Manualshelf

NFS Services Administrator's Guide (B.11.31.03) August 2008

ManualsBrandsHP ManualsSoftwareHP-UX 11i v3 ONC and NFS Software
41424344454647484950
mount o sec=<Kerberos protocol version> <svr:/dir> </mount-point>
Where,
-o Enables you to use some of the specific options of the share
command, such as sec, async, public, and others.
sec Enables you to specify the security mode to be used. Specify
krb5 as the Kerberos protocol version.
<svr:/dir> Enables you to specify the location of the directory.
</mount-point> Enables you to specify the mount-point location where the
filesystem is mounted.
An initial ticket grant is carried out when the user accesses the mounted filesystem.
Accessing Shared NFS Directories across a Firewall
To access shared NFS directories across a firewall, you must configure the firewall
based on the ports that the NFS service daemons listen on. To access NFS directories,
the following daemons are required: rpcbind, nfsd, rpc.lockd, rpc.statd, and
rpc.mountd. The rpcbind daemon uses a fixed port, 111, and the nfsd daemon uses
2049 as its default port. To configure the firewall, you must know the port numbers of
the other NFS daemons, to ensure that the NFS client requests are not denied.
NOTE: This section does not document how to configure a firewall. This section
documents the considerations to keep in mind while sharing a directory across a firewall.
Shared NFS directories can be accessed across a firewall in the following ways:
Sharing directories across a firewall without fixed port numbers
Sharing directories across a firewall using fixed port numbers in the /etc/
default/nfs file
Sharing directories across a firewall using the NFSv4 protocol
Sharing directories across a firewall using the WebNFS feature
Sharing directories across a firewall without fixed port numbers (NFSv2 and NFSv3)
This is the default method of sharing directories across a firewall. In this method, the
rpc.statd and rpc.mountd daemons do not run on fixed ports. The ports used
by these daemons are assigned from the anonymous port range. By default, the
anonymous port range is configured between 49152 and 65535.
The rpc.lockd daemon runs at port 4045 and is not configurable. To determine the
port numbers currently used by rpc.statd and rpc.mountd daemons, run the
rpcinfo -p command, and configure the firewall accordingly.
For example, to determine the port numbers, enter the following command:
rpcinfo -p
42 Configuring and Administering NFS Services