NFS V4 host authorization
Host authorization in an Network File System (NFS) context means controlling which NFS client hosts can mount exported directories from the NFS server. This is accomplished in AIX® with a combination of the /etc/exports file and the exportfs command.
NFS V4 has the security-related options as shown in the following table.
| Option | Description |
|---|---|
| vers | Controls which version NFS mounts you can use. Possible values
are 2, 3, and 4.
Versions 2 and 3 cannot be enforced separately. Specifying Version
2 or 3 allows access by clients using either NFS protocol Versions
2 or 3. Version 4 can be specified independently and must be specified
to allow access by clients using Version 4 protocol.The default value in NIM is 3. Valid values in NIM are 3 and 4. |
| sec | Controls which security methods can be used. Possible values
are:
The default value in NIM is sys. Valid values in NIM are sys and krb5. |
The sec option can appear more than once in the exports definition for a directory. This allows different access options, such as ro, rw, and root, to be specified for the different security options. For example, hosts using the sys security method might only be allowed read access, while hosts using the krb5 security method might be allowed read and write access.
Using NIM in NFS, there is a standard set of export options that you can use. You can also use user-defined options, but they require you to manage NFS exports for the directory or file system using the NFS export commands, such as mknfsexp, chnfsexp, and rmnfsexp. These export options are separate from NIM export options.