORS is not set
# CONFIG_SND_SUPPORT_OLD_API is not set
# CONFIG_SND_VERBOSE_PROCFS is not set
# CONFIG_SND_VERBOSE_PRINTK is not set
# CONFIG_SND_DEBUG is not set
CONFIG_SND_VMASTER=y

#
# Generic devices
#
# CONFIG_SND_PCSP is not set
# CONFIG_SND_DUMMY is not set
# CONFIG_SND_VIRMIDI is not set
# CONFIG_SND_MTPAV is not set
# CONFIG_SND_SERIAL_U16550 is not set
# CONFIG_SND_MPU401 is not set

#
# PCI devices
#
# CONFIG_SND_AD1889 is not set
# CONFIG_SND_ALS300 is not set
# CONFIG_SND_ALS4000 is not set
# CONFIG_SND_ALI5451 is not set
# CONFIG_SND_ATIIXP is not set
# CONFIG_SND_ATIIXP_MODEM is not set
# CONFIG_SND_AU8810 is not set
# CONFIG_SND_AU8820 is not set
# CONFIG_SND_AU8830 is not set
# CONFIG_SND_AW2 is not set
# CONFIG_SND_AZT3328 is not set
# CONFIG_SND_BT87X is not set
# CONFIG_SND_CA0106 is not set
# CONFIG_SND_CMIPCI is not set
# CONFIG_SND_OXYGEN is not set
# CONFIG_SND_CS4281 is not set
# CONFIG_SND_CS46XX is not set
# CONFIG_SND_CS5530 is not set
# CONFIG_SND_DARLA20 is not set
# CONFIG_SND_GINA20 is not set
# CONFIG_SND_LAYLA20 is not set
# CONFIG_SND_DARLA24 is not set
# CONFIG_SND_GINA24 is not set
# CONFIG_SND_LAYLA24 is not set
# CONFIG_SND_MONA is not set
# CONFIG_SND_MIA is not set
# CONFIG_SND_ECHO3G is not set
# CONFIG_SND_INDIGO is not set
# CONFIG_SND_INDIGOIO is not set
# CONFIG_SND_INDIGODJ is not set
# CONFIG_SND_EMU10K1 is not set
# CONFIG_SND_EMU10K1X is not set
# CONFIG_SND_ENS1370 is not set
# CONFIG_SND_ENS1371 is not set
# CONFIG_SND_ES1938 is not set
# CONFIG_SND_ES1968 is not set
# CONFIG_SND_FM801 is not set
CONFIG_SND_HDA_INTEL=m
# CONFIG_SND_HDA_HWDEP is not set
# CONFIG_SND_HDA_CODEC_REALTEK is not set
# CONFIG_SND_HDA_CODEC_ANALOG is not set
# CONFIG_SND_HDA_CODEC_SIGMATEL is not set
# CONFIG_SND_HDA_CODEC_VIA is not set
# CONFIG_SND_HDA_CODEC_ATIHDMI is not set
CONFIG_SND_HDA_CODEC_CONEXANT=y
# CONFIG_SND_HDA_CODEC_CMEDIA is not set
# CONFIG_SND_HDA_CODEC_SI3054 is not set
CONFIG_SND_HDA_GENERIC=y
# CONFIG_SND_HDA_POWER_SAVE is not set
# CONFIG_SND_HDSP is not set
# CONFIG_SND_HDSPM is not set
# CONFIG_SND_HIFIER is not set
# CONFIG_SND_ICE1712 is not set
# CONFIG_SND_ICE1724 is not set
# CONFIG_SND_INTEL8X0 is not set
# CONFIG_SND_INTEL8X0M is not set
# CONFIG_SND_KORG1212 is not set
# CONFIG_SND_MAESTRO3 is not set
# CONFIG_SND_MIXART is not set
# CONFIG_SND_NM256 is not set
# CONFIG_SND_PCXHR is not set
# CONFIG_SND_RIPTIDE is not set
# CONFIG_SND_RME32 is not set
# CONFIG_SND_RME96 is not set
# CONFIG_SND_RME9652 is not set
# CONFIG_SND_SONICVIBES is not set
# CONFIG_SND_TRIDENT is not set
# CONFIG_SND_VIA82XX is not set
# CONFIG_SND_VIA82XX_MODEM is not set
# CONFIG_SND_VIRTUOSO is not set
# CONFIG_SND_VX222 is not set
# CONFIG_SND_YMFPCI is not set

#
# USB devices
#
CONFIG_SND_USB_AUDIO=m
# CONFIG_SND_USB_USX2Y is not set
# CONFIG_SND_USB_CAIAQ is not set

#
# System on Chip audio support
#
# CONFIG_SND_SOC is not set

#
# ALSA SoC audio for Freescale SOCs
#

#
# SoC Audio for the Texas Instruments OMAP
#

#
# Open Sound System
#
# CONFIG_SOUND_PRIME is not set
CONFIG_HID_SUPPORT=y
CONFIG_HID=y
# CONFIG_HID_DEBUG is not set
# CONFIG_HIDRAW is not set

#
# USB Input Devices
#
CONFIG_USB_HID=m
# CONFIG_USB_HIDINPUT_POWERBOOK is not set
# CONFIG_HID_FF is not set
# CONFIG_USB_HIDDEV is not set

#
# USB HID Boot Protocol drivers
#
# CONFIG_USB_KBD is not set
# CONFIG_USB_MOUSE is not set
CONFIG_USB_SUPPORT=y
CONFIG_USB_ARCH_HAS_HCD=y
CONFIG_USB_ARCH_HAS_OHCI=y
CONFIG_USB_ARCH_HAS_EHCI=y
CONFIG_USB=m
# CONFIG_USB_DEBUG is not set
# CONFIG_USB_ANNOUNCE_NEW_DEVICES is not set

#
# Miscellaneous USB options
#
# CONFIG_USB_DEVICEFS is not set
# CONFIG_USB_DEVICE_CLASS is not set
# CONFIG_USB_DYNAMIC_MINORS is not set
# CONFIG_USB_SUSPEND is not set
# CONFIG_USB_OTG is not set

#
# USB Host Controller Drivers
#
# CONFIG_USB_C67X00_HCD is not set
CONFIG_USB_EHCI_HCD=m
# CONFIG_USB_EHCI_ROOT_HUB_TT is not set
# CONFIG_USB_EHCI_TT_NEWSCHED is not set
# CONFIG_USB_ISP116X_HCD is not set
# CONFIG_USB_ISP1760_HCD is not set
# CONFIG_USB_OHCI_HCD is not set
CONFIG_USB_UHCI_HCD=m
# CONFIG_USB_SL811_HCD is not set
# CONFIG_USB_R8A66597_HCD is not set

#
# USB Device Class drivers
#
# CONFIG_USB_ACM is not set
CONFIG_USB_PRINTER=m
# CONFIG_USB_WDM is not set

#
# NOTE: USB_STORAGE enables SCSI, and 'SCSI disk support'
#

#
# may also be needed; see USB_STORAGE Help for more information
#
CONFIG_USB_STORAGE=m
# CONFIG_USB_STORAGE_DEBUG is not set
# CONFIG_USB_STORAGE_DATAFAB is not set
# CONFIG_USB_STORAGE_FREECOM is not set
# CONFIG_USB_STORAGE_ISD200 is not set
# CONFIG_USB_STORAGE_DPCM is not set
# CONFIG_USB_STORAGE_USBAT is not set
# CONFIG_USB_STORAGE_SDDR09 is not set
# CONFIG_USB_STORAGE_SDDR55 is not set
# CONFIG_USB_STORAGE_JUMPSHOT is not set
# CONFIG_USB_STORAGE_ALAUDA is not set
# CONFIG_USB_STORAGE_ONETOUCH is not set
# CONFIG_USB_STORAGE_KARMA is not set
# CONFIG_USB_STORAGE_CYPRESS_ATACB is not set
# CONFIG_USB_LIBUSUAL is not set

#
# USB Imaging devices
#
# CONFIG_USB_MDC800 is not set
# CONFIG_USB_MICROTEK is not set
# CONFIG_USB_MON is not set

#
# USB port drivers
#
# CONFIG_USB_SERIAL is not set

#
# USB Miscellaneous drivers
#
# CONFIG_USB_EMI62 is not set
# CONFIG_USB_EMI26 is not set
# CONFIG_USB_ADUTUX is not set
# CONFIG_USB_AUERSWALD is not set
# CONFIG_USB_RIO500 is not set
# CONFIG_USB_LEGOTOWER is not set
# CONFIG_USB_LCD is not set
# CONFIG_USB_BERRY_CHARGE is not set
# CONFIG_USB_LED is not set
# CONFIG_USB_CYPRESS_CY7C63 is not set
# CONFIG_USB_CYTHERM is not set
# CONFIG_USB_PHIDGET is not set
# CONFIG_USB_IDMOUSE is not set
# CONFIG_USB_FTDI_ELAN is not set
# CONFIG_USB_APPLEDISPLAY is not set
# CONFIG_USB_SISUSBVGA is not set
# CONFIG_USB_LD is not set
# CONFIG_USB_TRANCEVIBRATOR is not set
# CONFIG_USB_IOWARRIOR is not set
# CONFIG_USB_ISIGHTFW is not set
# CONFIG_USB_GADGET is not set
CONFIG_MMC=m
# CONFIG_MMC_DEBUG is not set
# CONFIG_MMC_UNSAFE_RESUME is not set

#
# MMC/SD Card Drivers
#
CONFIG_MMC_BLOCK=m
CONFIG_MMC_BLOCK_BOUNCE=y
# CONFIG_SDIO_UART is not set
# CONFIG_MMC_TEST is not set

#
# MMC/SD Host Controller Drivers
#
CONFIG_MMC_SDHCI=m
CONFIG_MMC_RICOH_MMC=m
# CONFIG_MMC_WBSD is not set
# CONFIG_MMC_TIFM_SD is not set
CONFIG_MEMSTICK=m
# CONFIG_MEMSTICK_DEBUG is not set

#
# MemoryStick drivers
#
# CONFIG_MEMSTICK_UNSAFE_RESUME is not set
CONFIG_MSPRO_BLOCK=m

#
# MemoryStick Host Controller Drivers
#
# CONFIG_MEMSTICK_TIFM_MS is not set
# CONFIG_MEMSTICK_JMICRON_38X is not set
# CONFIG_NEW_LEDS is not set
# CONFIG_ACCESSIBILITY is not set
# CONFIG_INFINIBAND is not set
# CONFIG_EDAC is not set
CONFIG_RTC_LIB=m
CONFIG_RTC_CLASS=m

#
# RTC interfaces
#
# CONFIG_RTC_INTF_SYSFS is not set
# CONFIG_RTC_INTF_PROC is not set
CONFIG_RTC_INTF_DEV=y
# CONFIG_RTC_INTF_DEV_UIE_EMUL is not set
# CONFIG_RTC_DRV_TEST is not set

#
# I2C RTC drivers
#
# CONFIG_RTC_DRV_DS1307 is not set
# CONFIG_RTC_DRV_DS1374 is not set
# CONFIG_RTC_DRV_DS1672 is not set
# CONFIG_RTC_DRV_MAX6900 is not set
# CONFIG_RTC_DRV_RS5C372 is not set
# CONFIG_RTC_DRV_ISL1208 is not set
# CONFIG_RTC_DRV_X1205 is not set
# CONFIG_RTC_DRV_PCF8563 is not set
# CONFIG_RTC_DRV_PCF8583 is not set
# CONFIG_RTC_DRV_M41T80 is not set
# CONFIG_RTC_DRV_S35390A is not set
# CONFIG_RTC_DRV_FM3130 is not set

#
# SPI RTC drivers
#

#
# Platform RTC drivers
#
CONFIG_RTC_DRV_CMOS=m
# CONFIG_RTC_DRV_DS1511 is not set
# CONFIG_RTC_DRV_DS1553 is not set
# CONFIG_RTC_DRV_DS1742 is not set
# CONFIG_RTC_DRV_STK17TA8 is not set
# CONFIG_RTC_DRV_M48T86 is not set
# CONFIG_RTC_DRV_M48T59 is not set
# CONFIG_RTC_DRV_V3020 is not set

#
# on-CPU RTC drivers
#
# CONFIG_DMADEVICES is not set
# CONFIG_UIO is not set

#
# Firmware Drivers
#
# CONFIG_EDD is not set
# CONFIG_DELL_RBU is not set
# CONFIG_DCDBAS is not set
# CONFIG_DMIID is not set
# CONFIG_ISCSI_IBFT_FIND is not set

#
# File systems
#
# CONFIG_EXT2_FS is not set
CONFIG_EXT3_FS=m
CONFIG_EXT3_FS_XATTR=y
CONFIG_EXT3_FS_POSIX_ACL=y
CONFIG_EXT3_FS_SECURITY=y
# CONFIG_EXT4DEV_FS is not set
CONFIG_JBD=m
CONFIG_FS_MBCACHE=m
CONFIG_REISERFS_FS=m
# CONFIG_REISERFS_CHECK is not set
# CONFIG_REISERFS_PROC_INFO is not set
CONFIG_REISERFS_FS_XATTR=y
CONFIG_REISERFS_FS_POSIX_ACL=y
# CONFIG_REISERFS_FS_SECURITY is not set
# CONFIG_JFS_FS is not set
CONFIG_FS_POSIX_ACL=y
# CONFIG_XFS_FS is not set
# CONFIG_GFS2_FS is not set
# CONFIG_OCFS2_FS is not set
CONFIG_DNOTIFY=y
CONFIG_INOTIFY=y
CONFIG_INOTIFY_USER=y
# CONFIG_QUOTA is not set
# CONFIG_AUTOFS_FS is not set
# CONFIG_AUTOFS4_FS is not set
CONFIG_FUSE_FS=m
CONFIG_GENERIC_ACL=y

#
# CD-ROM/DVD Filesystems
#
CONFIG_ISO9660_FS=m
CONFIG_JOLIET=y
CONFIG_ZISOFS=y
CONFIG_UDF_FS=m
CONFIG_UDF_NLS=y

#
# DOS/FAT/NT Filesystems
#
CONFIG_FAT_FS=m
# CONFIG_MSDOS_FS is not set
CONFIG_VFAT_FS=m
CONFIG_FAT_DEFAULT_CODEPAGE=850
CONFIG_FAT_DEFAULT_IOCHARSET="utf8"
# CONFIG_NTFS_FS is not set

#
# Pseudo filesystems
#
CONFIG_PROC_FS=y
# CONFIG_PROC_KCORE is not set
CONFIG_PROC_SYSCTL=y
CONFIG_SYSFS=y
CONFIG_TMPFS=y
CONFIG_TMPFS_POSIX_ACL=y
# CONFIG_HUGETLBFS is not set
# CONFIG_HUGETLB_PAGE is not set
# CONFIG_CONFIGFS_FS is not set

#
# Miscellaneous filesystems
#
# CONFIG_ADFS_FS is not set
# CONFIG_AFFS_FS is not set
# CONFIG_HFS_FS is not set
# CONFIG_HFSPLUS_FS is not set
# CONFIG_BEFS_FS is not set
# CONFIG_BFS_FS is not set
# CONFIG_EFS_FS is not set
# CONFIG_CRAMFS is not set
CONFIG_SQUASHFS=m
# CONFIG_SQUASHFS_EMBEDDED is not set
CONFIG_SQUASHFS_FRAGMENT_CACHE_SIZE=3
# CONFIG_VXFS_FS is not set
# CONFIG_MINIX_FS is not set
# CONFIG_HPFS_FS is not set
# CONFIG_QNX4FS_FS is not set
# CONFIG_ROMFS_FS is not set
# CONFIG_SYSV_FS is not set
# CONFIG_UFS_FS is not set
CONFIG_NETWORK_FILESYSTEMS=y
CONFIG_NFS_FS=m
CONFIG_NFS_V3=y
CONFIG_NFS_V3_ACL=y
# CONFIG_NFS_V4 is not set
CONFIG_NFSD=m
CONFIG_NFSD_V2_ACL=y
CONFIG_NFSD_V3=y
CONFIG_NFSD_V3_ACL=y
CONFIG_NFSD_V4=y
CONFIG_LOCKD=m
CONFIG_LOCKD_V4=y
CONFIG_EXPORTFS=m
CONFIG_NFS_ACL_SUPPORT=m
CONFIG_NFS_COMMON=y
CONFIG_SUNRPC=m
CONFIG_SUNRPC_GSS=m
# CONFIG_SUNRPC_BIND34 is not set
CONFIG_RPCSEC_GSS_KRB5=m
# CONFIG_RPCSEC_GSS_SPKM3 is not set
# CONFIG_SMB_FS is not set
CONFIG_CIFS=m
# CONFIG_CIFS_STATS is not set
# CONFIG_CIFS_WEAK_PW_HASH is not set
CONFIG_CIFS_XATTR=y
CONFIG_CIFS_POSIX=y
# CONFIG_CIFS_DEBUG2 is not set
CONFIG_CIFS_EXPERIMENTAL=y
# CONFIG_NCP_FS is not set
# CONFIG_CODA_FS is not set
# CONFIG_AFS_FS is not set

#
# Partition Types
#
CONFIG_PARTITION_ADVANCED=y
# CONFIG_ACORN_PARTITION is not set
# CONFIG_OSF_PARTITION is not set
# CONFIG_AMIGA_PARTITION is not set
# CONFIG_ATARI_PARTITION is not set
# CONFIG_MAC_PARTITION is not set
CONFIG_MSDOS_PARTITION=y
# CONFIG_BSD_DISKLABEL is not set
# CONFIG_MINIX_SUBPARTITION is not set
# CONFIG_SOLARIS_X86_PARTITION is not set
# CONFIG_UNIXWARE_DISKLABEL is not set
# CONFIG_LDM_PARTITION is not set
# CONFIG_SGI_PARTITION is not set
# CONFIG_ULTRIX_PARTITION is not set
# CONFIG_SUN_PARTITION is not set
# CONFIG_KARMA_PARTITION is not set
# CONFIG_EFI_PARTITION is not set
# CONFIG_SYSV68_PARTITION is not set
CONFIG_NLS=y
CONFIG_NLS_DEFAULT="utf8"
# CONFIG_NLS_CODEPAGE_437 is not set
# CONFIG_NLS_CODEPAGE_737 is not set
# CONFIG_NLS_CODEPAGE_775 is not set
CONFIG_NLS_CODEPAGE_850=m
# CONFIG_NLS_CODEPAGE_852 is not set
# CONFIG_NLS_CODEPAGE_855 is not set
# CONFIG_NLS_CODEPAGE_857 is not set
# CONFIG_NLS_CODEPAGE_860 is not set
# CONFIG_NLS_CODEPAGE_861 is not set
# CONFIG_NLS_CODEPAGE_862 is not set
# CONFIG_NLS_CODEPAGE_863 is not set
# CONFIG_NLS_CODEPAGE_864 is not set
# CONFIG_NLS_CODEPAGE_865 is not set
# CONFIG_NLS_CODEPAGE_866 is not set
# CONFIG_NLS_CODEPAGE_869 is not set
# CONFIG_NLS_CODEPAGE_936 is not set
# CONFIG_NLS_CODEPAGE_950 is not set
# CONFIG_NLS_CODEPAGE_932 is not set
# CONFIG_NLS_CODEPAGE_949 is not set
# CONFIG_NLS_CODEPAGE_874 is not set
# CONFIG_NLS_ISO8859_8 is not set
# CONFIG_NLS_CODEPAGE_1250 is not set
# CONFIG_NLS_CODEPAGE_1251 is not set
# CONFIG_NLS_ASCII is not set
# CONFIG_NLS_ISO8859_1 is not set
# CONFIG_NLS_ISO8859_2 is not set
# CONFIG_NLS_ISO8859_3 is not set
# CONFIG_NLS_ISO8859_4 is not set
# CONFIG_NLS_ISO8859_5 is not set
# CONFIG_NLS_ISO8859_6 is not set
# CONFIG_NLS_ISO8859_7 is not set
# CONFIG_NLS_ISO8859_9 is not set
# CONFIG_NLS_ISO8859_13 is not set
# CONFIG_NLS_ISO8859_14 is not set
# CONFIG_NLS_ISO8859_15 is not set
# CONFIG_NLS_KOI8_R is not set
# CONFIG_NLS_KOI8_U is not set
CONFIG_NLS_UTF8=m
# CONFIG_DLM is not set

#
# Kernel hacking
#
CONFIG_TRACE_IRQFLAGS_SUPPORT=y
# CONFIG_PRINTK_TIME is not set
# CONFIG_ENABLE_WARN_DEPRECATED is not set
CONFIG_ENABLE_MUST_CHECK=y
CONFIG_FRAME_WARN=2048
CONFIG_MAGIC_SYSRQ=y
# CONFIG_UNUSED_SYMBOLS is not set
# CONFIG_DEBUG_FS is not set
# CONFIG_HEADERS_CHECK is not set
# CONFIG_DEBUG_KERNEL is not set
# CONFIG_SLUB_DEBUG_ON is not set
# CONFIG_SLUB_STATS is not set
CONFIG_DEBUG_BUGVERBOSE=y
# CONFIG_LATENCYTOP is not set
# CONFIG_PROVIDE_OHCI1394_DMA_INIT is not set
# CONFIG_SAMPLES is not set
CONFIG_HAVE_ARCH_KGDB=y
CONFIG_NONPROMISC_DEVMEM=y
CONFIG_EARLY_PRINTK=y
CONFIG_X86_MPPARSE=y
CONFIG_IO_DELAY_TYPE_0X80=0
CONFIG_IO_DELAY_TYPE_0XED=1
CONFIG_IO_DELAY_TYPE_UDELAY=2
CONFIG_IO_DELAY_TYPE_NONE=3
# CONFIG_IO_DELAY_0X80 is not set
CONFIG_IO_DELAY_0XED=y
# CONFIG_IO_DELAY_UDELAY is not set
# CONFIG_IO_DELAY_NONE is not set
CONFIG_DEFAULT_IO_DELAY_TYPE=1

#
# Security options
#
# CONFIG_KEYS is not set
# CONFIG_SECURITY is not set
# CONFIG_SECURITY_FILE_CAPABILITIES is not set
CONFIG_CRYPTO=y

#
# Crypto core or helper
#
CONFIG_CRYPTO_ALGAPI=y
CONFIG_CRYPTO_AEAD=m
CONFIG_CRYPTO_BLKCIPHER=m
CONFIG_CRYPTO_HASH=m
CONFIG_CRYPTO_MANAGER=m
# CONFIG_CRYPTO_GF128MUL is not set
# CONFIG_CRYPTO_NULL is not set
# CONFIG_CRYPTO_CRYPTD is not set
CONFIG_CRYPTO_AUTHENC=m
# CONFIG_CRYPTO_TEST is not set

#
# Authenticated Encryption with Associated Data
#
# CONFIG_CRYPTO_CCM is not set
# CONFIG_CRYPTO_GCM is not set
# CONFIG_CRYPTO_SEQIV is not set

#
# Block modes
#
CONFIG_CRYPTO_CBC=m
# CONFIG_CRYPTO_CTR is not set
# CONFIG_CRYPTO_CTS is not set
CONFIG_CRYPTO_ECB=m
# CONFIG_CRYPTO_LRW is not set
# CONFIG_CRYPTO_PCBC is not set
# CONFIG_CRYPTO_XTS is not set

#
# Hash modes
#
CONFIG_CRYPTO_HMAC=m
# CONFIG_CRYPTO_XCBC is not set

#
# Digest
#
# CONFIG_CRYPTO_CRC32C is not set
# CONFIG_CRYPTO_MD4 is not set
CONFIG_CRYPTO_MD5=m
# CONFIG_CRYPTO_MICHAEL_MIC is not set
CONFIG_CRYPTO_SHA1=m
CONFIG_CRYPTO_SHA256=m
# CONFIG_CRYPTO_SHA512 is not set
# CONFIG_CRYPTO_TGR192 is not set
# CONFIG_CRYPTO_WP512 is not set

#
# Ciphers
#
CONFIG_CRYPTO_AES=m
# CONFIG_CRYPTO_AES_X86_64 is not set
# CONFIG_CRYPTO_ANUBIS is not set
CONFIG_CRYPTO_ARC4=m
# CONFIG_CRYPTO_BLOWFISH is not set
# CONFIG_CRYPTO_CAMELLIA is not set
# CONFIG_CRYPTO_CAST5 is not set
# CONFIG_CRYPTO_CAST6 is not set
CONFIG_CRYPTO_DES=m
# CONFIG_CRYPTO_FCRYPT is not set
# CONFIG_CRYPTO_KHAZAD is not set
# CONFIG_CRYPTO_SALSA20 is not set
# CONFIG_CRYPTO_SALSA20_X86_64 is not set
# CONFIG_CRYPTO_SEED is not set
# CONFIG_CRYPTO_SERPENT is not set
# CONFIG_CRYPTO_TEA is not set
CONFIG_CRYPTO_TWOFISH=m
CONFIG_CRYPTO_TWOFISH_COMMON=m
# CONFIG_CRYPTO_TWOFISH_X86_64 is not set

#
# Compression
#
CONFIG_CRYPTO_DEFLATE=m
# CONFIG_CRYPTO_LZO is not set
CONFIG_CRYPTO_LZF=y
# CONFIG_CRYPTO_HW is not set
CONFIG_HAVE_KVM=y
# CONFIG_VIRTUALIZATION is not set

#
# Library routines
#
CONFIG_BITREVERSE=y
CONFIG_GENERIC_FIND_FIRST_BIT=y
CONFIG_GENERIC_FIND_NEXT_BIT=y
CONFIG_CRC_CCITT=m
CONFIG_CRC16=m
CONFIG_CRC_ITU_T=m
CONFIG_CRC32=y
# CONFIG_CRC7 is not set
CONFIG_LIBCRC32C=m
CONFIG_ZLIB_INFLATE=m
CONFIG_ZLIB_DEFLATE=m
CONFIG_PLIST=y
CONFIG_HAS_IOMEM=y
CONFIG_HAS_IOPORT=y
CONFIG_HAS_DMA=y

Re: nfs and kerberos authentification problem.

[François Valenduc]

J. Bruce Fields a =C3=A9crit :
> On Thu, Sep 04, 2008 at 09:38:34PM +0200, Fran=C3=A7ois Valenduc wrot=
e:
>  =20
>> Kevin Coffman a =C3=A9crit :
>>    =20
>>> This may be a stupid question, but can you access the mount using
>>> auth_sys?  As I think I said before, it looks like the Kerberos par=
t
>>> is working.  (Unless there are errors on the client side from
>>> rpc.gssd.)
>>>
>>>  =20
>>>      =20
>> I finally found a solution to the problem.
>>    =20
>
> Great!
>
>  =20
>> It seems that it's needed to =20
>> compile both NFS v3 and v4 server support to make kerberos support =20
>> working. I find that a bit strange, but with this kernel configurati=
on, =20
>> it is working fine. I find that a bit strange since I export the =20
>> filesystem as NFS3.
>> Should we consider this as a bug ? I am running kernel 2.6.26.3.
>>    =20
>
> Yes, that would be a bug!  But: are you sure gss support was built in=
 on
> the server?
>
> --b.
>
>  =20
>> Thanks a lot for your patience,
>> Fran=C3=A7ois
>>    =20
>
>  =20
There is still a major problem. Even if I can now mount the filesystem=20
with kerberos authentification, I can't write any file. Furthermore, I=20
can even not see the content of the exported directory without being=20
root. Is it due to the problem of uid/gid mapping ?

=46ran=C3=A7ois

Re: nfs and kerberos authentification problem.

[François Valenduc]

=46ran=C3=A7ois Valenduc a =C3=A9crit :
> J. Bruce Fields a =C3=A9crit :
>> On Thu, Sep 04, 2008 at 09:38:34PM +0200, Fran=C3=A7ois Valenduc wro=
te:
>> =20
>>> Kevin Coffman a =C3=A9crit :
>>>   =20
>>>> This may be a stupid question, but can you access the mount using
>>>> auth_sys?  As I think I said before, it looks like the Kerberos pa=
rt
>>>> is working.  (Unless there are errors on the client side from
>>>> rpc.gssd.)
>>>>
>>>>        =20
>>> I finally found a solution to the problem.
>>>    =20
>>
>> Great!
>>
>> =20
>>> It seems that it's needed to  compile both NFS v3 and v4 server=20
>>> support to make kerberos support  working. I find that a bit strang=
e,=20
>>> but with this kernel configuration,  it is working fine. I find tha=
t=20
>>> a bit strange since I export the  filesystem as NFS3.
>>> Should we consider this as a bug ? I am running kernel 2.6.26.3.
>>>    =20
>>
>> Yes, that would be a bug!  But: are you sure gss support was built i=
n on
>> the server?
>>
>> --b.
>>
>> =20
>>> Thanks a lot for your patience,
>>> Fran=C3=A7ois
>>>    =20
>>
>>  =20
> There is still a major problem. Even if I can now mount the filesyste=
m=20
> with kerberos authentification, I can't write any file. Furthermore, =
I=20
> can even not see the content of the exported directory without being=20
> root. Is it due to the problem of uid/gid mapping ?
>=20
> Fran=C3=A7ois

What I don' understand is that the file system is well mounted read-wri=
te:
pc-francois:/home/francois on /mnt/pc-francois type nfs=20
(rw,users,noatime,sec=3Dkrb5,rsize=3D1024,wsize=3D1024,soft,addr=3D192.=
168.1.2)

The mounted directory has the following permissions:

drwxrwsr-x 77 francois francois 4,0K sep  5 20:35 pc-francois/

So, I don't understand why I can't write any file on it.

Thanks for your help;

=46ran=C3=A7ois

Re: nfs and kerberos authentification problem.

[J. Bruce Fields]

On Fri, Sep 05, 2008 at 08:57:16PM +0200, Fran=C3=A7ois Valenduc wrote:
> What I don' understand is that the file system is well mounted read-w=
rite:
> pc-francois:/home/francois on /mnt/pc-francois type nfs =20
> (rw,users,noatime,sec=3Dkrb5,rsize=3D1024,wsize=3D1024,soft,addr=3D19=
2.168.1.2)
>
> The mounted directory has the following permissions:
>
> drwxrwsr-x 77 francois francois 4,0K sep  5 20:35 pc-francois/
>
> So, I don't understand why I can't write any file on it.

The way it would normally work is you'd have a kerberos principal named
"francois-wmZDWbG+120CDknkFGB/9A@public.gmane.org", and you'd run

	kinit francois-wmZDWbG+120CDknkFGB/9A@public.gmane.org

(or that'd be done automatically for you on login if you have the right
pam setup).  When you do an nfs operation then the server will see you
as francois-wmZDWbG+120CDknkFGB/9A@public.gmane.org, look for a local user named "francois", an=
d
use that uid/gid.

But all authentication in nfs is per-user, not per-client, so you need =
a
krb5 principal for each user.

--b.

Re: nfs and kerberos authentification problem.

[J. Bruce Fields]

On Fri, Sep 05, 2008 at 08:36:16PM +0200, Fran=C3=A7ois Valenduc wrote:
> There is still a major problem. Even if I can now mount the filesyste=
m =20
> with kerberos authentification, I can't write any file. Furthermore, =
I =20
> can even not see the content of the exported directory without being =
=20
> root. Is it due to the problem of uid/gid mapping ?

Do you have a kerberos credential name for "francois"?  When you're
logged in as francois, what does klist say?

--b.

>
> Fran=C3=A7ois