vserver nfs kerberos realm create
Create a Kerberos realm configuration
Availability: This command is available to cluster and Vserver administrators at the admin privilege level.
Description
The vserver nfs kerberos realm create
command creates a Kerberos realm configuration.
Parameters
-vserver <vserver name>
- Vserver-
This parameter specifies the Vserver associated with the Kerberos realm configuration that you want to create.
-realm <text>
- Kerberos Realm-
This parameter specifies the name of the Kerberos realm for the configuration.
-kdc-vendor <Kerberos Key Distribution Center (KDC) Vendor>
- KDC Vendor-
This optional parameter specifies the KDC vendor. Specify Microsoft if you are using a Microsoft Active Directory server; specify Other if you are using a UNIX server.
-kdc-ip <IP Address>
- KDC IP Address-
This optional parameter specifies the IP address of the Kerberos Distribution Center (KDC) server.
[-kdc-port <integer>]
- KDC Port-
This optional parameter specifies the port number of the KDC server. The default setting is 88.
[-clock-skew <integer>]
- Clock Skew-
This optional parameter specifies how many minutes of clock skew between the clients and the server are permitted. The default setting is 5 minutes.
[-adserver-name <text>]
- Active Directory Server Name-
This optional parameter specifies the name of an Active Directory server for the configuration. Use this parameter only if you specified the value of
-kdc-vendor
parameter as Microsoft. [-adserver-ip <IP Address>]
- Active Directory Server IP Address-
This optional parameter specifies the IP address of an Active Directory server for the configuration. Use this parameter only if you specified the value of the
-kdc-vendor
parameter as Microsoft. [-comment <text>]
- Comment-
This optional parameter specifies a comment for the Kerberos realm configuration.
[-adminserver-ip <IP Address>]
- Admin Server IP Address-
This optional parameter specifies the IP address of the administrative server. Use this parameter only if you specified the value of
-kdc-vendor
parameter as Other. The default setting for this parameter is the KDC server's IP address as specified by the-kdc-ip
parameter. [-adminserver-port <integer>]
- Admin Server Port-
This optional parameter specifies the port number of the administrative server. The default setting is 749. Use this parameter only if you specified the value of
-kdc-vendor
parameter as Other. [-passwordserver-ip <IP Address>]
- Password Server IP Address-
This optional parameter specifies the IP address of the password server. Use this parameter only if you specified the value of
-kdc-vendor
parameter as Other. The default setting for this parameter is the KDC server's IP address as specified by the-kdc-ip
parameter. [-passwordserver-port <integer>]
- Password Server Port-
This optional parameter specifies the port number of the password server. The default setting is 464. Use this parameter only if you specified the value of
-kdc-vendor
parameter as Other.
Examples
The following example creates a Kerberos realm named SEC.EXAMPLE.COM for the Vserver named AUTH. The permitted clock skew is 15 seconds. The KDC's IP address is 192.0.2.170 and its port is 88. The KDC vendor is Other (for a UNIX KDC). The administrative server's IP address is 192.0.2.170 and its port is 749. The password server's IP address is 192.0.2.170 and its port is 464.
cluster1::> vserver nfs kerberos realm create -vserver AUTH -realm SEC.EXAMPLE.COM -clock-skew 15 -kdc-ip 192.0.2.170 -kdc-port 88 -kdc-vendor Other -adminserver-ip 192.0.2.170 -adminserver-port 749 -passwordserver-ip 192.0.2.170 -passwordserver-port 464