nfs.krb events

Contributors

nfs.krb.lif.disabled

Severity

ALERT

Description

This message occurs when a Kerberos-enabled LIF in a Vserver shares NFS Kerberos credentials with a LIF in another Vserver. NFS Kerberos is automatically disabled by Data ONTAP® on LIFs that share Kerberos credentials across Vservers, because of the security violation this causes. Disabling Kerberos on a LIF can cause service disruption to NFS clients that use these LIFs, mounted using the '-sec=krb5' option.

Corrective Action

NFS Kerberos has been automatically disabled by Data ONTAP on the LIF because it shared Kerberos credentials with another Vserver, causing a security violation. NFS Kerberos can be reenabled using the command: "vserver nfs kerberos interface enable". During the reenable process, Kerberos credential sharing across Vservers is disallowed.

Syslog Message

NFS Kerberos disabled on LIF "%s" with SPN "%s" for Vserver "%s" due to a security conflict with another Vserver. NFS Kerberos can be reenabled using the command: "vserver nfs kerberos interface enable".

Parameters

lif (STRING): Name of the LIF on which NFS Kerberos is disabled.
spn (STRING): The service principal name associated with the LIF.
vserver (STRING): Name of the Vserver that owns the LIF.