nfssec man page on HP-UX

Printed from http://www.polarhome.com/service/man/?qf=nfssec&af=0&tf=2&of=HP-UX

nfssec(5)							     nfssec(5)

NAME
       nfssec - overview of NFS security modes

DESCRIPTION
       The  mount_nfs(1M)  and	share_nfs(1M)  commands	 each provide a way to
       specify the security mode to be used on an NFS filesystem  through  the
       option.	 mode  can be either or These security modes may also be added
       to the automount maps.  Note that mount_nfs(1M)	and  automount(1M)  do
       not support at this time.

       The  option  on the share_nfs(1M) command line establishes the security
       mode of NFS servers.  If the NFS connection uses the NFS Version 3 pro‐
       tocol,  the  NFS clients must query the server for the appropriate mode
       to use.	If the NFS connection uses the NFS Version  2  protocol,  then
       the  NFS	 client uses the default security mode, which is currently NFS
       clients may force the use of a specific security mode by specifying the
       option  on  the command line.  However, if the filesystem on the server
       is not shared with that security mode, the client may be denied access.

       If the NFS client wants to authenticate the NFS server using a particu‐
       lar  (stronger) security mode, the client wants to specify the security
       mode to be used, even if the connection uses the NFS Version  3	proto‐
       col.   This guarantees that an attacker masquerading as the server does
       not compromise the client.

       The NFS security modes are described below.  Of these,  the  modes  use
       the  Kerberos  V5 protocol for authenticating and protecting the shared
       filesystems.  Before these can be used, the system must	be  configured
       to be part of a Kerberos realm.

       Use	 authentication.   The	user's	UNIX user-id and group-ids are
		 passed in the clear on the network,  unauthenticated  by  the
		 NFS  server  .	  This	is  the	 simplest  security method and
		 requires no additional administration.	  It  is  the  default
		 used by HP-UX NFS Version 2 clients and HP-UX NFS servers.

       Use a Diffie-Hellman public key system
		 which is referred to as in the forthcoming Internet RFC).

       Use Kerberos V5 protocol to authenticate users before granting access
		 to the shared filesystem.

       Use Kerberos V5 authentication with integrity checking (checksums) to
		 verify that the data has not been tampered with.

       User  Kerberos V5 authentication, integrity checksums, and privacy pro‐
       tection
		 (encryption) on the shared  filesystem.   This	 provides  the
		 most  secure filesystem sharing, as all traffic is encrypted.
		 It should be noted that performance might suffer on some sys‐
		 tems  when  using depending on the computational intensity of
		 the encryption algorithm and the amount of data being	trans‐
		 ferred.

       Use null authentication
		 NFS  clients  using  have  no	identity and are mapped to the
		 anonymous user by NFS servers.	 A  client  using  a  security
		 mode other than the one with which an HP-UX NFS server shares
		 the filesystem has its security mode mapped to In this	 case,
		 if  the  filesystem  is shared with users from the client are
		 mapped to the anonymous user.

WARNINGS
       lists the NFS security services.	 Do not edit this  file.   It  is  not
       intended to be user-configurable.

FILES
       NFS security service configuration file

SEE ALSO
       automount(1M),	 mount_nfs(1M),	   share_nfs(1M),   rpc_clnt_auth(3N),
       secure_rpc(3N), nfssec.conf(4).

								     nfssec(5)
[top]

List of man pages available for HP-UX

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net