Changes NFS foreign identity mappings.
For user and group related foreign identity mappings
chnfsim -a | -l | -s | -x -u | -g [ -i Identity ] [ -n name -d domain ]
For realm-to-domain mappings
chnfsim -a | -l | -x [ -r realm -d domain ]
To configure a system to use EIM
chnfsim -c -a | -l | -x [ -t type -h hostname[:port] -e EIMdomain -f EIMsuffix -b admin_DN -w admin_password -W access_password ]
To remove EIM configuration from a system
chnfsim -C
The chnfsim command administers NFS foreign identity mappings using the Enterprise Identity Mapping (EIM) layer of an LDAP server. To use this command, the bos.eim.rte and ldap.client filesets must be installed. Additionally, if the machine is to be the EIM LDAP server, the ldap.server fileset must also be installed.
After changing identity mappings on the system, run the nfsrgyd -f command to flush the systems' identity cache.
You must first configure a system to use EIM with the -c and the -a flags before attempting to use any other function. All mapping data are stored and retrieved from the EIM LDAP server.
The chnfsim command is used to add, list, and remove an EIM configuration for NFS. The chnfsim command is then used to add and remove owner and owner group strings to user and group identities. It can list the identity mappings associated with a user or group, and can search for the mapping identity associated with a name and domain.
The chnfsim command is also used to add and remove Kerberos realm to NFS domain mappings, and can list the current realm to domain mappings.
Item | Description |
---|---|
-a | Add operation. |
-b | Specifies the LDAP administrator distinguished name. The default value is admin. |
-c | Configure operation. |
-C | Remove EIM configuration. |
-d | Specify the NFS domain part of a NFS V4 owner string. |
-e | Specify the EIM domain of the EIM LDAP server used for NFS mapping. |
-f | Specify the EIM directory suffix of the EIM LDAP server used for NFS mapping. |
-g | Specify a group-based operation. |
-h | Specify the hostname and port of the EIM LDAP server used for NFS mapping. |
-i | Specify the mapping identity. This is a unique string that describes a particular owner or owner group. |
-l | List operation. |
-n | Specify the owner or owner group name of a NFS V4 owner string. |
-r | Specify the Kerberos realm. |
-s | Search operation. |
-t | Specify the type of EIM LDAP server.
|
-u | Specify a user-based operation. |
-w | Specify the EIM administrator password. |
-W | Specify the EIM access-only user password. |
-x | Remove operation. |
Action Matrix
Item | Description |
---|---|
Operation | Flags (Optional flags in parentheses) |
-c | Displays current EIM configuration of the system.
|
-a |
|
-x |
|
-l | Lists all realm-to-domain mappings.
|
-s |
|
-C | Removes all of the EIM LDAP server entries from the configuration file. |
chnfsim -c
chnfsim -c -a -t P -h foos.com -e nfs -f nfseim -w mypasswd -W access_passwd
chnfsim -c -a -t P -h foos.com -e nfs -f nfseim -W access_passwd
chnfsim -c -l -h foos.com:1080
chnfsim -c -x -h foos.com:1080
chnfsim -a -u -i "John Doe" -n jdoe -d com.com
chnfsim -x -u -i "John Doe" -n jdoe -d com.com
chnfsim -x -u -i "John Doe"
chnfsim -l -u -i "John Doe"
chnfsim -a -r realm1 -d domain1
chnfsim -x -r realm1 -d domain1
chnfsim -l
chnfsim -s -u -n jdoe -d com.com
chnfsim -C
Item | Description |
---|---|
/usr/sbin/chnfsim | Location of the chnfsim command. |
Attention RBAC users and Trusted AIX® users: This command can perform privileged operations. Only privileged users can run privileged operations. For more information about authorizations and privileges, see Privileged Command Database in Security. For a list of privileges and the authorizations associated with this command, see the lssecattr command or the getcmdattr subcommand.