chnfssec Command
Purpose
Changes the default security flavor used by the network file system (NFS) client.
Syntax
Description
The chnfssec command administers the default security flavors used by the NFS client. These defaults are stored in the /etc/nfs/security_default file. Use the chnfssec command (without flags) to list the current security flavors. The /etc/nfs/security_default file must exist for the chnfssec command to list or remove security flavors. Otherwise, the chnfssec command fails, and returns an error.
sys UNIX style (uids, gids)
dh DES style (encrypted timestamps)
krb5 Kerberos 5, no integrity or privacy
krb5i Kerberos 5, with integrity
krb5p Kerberos 5, with privacy Flags
| Item | Description |
|---|---|
| -a | Sets a new list of security flavors. |
| -r | Removes a set of security flavors. |
Parameters
| Item | Description |
|---|---|
| comma-separated-list | sys, dh, krb5, krb5i, krb5p are the available flavors. |
Security
Users must have root authority to use the chnfssec command.
Attention RBAC users and Trusted AIX® users: This command can perform privileged operations. Only privileged users can run privileged operations. For more information about authorizations and privileges, see Privileged Command Database in Security. For a list of privileges and the authorizations associated with this command, see the lssecattr command or the getcmdattr subcommand.
Examples
- To add a list of security flavors, type:
This command tells the NFS client to first use krb5, then krb5i, and lastly sys security.chnfssec -a krb5,krb5i,sys - To remove a security flavor, type the following:
This command removes krb5 and sys from the list of security flavors the NFS client will use.chnfssec -r krb5,sys
Files
| Item | Description |
|---|---|
| /etc/nfs/security_default | Stores the default NFS security flavors. |