Manualshelf

NFS Services Administrator's Guide (762805-001, March 2014)

ManualsBrandsHP ManualsSoftwareHP-UX 11i v3 ONC and NFS Software
11121314151617181920
Mounting an NFS filesystem through a firewall
For information on how to mount an NFS filesystem through a firewall, see Accessing shared
NFS directories across a firewall” (page 29).
Mounting a filesystem securely
For information on how to mount a filesystem in a secure manner, see An example for securely
mounting a directory” (page 40).
For information on how to disable mount access for a single client, see “Unmounting (Removing)
a mounted directory” (page 40).
Starting with HP-UX 11i v3, the mount command is enhanced to provide benefits such as
performance improvement of large sequential data transfers and local locking for faster access.
The umount command allows forcible unmounting of filesystems. These features can be accessed
using specific options of the mount command. For more information on these options, see mount_nfs
(1M), and umount(1M).
NFS clients can also unmount the directories using the umount command. For information on
unmounting a shared directory, see “Unsharing (Removing) a shared directory” (page 33).
Support for WebNFS
NFS is designed as a file access protocol for LANs. WebNFS is an extension of NFS. It enables
you to access files across the Internet easily. WebNFS is designed to handle unique problems
associated with accessing files across the Internet.
WebNFS enables filesystems at other locations on the Internet to appear to a user as a local
filesystem. WebNFS works through firewalls and implements features such as read-ahead and
write-behind, to improve throughput and performance over the Internet.
For more information on WebNFS, see “Sharing directories across a firewall using the WebNFS
Feature” (page 31).
Secure sharing of directories
In earlier versions of HP-UX, NFS used the AUTH_SYS authentication, which uses UNIX style
authentication, (uid/gid), to allow access to the shared files. It is fairly simple to develop an
application or server that can masquerade as a user because the gid/uid ownership of a file
can be viewed.
The AUTH_DH authenticating method was introduced to address the vulnerabilities of the AUTH_SYS
authentication method. The AUTH_DH security model is stronger, because it authenticates the user
by using the user’s private key.
Kerberos is an authentication system that provides secure transactions over networks. It offers strong
user authentication, integrity and privacy. Kerberos support has been added to provide
authentication and encryption capabilities. For information on how to share directories in a secure
manner, see “Secure sharing of directories ” (page 25).
Client failover
By using client-side failover, an NFS client can specify redundant servers that are making the same
data available and switch to an alternate server when the current server becomes unavailable.
The filesystems on the current server can become unavailable for the following reasons:
If the filesystem is connected to a server that crashes
If the server is overloaded
If a network fault occurs
A failover occurs when the filesystem is unavailable. The failover is transparent to the user. The
failover can occur at any time without disrupting processes that are running on the client.
16 Introduction