Secure NFS on HP-UX 11i v3

B. Configuring Secure NFS filesystems via /etc/fstab

Similar to the manual mount(1M) case, Secure NFS entries in the /etc/fstab file need to specify

the desired security mode for each filesystem. Otherwise the client and server will negotiate the

highest security level supported by both systems. In the example shown in Figure 17 the

/etc/fstab entry specifies the desired security mode “krb5.”

Figure 17 Configuring Secure NFS via /etc/fstab

C. Configuring Secure NFS filesystems via AutoFS

From an AutoFS map perspective, the “sec=mode” option is no different from any other NFS mount

option such as “hard” or “intr.” Therefore, the process for adding the “sec=mode” option to an

existing AutoFS map entry would be no different from adding any other mount option. The location of

where to include the “sec=mode” option is determined by the type of AutoFS map being modified.

For example, the master map uses the syntax:

Mount Point Map Type Mount Options

/net -hosts -nosuid,soft,nobrowse,sec=krb5

In the master map case, the “sec=mode” string would be appended to the existing list of mount

options. As with any mount options, making this change to the master map would affect any

filesystems mounted via the /net mount point.

In the case of direct or indirect maps, the syntax is a bit different:

Key Mount Options Location

/hp-1 -sec=krb5 atcux12.rose.hp.com:/memfs

In the direct or indirect map case, mount options such as “sec=mode” are listed in between the Key

field and the Location field, as shown above. By modifying the specific entry inside an indirect or

direct map file, only that mount point will request the new desired security mode.