Manualshelf

NFS Services Administrator's Guide (B.11.31.03) August 2008

ManualsBrandsHP ManualsSoftwareHP-UX 11i v3 ONC and NFS Software
31323334353637383940
An output similar to the following output is displayed:
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
--------------------------------------------------------
1 nfs/krbsrv39.anyrealm.com@krbhost.anyrealm.com
If you did not add the NFS service principal with the fully qualified hostname, an
error similar to the following error is displayed:
share -o sec=krb5i /export_krb5
share_nfs: /export_krb5: Invalid argument
9. Modify the /etc/nfssec.conf file. Uncomment the entries for either krb5, krb5i,
or krb5p based on the security protocol you want to choose. You can choose all
the versions as shown in this example:
#ident "@(#)nfssec.conf 1.5 07/11/09 SMI"
# The NFS Security Service Configuration File.
# Each entry is of the form:
# <NFS_security_mode_name> <NFS_security_mode_number>
\
# <GSS_mechanism_name>
<GSS_quality_of_protection> <GSS_services>
# The "-" in <GSS_mechanism_name> signifies that this is not
a GSS mechanism.
# A string entry in <GSS_mechanism_name> is required for usi
ng RPCSEC_GSS
# services. <GSS_quality_of_protection> and <GSS_services>
are optional.
# White space is not an acceptable value.
# default security mode is defined at the end. It should be
one of the flavor numbers defined above it.
none 0 - - - #
AUTH_NONE
sys 1 - - - #
AUTH_SYS
dh 3 - - - #
AUTH_DH
krb5 390003 krb5_mech default - #
RPCSEC_GSSkrb5i 390004 krb5_mech default integrity #
RPCSEC_GSS
krb5p 390005 krb5_mech default privacy #
RPCSEC_GSS
default 1 - - - #
default is AUTH_SYS
10. To create a credential table, enter the following command:
gsscred -m krb5_mech -a
11. Share a directory with the Kerberos security option as described in the following
section.
Configuring and Administering an NFS Server 39