NFS Services Administrator's Guide (B.11.31.05) September 2009

For information on how to disable mount access for a single client, see “Unmounting (Removing)
a Mounted Directory” (page 40).
Starting with HP-UX 11i v3, the mount command is enhanced to provide benefits such as
performance improvement of large sequential data transfers and local locking for faster access.
The umount command allows forcible unmounting of filesystems. These features can be accessed
using specific options of the mount command. For more information on these options, see
mount_nfs (1M), and umount(1M).
NFS clients can also unmount the directories using the umount command. For information on
unmounting a shared directory, see “Unsharing (Removing) a Shared Directory” (page 33).
Support for WebNFS
NFS is designed as a file access protocol for LANs. WebNFS is an extension of NFS. It enables
you to access files across the Internet easily. WebNFS is designed to handle unique problems
associated with accessing files across the Internet.
WebNFS enables filesystems at other locations on the Internet to appear to a user as a local
filesystem. WebNFS works through firewalls and implements features such as read-ahead and
write-behind, to improve throughput and performance over the Internet.
For more information on WebNFS, see “Sharing directories across a firewall using the WebNFS
Feature” (page 32).
Secure Sharing of Directories
In earlier versions of HP-UX, NFS used the AUTH_SYS authentication, which uses UNIX style
authentication, (uid/gid), to allow access to the shared files. It is fairly simple to develop an
application or server that can masquerade as a user because the gid/uid ownership of a file can
be viewed.
The AUTH_DH authenticating method was introduced to address the vulnerabilities of the
AUTH_SYS authentication method. The AUTH_DH security model is stronger, because it
authenticates the user by using the users private key.
Kerberos is an authentication system that provides secure transactions over networks. It offers
strong user authentication, integrity and privacy. Kerberos support has been added to provide
authentication and encryption capabilities. For information on how to share directories in a
secure manner, see “Secure Sharing of Directories ” (page 26).
Client Failover
By using client-side failover, an NFS client can specify redundant servers that are making the
same data available and switch to an alternate server when the current server becomes unavailable.
The filesystems on the current server can become unavailable for the following reasons:
If the filesystem is connected to a server that crashes
If the server is overloaded
If a network fault occurs
A failover occurs when the filesystem is unavailable. The failover is transparent to the user. The
failover can occur at any time without disrupting processes that are running on the client.
Consider the following points before enabling client-side failover:
The filesystem must be mounted with read-only permissions.
The filesystems must be identical on all the redundant servers for the failover to occur
successfully. For information on identical filesystems, see “Replicated Filesystems” (page 18).
A static filesystem or one that is not modified often is used for failover.
New Features in NFS 17