z/OS Network File System Guide and Reference
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Using UNIX style credentials for authentication

z/OS Network File System Guide and Reference
SC23-6883-00

Authentication is the process of verifying the identity of a client system. This ensures that one client system cannot masquerade as another client system (perhaps with a different set of privileges). Client systems are identified by a set of credentials and authenticated with verification information passed in messages sent to server systems. There are several different conventions for exchanging authentication information in the NFS protocol, including these credentials:
  • Null
  • UNIX style
  • DES-style
  • Other, user written

The z/OS NFS server supports the System Authentication flavor of the RPC protocol that employs the UNIX style credentials for all supported NFS protocol versions. For the NFS version 4 protocol, the z/OS NFS server also supports the RPCSEC_GSS authentication flavor, which employs GSS credentials. For its RPCSEC_GSS authentication support, the z/OS NFS server only supports the Kerberos V5 security mechanism.

The z/OS NFS client utilizes z/OS UNIX-socket-enabled RPCs to communicate with remote z/OS NFS servers over a TCP/IP network. The credential includes the user ID (UID), group ID (GID), and a list of GIDs to which the user belongs. z/OS NFS supports all GID groups specified in the GID group list, which extends support beyond the 16 GID group restriction of the UNIX style AUTH_SYS authentication flavor. As of V1R11 the z/OS NFS Client also supports the RPCSEC_GSS authentication flavor.

Parent topic: Protecting your programs and files

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014