--- /dev/null
+
+unfs3 mount-time password support
+=================================
+
+Example exports file:
+
+/tmp (rw,password=gazonk)
+
+Syntax note: The password may contain any character, except
+whitespace, comma and right parenthesis.
+
+
+Mounting with clear-text passwords
+----------------------------------
+
+mount yourhost:@password:gazonk/tmp /mnt
+
+Note: When using @password, the password cannot contain slashes.
+
+
+Mounting with one-time passwords
+--------------------------------
+
+1. Communicate with the mount server and issue a mount for
+ "@getnonce". The returned filehandle is your nonce.
+
+2. Concatenate the nonce with the password, and run it through
+ MD5. Convert the result to a hexascii representation.
+
+3. Example mount command:
+
+mount yourhost:@otp:851d689b11ed4779dd5fbb084b136c52/tmp /mnt
+
+Step 1 and 2 can be done by using the "nfsotpclient" found in the
+contrib directory.
+
+Note: With otp:s, a race condition exists. Consider the following:
+
+1) client A requests nonce, gets NA
+2) client B requests nonce, gets NB
+3) client A sends otp mount using NA
+4) client B sends otp mount using NB
+
+Step 3 will not succeed because the server only stores the last
+nonce. Step 4 will succeed, though. Client A needs to fetch a new
+nonce and retry the mount.