chnfssec Command

Purpose

Changes the default security flavor used by the network file system (NFS) client.

Syntax

chnfssec [ -a | -r ] comma-separated-list

Description

The chnfssec command administers the default security flavors used by the NFS client. These defaults are stored in the /etc/nfs/security_default file. Use the chnfssec command (without flags) to list the current security flavors. The /etc/nfs/security_default file must exist for the chnfssec command to list or remove security flavors. Otherwise, the chnfssec command fails, and returns an error.

The valid security flavors available are: ,
     sys          UNIX style (uids, gids)
     dh           DES style (encrypted timestamps)
     krb5         Kerberos 5, no integrity or privacy
     krb5i        Kerberos 5, with integrity
     krb5p        Kerberos 5, with privacy 

Flags

Item Description
-a Sets a new list of security flavors.
-r Removes a set of security flavors.

Parameters

Item Description
comma-separated-list sys, dh, krb5, krb5i, krb5p are the available flavors.

Security

Users must have root authority to use the chnfssec command.

Attention RBAC users and Trusted AIX® users: This command can perform privileged operations. Only privileged users can run privileged operations. For more information about authorizations and privileges, see Privileged Command Database in Security. For a list of privileges and the authorizations associated with this command, see the lssecattr command or the getcmdattr subcommand.

Examples

  1. To add a list of security flavors, type:
    chnfssec -a krb5,krb5i,sys
    This command tells the NFS client to first use krb5, then krb5i, and lastly sys security.
  2. To remove a security flavor, type the following:
    chnfssec -r krb5,sys
    This command removes krb5 and sys from the list of security flavors the NFS client will use.

Files

Item Description
/etc/nfs/security_default Stores the default NFS security flavors.