JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Solaris Administration: Network Services     Oracle Solaris 11 Information Library
Oracle Technology Network
Library
PDF
Print View
Feedback
search filter icon
search icon

Document Information

Preface

Part I Network Services Topics

1.  Network Service (Overview)

2.  Managing Web Cache Servers

3.  Time-Related Services

Part II Accessing Network File Systems Topics

4.  Managing Network File Systems (Overview)

5.  Network File System Administration (Tasks)

Automatic File System Sharing

How to Set Up Automatic File-System Sharing

How to Enable WebNFS Access

How to Enable NFS Server Logging

Mounting File Systems

How to Mount a File System at Boot Time

How to Mount a File System From the Command Line

Mounting With the Automounter

How to Mount All File Systems from a Server

How to Disable Large Files on an NFS Server

How to Use Client-Side Failover

How to Disable Mount Access for One Client

How to Mount an NFS File System Through a Firewall

How to Mount an NFS File System Using an NFS URL

Setting up a DNS Record for a Federated File System Server

Setting Up NFS Services

How to Start the NFS Services

How to Stop the NFS Services

How to Start the Automounter

How to Stop the Automounter

How to Select Different Versions of NFS on a Server

How to Select Different Versions of NFS on a Client

How to Use the mount Command to Select Different Versions of NFS on a Client

Administering the Secure NFS System

How to Set Up a Secure NFS Environment With DH Authentication

WebNFS Administration Tasks

Planning for WebNFS Access

How to Browse Using an NFS URL

How to Enable WebNFS Access Through a Firewall

Task Overview for Autofs Administration

Task Map for Autofs Administration

Using SMF Parameters to Configure Your Autofs Environment

How to Configure Your Autofs Environment Using SMF Parameters

Administrative Tasks Involving Maps

Modifying the Maps

How to Modify the Master Map

How to Modify Indirect Maps

How to Modify Direct Maps

Avoiding Mount-Point Conflicts

Accessing Non-NFS File Systems

How to Access CD-ROM Applications With Autofs

How to Access PC-DOS Data Diskettes With Autofs

Customizing the Automounter

Setting Up a Common View of /home

How to Set Up /home With Multiple Home Directory File Systems

How to Consolidate Project-Related Files Under /ws

How to Set Up Different Architectures to Access a Shared Namespace

How to Support Incompatible Client Operating System Versions

How to Replicate Shared Files Across Several Servers

How to Apply Autofs Security Restrictions

How to Use a Public File Handle With Autofs

How to Use NFS URLs With Autofs

Disabling Autofs Browsability

How to Completely Disable Autofs Browsability on a Single NFS Client

How to Disable Autofs Browsability for All Clients

How to Disable Autofs Browsability on a Selected File System

Administering NFS Referrals

How to Create and Access an NFS Referral

How to Remove an NFS Referral

Strategies for NFS Troubleshooting

NFS Troubleshooting Procedures

How to Check Connectivity on an NFS Client

How to Check the NFS Server Remotely

How to Verify the NFS Service on the Server

How to Restart NFS Services

Identifying Which Host Is Providing NFS File Service

How to Verify Options Used With the mount Command

Troubleshooting Autofs

Error Messages Generated by automount -v

Miscellaneous Error Messages

Other Errors With Autofs

NFS Error Messages

6.  Accessing Network File Systems (Reference)

Part III SLP Topics

7.  SLP (Overview)

8.  Planning and Enabling SLP (Tasks)

9.  Administering SLP (Tasks)

10.  Incorporating Legacy Services

11.  SLP (Reference)

Part IV Mail Services Topics

12.  Mail Services (Overview)

13.  Mail Services (Tasks)

14.  Mail Services (Reference)

Part V Serial Networking Topics

15.  Solaris PPP 4.0 (Overview)

16.  Planning for the PPP Link (Tasks)

17.  Setting Up a Dial-up PPP Link (Tasks)

18.  Setting Up a Leased-Line PPP Link (Tasks)

19.  Setting Up PPP Authentication (Tasks)

20.  Setting Up a PPPoE Tunnel (Tasks)

21.  Fixing Common PPP Problems (Tasks)

22.  Solaris PPP 4.0 (Reference)

23.  Migrating From Asynchronous Solaris PPP to Solaris PPP 4.0 (Tasks)

24.  UUCP (Overview)

25.  Administering UUCP (Tasks)

26.  UUCP (Reference)

Part VI Working With Remote Systems Topics

27.  Working With Remote Systems (Overview)

28.  Administering the FTP Server (Tasks)

29.  Accessing Remote Systems (Tasks)

Part VII Monitoring Network Services Topics

30.  Monitoring Network Performance (Tasks)

Glossary

Index

Administering the Secure NFS System

To use the Secure NFS system, all the computers that you are responsible for must have a domain name. Typically, a domain is an administrative entity of several computers that is part of a larger network. If you are running a name service, you should also establish the name service for the domain. See Oracle Solaris Administration: Naming and Directory Services.

Kerberos V5 authentication is supported by the NFS service. Chapter 19, Introduction to the Kerberos Service, in Oracle Solaris Administration: Security Services discusses the Kerberos service.

You can also configure the Secure NFS environment to use Diffie-Hellman authentication. Chapter 14, Using Authentication Services (Tasks), in Oracle Solaris Administration: Security Services discusses this authentication service.

How to Set Up a Secure NFS Environment With DH Authentication

  1. Assign your domain a domain name, and make the domain name known to each computer in the domain.
  2. Establish public keys and secret keys for your clients' users.

    Use the newkey or nisaddcred command. Have each user establish his or her own secure RPC password by using the chkey command.

    Note - For information about these commands, see the newkey(1M), the nisaddcred(1M), and the chkey(1) man pages.

    When public keys and secret keys have been generated, the public keys and encrypted secret keys are stored in the publickey database.

  3. Verify that the name service is responding.

    For example:

    • If you are running NIS, verify that the ypbind daemon is running.

  4. Verify that the keyserv daemon of the key server is running.

    Type the following command.

    # ps -ef | grep keyserv
root    100      1  16    Apr 11 ?        0:00 /usr/sbin/keyserv
root   2215   2211   5  09:57:28 pts/0    0:00 grep keyserv

    If the daemon is not running, start the key server by typing the following: 

    # /usr/sbin/keyserv
  5. Decrypt and store the secret key.

    Usually, the login password is identical to the network password. In this situation, keylogin is not required. If the passwords are different, the users have to log in, and then run keylogin. You still need to use the keylogin -r command as root to store the decrypted secret key in /etc/.rootkey.

    Note - You need to run keylogin -r if the root secret key changes or if /etc/.rootkey is lost.

  6. Set the security mode for the file system to be shared.

    For Diffie-Hellman authentication add the sec=dh option to the command line.

    # share -F nfs -o sec=dh /export/home

    For more information about security modes, see the nfssec(5) man page.

  7. Update the automounter maps for the file system.

    Edit the auto_master data to include sec=dh as a mount option in the appropriate entries for Diffie-Hellman authentication:

    /home    auto_home    -nosuid,sec=dh

    When you reinstall, move, or upgrade a computer, remember to save /etc/.rootkey if you do not establish new keys or change the keys for root. If you do delete /etc/.rootkey, you can always type the following: 

    # keylogin -r
Copyright © 2002, 2011, Oracle and/or its affiliates. All rights reserved. Legal Notices
Previous Next