Changes the default security flavor used by the network file system (NFS) client.
The chnfssec command administers the default security flavors used by the NFS client. These defaults are stored in the /etc/nfs/security_default file. Use the chnfssec command (without flags) to list the current security flavors. The /etc/nfs/security_default file must exist for the chnfssec command to list or remove security flavors. Otherwise, the chnfssec command fails, and returns an error.
sys UNIX style (uids, gids)
dh DES style (encrypted timestamps)
krb5 Kerberos 5, no integrity or privacy
krb5i Kerberos 5, with integrity
krb5p Kerberos 5, with privacy
Item | Description |
---|---|
-a | Sets a new list of security flavors. |
-r | Removes a set of security flavors. |
Item | Description |
---|---|
comma-separated-list | sys, dh, krb5, krb5i, krb5p are the available flavors. |
Users must have root authority to use the chnfssec command.
Attention RBAC users and Trusted AIX® users: This command can perform privileged operations. Only privileged users can run privileged operations. For more information about authorizations and privileges, see Privileged Command Database in Security. For a list of privileges and the authorizations associated with this command, see the lssecattr command or the getcmdattr subcommand.
chnfssec -a krb5,krb5i,sys
This command tells the NFS client to first use krb5, then krb5i, and lastly sys security. chnfssec -r krb5,sys
This command removes krb5 and sys from the list of security flavors the NFS client
will use. Item | Description |
---|---|
/etc/nfs/security_default | Stores the default NFS security flavors. |