Manualshelf

NFS Services Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX 11i v3 ONC and NFS Software
51525354555657585960
Configuring and Administering NFS Services
Configuring and Administering an NFS Server
Chapter 256
Secure Sharing of Directories
The share command enables you to specify a security mode for NFS. Use
the sec option to specify the different security modes. Table 2-3 describes
the security modes of the share command.
You can combine the different security modes. However, the security
mode specified in the host must be supported by the client. If the modes
on the client and server are different, the directory cannot be accessed.
For example, an NFS server can combine the dh (Diffie-Hellman) and
krb5 (Kerberos) security modes as it supports both the modes. However,
if the NFS client does not support krb5, the shared directory cannot be
accessed using krb5 security mode.
Consider the following points before you specify or combine security
modes:
Table 2-3 Security Modes of the share command
Security
Mode
Description
sys Uses the default authentication method, AUTH_SYS.
The sys mode is a simple authentication method that
uses UID/GID UNIX permissions, and is used by NFS
servers and NFS clients using the version 2, 3, and 4
protocol.
dh Uses the Diffie-Hellman public-key system and uses the
AUTH_DES authentication.
krb5 Uses Kerberos V5 protocol to authenticate users before
granting access to the shared filesystems.
krb5i Uses Kerberos V5 authentication with integrity
checking to verify that the data is not tampered with,
while in transit between the NFS clients and servers.
krb5p Uses Kerberos V5 authentication, integrity checking,
and privacy protection (encryption) on the shared
filesystems.
none Uses NULL authentication (AUTH_NONE). NFS clients
using AUTH_NONE are mapped to the anonymous user
nobody by NFS.