Configures the host keys for an Network File System (NFS) server.
nfshostkey -l | -L | {-p principal -f file} | { -a -p principal -i address } | { -d -p principal -i address}
An NFS server (or full client) using RPCSEC_GSS RPC security must be able to acquire credentials for its host principal to accept requests. Use the nfshostkey command to configure this information.
nfs/fully_qualified_domain_nameAfter you set the primary host principal, you can use the nfshostkey command to set additional host principals for other network addresses. The server searches the list of addresses to find the one that an incoming request was sent to and use the appropriate principal. If none is found, the primary principal is used. The secondary host principals must have entries in the same keytab file that was passed in for the primary principal. They will not be used by full clients.
| Item | Description |
|---|---|
| -a | Adds a new secondary host principal. |
| -d | Deletes a secondary host principal. |
| -f file | Specifies the path to a keytab file for the host principals. |
| -i address | Specifies the IP address corresponding to the secondary principal. |
| -l | Lists the primary host principal and keytab. |
| -L | Lists the primary host principal, keytab, and secondary host principals. |
| -p principal | Specifies the principal for this host. |
Attention RBAC users and Trusted AIX® users: This command can perform privileged operations. Only privileged users can run privileged operations. For more information about authorizations and privileges, see Privileged Command Database in Security. For a list of privileges and the authorizations associated with this command, see the lssecattr command or the getcmdattr subcommand.
nfshostkey -p principal -f keytab filenfshostkey -a -p principal -i ip addressnfshostkey -d -p principal -i ip address