Skip to main content
ONTAP commands
A newer release of this product is available.

vserver nfs kerberos interface modify

Suggest changes
PDFs

Modify the Kerberos configuration of an NFS server

Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

Description

The vserver nfs kerberos interface modify command modifies a Kerberos configuration for NFS. An NFS Kerberos configuration is associated with both a Vserver and a logical interface.

Parameters

-vserver <vserver name> - Vserver

This parameter specifies the Vserver associated with the NFS Kerberos configuration you want to modify.

-lif <text> - Logical Interface

This parameter specifies the name of the logical interface associated with the NFS Kerberos configuration you want to modify.

[-kerberos {enabled|disabled}] - Kerberos Enabled

This optional parameter specifies whether to enable or disable Kerberos for NFS on the specified Vserver and logical interface. If you specify a value of enable , you must also specify the -spn parameter. The command prompts you for a user name and password for a Kerberos principal in the same realm as the principal specified by the -spn parameter; this principal must have permission to create or modify the principal specified by the -spn parameter.

[-spn <text>] - Service Principal Name

This optional parameter specifies the service principal name (SPN) of the Kerberos configuration you want to modify. If you specify a value of enable for the -kerberos parameter, you must also specify this parameter. This value must be in the form nfs/host_name @REALM , where host_name is the fully qualified host name of the Kerberos server, nfs is the service, and REALM is the name of the Kerberos realm (for instance, EXAMPLE.COM). Specify Kerberos realm names in uppercase.

[-admin-username <text>] - Account Creation Username

This optional parameter specifies the administrator user name.

[-keytab-uri {(ftp|http|https)://(hostname|IPv4 Address|'['IPv6 Address']')…​}] - Load Keytab from URI

This optional parameter specifies loading a keytab file from the specified URI.

[-ou <text>] - Organizational Unit

This optional parameter specifies the organizational unit (OU) under which the Microsoft Active Directory server account will be created when you enable Kerberos using a realm for Microsoft KDC. If this parameter is not specified, the default OU is "CN=Computers".

[-machine-account <text>] - Machine Account Name

This optional parameter specifies the machine account to create in Active Directory

Examples

The following example enables an NFS Kerberos configuration on a Vserver named vs0 and a logical interface named datalif1. The SPN is nfs/sec.example.com@AUTH.SEC.EXAMPLE.COM and the keytab file is loaded from ftp://ftp.example.com/keytab.

vs1::> vserver nfs kerberos interface modify -vserver vs0 -lif datalif1
-kerberos enabled -spn nfs/sec.example.com@AUTH.SEC.EXAMPLE.COM -keytab-uri
 ftp://ftp.example.com/keytab