nfshostkey Command

Purpose

Configures the host keys for an Network File System (NFS) server.

Syntax

nfshostkey -l | -L | {-p principal -f file} | { -a -p principal -i address } | { -d -p principal -i address}

Description

An NFS server (or full client) using RPCSEC_GSS RPC security must be able to acquire credentials for its host principal to accept requests. Use the nfshostkey command to configure this information.

All full clients and NFS servers must have a primary host principal. The following is the format of the host principal that the nfshostkey command sets:
nfs/fully_qualified_domain_name

After you set the primary host principal, you can use the nfshostkey command to set additional host principals for other network addresses. The server searches the list of addresses to find the one that an incoming request was sent to and use the appropriate principal. If none is found, the primary principal is used. The secondary host principals must have entries in the same keytab file that was passed in for the primary principal. They will not be used by full clients.

Flags

Item Description
-a Adds a new secondary host principal.
-d Deletes a secondary host principal.
-f file Specifies the path to a keytab file for the host principals.
-i address Specifies the IP address corresponding to the secondary principal.
-l Lists the primary host principal and keytab.
-L Lists the primary host principal, keytab, and secondary host principals.
-p principal Specifies the principal for this host.

Security

Attention RBAC users and Trusted AIX® users: This command can perform privileged operations. Only privileged users can run privileged operations. For more information about authorizations and privileges, see Privileged Command Database in Security. For a list of privileges and the authorizations associated with this command, see the lssecattr command or the getcmdattr subcommand.

Examples

  1. To set a primary host principal, enter:
    nfshostkey -p principal -f keytab file
  2. To add a secondary host principal, enter:
    nfshostkey -a -p principal -i ip address
  3. To delete a host principal, enter:
    nfshostkey -d -p principal -i ip address