vserver nfs kerberos interface modify
Modify the Kerberos configuration of an NFS server
Availability: This command is available to cluster and Vserver administrators at the admin privilege level.
Description
The vserver nfs kerberos interface modify command modifies a Kerberos configuration for NFS. An NFS Kerberos configuration is associated with both a Vserver and a logical interface.
Parameters
- -vserver <vserver name> - Vserver
- This parameter specifies the Vserver associated with the NFS Kerberos configuration you want to modify.
- -lif <lif-name> - Logical Interface
- This parameter specifies the name of the logical interface associated with the NFS Kerberos configuration you want to modify.
- [-kerberos {enabled|disabled}] - Kerberos Enabled
- This optional parameter specifies whether to enable or disable Kerberos for NFS on the specified Vserver and logical interface. If you specify a value of enable, you must also specify the -spn parameter. The command prompts you for a user name and password for a Kerberos principal in the same realm as the principal specified by the -spn parameter; this principal must have permission to create or modify the principal specified by the -spn parameter.
- [-spn <text>] - Service Principal Name
- This optional parameter specifies the service principal name (SPN) of the Kerberos configuration you want to modify. If you specify a value of enable for the -kerberos parameter, you must also specify this parameter. This value must be in the form nfs/host_name@REALM, where host_name is the fully qualified host name of the Kerberos server, nfs is the service, and REALM is the name of the Kerberos realm (for instance, EXAMPLE.COM). Specify Kerberos realm names in uppercase.
- [-admin-username <text>] - Account Creation Username
- This optional parameter specifies the administrator user name.
- [-keytab-uri {(ftp|http)://(hostname|IPv4 Address|'['IPv6 Address']')...}] - Load Keytab from URI
- This optional parameter specifies loading a keytab file from the specified URI.
- [-ou <text>] - Organizational Unit
- This optional parameter specifies the organizational unit (OU) under which the Microsoft Active Directory server account will be created when you enable Kerberos using a realm for Microsoft KDC. If this parameter is not specified, the default OU is "CN=Computers".
- [-machine-account <text>] - Machine Account Name
- This optional parameter specifies the machine account to create in Active Directory
Examples
The following example enables an NFS Kerberos configuration on a Vserver named vs0 and a logical interface named datalif1. The SPN is nfs/sec.example.com@AUTH.SEC.EXAMPLE.COM and the keytab file is loaded from ftp://ftp.example.com/keytab.
vs1::> vserver nfs kerberos interface modify -vserver vs0 -lif datalif1
-kerberos enabled -spn nfs/sec.example.com@AUTH.SEC.EXAMPLE.COM -keytab-uri
ftp://ftp.example.com/keytab
Give documentation feedback