z/OS Network File System Guide and Reference
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


NFS4ERR_WRONGSEC handling

z/OS Network File System Guide and Reference
SC23-6883-00

NFS servers fail an NFS request with NFS4ERR_WRONGSEC if the security policy on the mount point at the server's end does not allow the authentication flavor with which the request was issued. After receiving this error, the z/OS NFS client negotiates security with the NFS server by issuing a SECINFO operation to query the server-supported security flavors. The z/OS NFS client chooses a security flavor from the server supported flavors based on the order of preference specified in Mount point establishment and retries the failing request with this newly-chosen security flavor. This security flavor serves as the designated security flavor for all future accesses to that mount point.

The following should be noted with regards to Security Negotiation during NFS4ERR_WRONGSEC handling:

  1. On existing mount points and objects, the client only negotiates security when it is an upgrade to a more secure flavor. The order of flavors in the descending order of security that they provide is as follows:
    • krb5p
    • krb5i
    • krb5
    • sys
  2. For existing files, Security Negotiation is not done when datacaching is on for that file.
Parent topic: Protecting the file system on z/OS with the NFS V4 protocol

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014