|
Hopefully, this page is exactly what you are looking for, but if not, you can always find further assistance on Unix/Linux Forum!
Standards, Environments, and Macros nfssec(5)
NAME
nfssec - overview of NFS security modes
DESCRIPTION
The mount_nfs(1M) and share_nfs(1M) commands each provide a
way to specify the security mode to be used on an NFS file
system through the sec=mode option. mode can be sys, dh,
krb5, krb5i, krb5p, or none. These security modes can also
be added to the automount maps. Note that mount_nfs(1M) and
automount(1M) do not support sec=none at this time.
mount_nfs(1M) allows you to specify a single security mode;
share_nfs(1M) allows you to specify multiple modes (or
none). With multiple modes, an NFS client can choose any of
the modes in the list.
The sec=mode option on the share_nfs(1M) command line estab-
lishes the security mode of NFS servers. If the NFS connec-
tion uses the NFS Version 3 protocol, the NFS clients must
query the server for the appropriate mode to use. If the NFS
connection uses the NFS Version 2 protocol, then the NFS
client uses the default security mode, which is currently
sys. NFS clients may force the use of a specific security
mode by specifying the sec=mode option on the command line.
However, if the file system on the server is not shared with
that security mode, the client may be denied access.
If the NFS client wants to authenticate the NFS server using
a particular (stronger) security mode, the client wants to
specify the security mode to be used, even if the connection
uses the NFS Version 3 protocol. This guarantees that an
attacker masquerading as the server does not compromise the
client.
The NFS security modes are described below. Of these, the
krb5, krb5i, krb5p modes use the Kerberos V5 protocol for
authenticating and protecting the shared filesystems. Before
these can be used, the system must be configured to be part
of a Kerberos realm. See kerberos(5).
sys Use AUTH_SYS authentication. The user's UNIX user-
id and group-ids are passed in the clear on the
network, unauthenticated by the NFS server. This is
the simplest security method and requires no addi-
tional administration. It is the default used by
Solaris NFS Version 2 clients and Solaris NFS
servers.
dh Use a Diffie-Hellman public key system (AUTH_DES,
which is referred to as AUTH_DH in the forthcoming
Internet RFC).
SunOS 5.10 Last change: 13 Apr 2005 1
Standards, Environments, and Macros nfssec(5)
krb5 Use Kerberos V5 protocol to authenticate users
before granting access to the shared filesystem.
krb5i Use Kerberos V5 authentication with integrity
checking (checksums) to verify that the data has
not been tampered with.
krb5p User Kerberos V5 authentication, integrity check-
sums, and privacy protection (encryption) on the
shared filesystem. This provides the most secure
filesystem sharing, as all traffic is encrypted. It
should be noted that performance might suffer on
some systems when using krb5p, depending on the
computational intensity of the encryption algorithm
and the amount of data being transferred.
none Use null authentication (AUTH_NONE). NFS clients
using AUTH_NONE have no identity and are mapped to
the anonymous user nobody by NFS servers. A client
using a security mode other than the one with which
a Solaris NFS server shares the file system has its
security mode mapped to AUTH_NONE. In this case, if
the file system is shared with sec=none, users from
the client are mapped to the anonymous user. The
NFS security mode none is supported by
share_nfs(1M), but not by mount_nfs(1M) or
automount(1M).
FILES
/etc/nfssec.conf NFS security service confi-
guration file
ATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
| Availability | SUNWnfscr |
|_____________________________|_____________________________|
SunOS 5.10 Last change: 13 Apr 2005 2
Standards, Environments, and Macros nfssec(5)
SEE ALSO
automount(1M), mount_nfs(1M), share_nfs(1M),
rpc_clnt_auth(3NSL), secure_rpc(3NSL), nfssec.conf(4),
attributes(5), kerberos(5)
NOTES
/etc/nfssec.conf lists the NFS security services. Do not
edit this file. It is not intended to be user-configurable.
SunOS 5.10 Last change: 13 Apr 2005 3
Man(1) output converted with
man2html and wrapped by fishsponge
This page was generated on Wed Sep 12 11:27:54 GMT 2007
|
Your favourite pages:
No pages logged yet.
Trying to save cookie... Top 10 most popular pages:
sqlite3 man page (5334 hits)
(openSUSE 10.2)
svn man page (5208 hits)
(FreeBSD 6.2)
adv_cap_autoneg man page (4870 hits)
(Solaris 10 11_06)
CPAN man page (4607 hits)
(Suse Linux 10.1)
ssh man page (4342 hits)
(Suse Linux 10.1)
ssh-socks5-proxy-connect man page (2876 hits)
(Solaris 10 11_06)
netcat man page (2717 hits)
(Suse Linux 10.1)
pprosetup man page (2487 hits)
(Solaris 10 11_06)
startproc man page (2471 hits)
(Suse Linux 10.1)
signal man page (2407 hits)
(Suse Linux 10.1)
|
Man Pages 
