Enabling Kerberos on a data LIF
You can use the vserver nfs kerberos interface enable command to enable Kerberos on a data LIF. This enables the SVM to use Kerberos security services for NFS.
About this task
If you are using an Active Directory KDC, the first 15 characters of any SPNs used must be unique across SVMs within a realm or domain.
Example
The following command creates and verifies an NFS Kerberos configuration for the SVM named vs1 on the logical interface ves03-d1, with the SPN nfs/ves03-d1.lab.example.com@TEST.LAB.EXAMPLE.COM in the OU lab2ou:
vs1::> vserver nfs kerberos interface enable -lif ves03-d1 -vserver vs2
-spn nfs/ves03-d1.lab.example.com@TEST.LAB.EXAMPLE.COM -ou "ou=lab2ou"
vs1::>vserver nfs kerberos-config show
Logical
Vserver Interface Address Kerberos SPN
------- --------- ------- --------- -------------------------------
vs0 ves01-a1
10.10.10.30 disabled -
vs2 ves01-d1
10.10.10.40 enabled nfs/ves03-d1.lab.example.com@TEST.LAB.EXAMPLE.COM
2 entries were displayed.
Give documentation feedback