System Administration Guide, Volume 2

How to Create a Credential Table

The gsscred credential table is used by an NFS server to map SEAM principals to a UID. In order for NFS clients to be able to mount file systems from an NFS server using Kerberos authentication, this table must be created or made available.

  1. Become superuser on the appropriate server.

    Which server you run this command from and under what ID you run the command depends on the back-end mechanism that has been selected to support the gsscred table. For all mechanisms except xfn_nisplus, you must become root.

    If Your Back-end Mechanism Is ... 

    Then .... 

    files

    Run on the NFS server. 

    xfn

    Select host based on the default xfn file setting.

    xfn_files

    Run on the NFS server. 

    xfn_nis

    Run on the NIS master. 

    xfn_nisplus

    Run anywhere as long as the permissions to change the NIS+ data are in place.  

  2. (Optional) If /var/fn does not exist and you want to use one of the xfn options, create an initial XFN database.


    # fnselect files
    # fncreate -t org -o org//
    
  3. Create the credential table using gsscred.

    The command gathers information from all of the sources listed with the passwd entry in /etc/nsswitch.conf. You might need to temporarily remove the files entry, if you do not want the local password entries included in the credential table. See the gsscred(1M) man page for more information.


    # gsscred -m kerberos_v5 -a