NFS Services Administrator's Guide
Configuring and Administering NFS Services
Configuring and Administering an NFS Server
Chapter 2 57
•The share command uses the AUTH_SYS mode by default, if the
sec
=mode
option is not specified.
• If your network consists of clients with differing security
requirements, some using highly restrictive security modes and some
using less secure modes, use multiple security modes with a single
share command.
For example, consider an environment where all clients do not
require same level of security. This environment is usually difficult to
secure and requires running various scripts. However, if you use the
share command, you can specify different security mechanisms for
each netgroup within your network.
• If one or more explicit
sec
= options are specified, you must set the
sys security mode to continue to allow access to share directories,
using the AUTH_SYS authentication method.
For example, if you are specifying multiple security options, such as
Kerberos and Diffie-Hellman, then specify the sys security option as
well to enable users to access the shared directories using the
AUTH_SYS security method.
•If ro and rw options are specified in a sec clause, the order of the
options rule is not enforced. All hosts are granted read-only access,
except those in the read-write list.
Secure NFS Setup with Kerberos
This section describes how to configure your secure NFS using Kerberos.
Configuring Secure NFS Server with Kerberos
You need to set up the NFS server as a Kerberos client before securing
the NFS server.
To configure your secure NFS server, follow these steps:
1. Set up the host as a Kerberos client. For more information on setting
up the NFS server as a Kerberos client, see Configuration Guide for
Kerberos Client Products on HP-UX (5991-7685).