NFS Services Administrator's Guide
Introduction
New Features in NFS
Chapter 130
The AUTH_DH authenticating method was introduced to address the
vulnerabilities of the AUTH_SYS authentication method. The
AUTH_DH security model is stronger, because it authenticates the user
by using the user’s private key.
Kerberos is an authentication system that provides secure transactions
over networks. It offers strong user authentication, integrity and privacy.
Kerberos support has been added to provide authentication and
encryption capabilities. For information on how to share directories in a
secure manner, see “Secure Sharing of Directories” on page 56.
Client Failover
By using client-side failover, an NFS client can specify redundant servers
that are making the same data available and switch to an alternate
server when the current server becomes unavailable. The filesystems on
the current server can become unavailable for the following reasons:
• If the filesystem is connected to a server that crashes
• If the server is overloaded
• If a network fault occurs
A failover occurs when the filesystem is unavailable. The failover is
transparent to the user. The failover can occur at any time without
disrupting processes that are running on the client.
Consider the following points before enabling client-side failover:
• The filesystem must be mounted with read-only permissions.
• The filesystems must be identical on all the redundant servers for
the failover to occur successfully. For information on identical
filesystems, see “Replicated Filesystems” on page 31.
• A static filesystem or one that is not modified often is used for
failover.
• File systems that are mounted using CacheFS are not supported for
use with failover.
• If client-side failover is enabled using the command-line option, the
listed servers must support the same version of the NFS protocol. For
example, onc21 and onc23 must support the same version of NFS
protocol, either NFSv2, NFSv3, or NFSv4.