 |
» |
|
|
|
|  | |
Network File System (NFS) provides transparent access to files
on the network. An NFS server makes a directory available to other
hosts on the network by “sharing” the directory. An
NFS client provides access to the NFS server's directory by “mounting” the directory.
To users on the NFS client, the directory appears as a part of the
local file system. Summary
of Change | |
What’s
New for Customers Migrating from HP-UX 11i v1 September 2005?Features: NFS
Version 4 Protocol is supported on both the client and server. Note:
NFSv4 server Delegation is disabled by default. If enabled, access
is not provided to the shared file system. The nfsmapid feature that maps NFS Version 4 owner and owner_group identification attributes to/from local UID and GID
numbers is supported. Mapping domain is the DNS domain, but it can
be set to a different domain by modifying the /etc/default/nfs file. Additional security mechanisms,
such as Secure RPC that supports Kerberos through GSSAPI, are now
supported. GSSAPI supports Kerberos, Kerberos with Integrity, and
Kerberos with Privacy. The share command can now export file systems with multiple security
modes. The mount command now enables you to specify the security mode. NFS Access using a Firewall
is now supported. The share command, used to share directories with NFS clients,
replaces the exportfs command. The exportfs command is now a script that calls the share command for the NFS file type. NFS mount supports client
side failover on read-only mounted filesystems. NFS mount accepts
an NFS URL defined by RFC 2224 or an IPv4 or an IPv6 address where
square brackets enclose the IPv6 address. The nsquery feature supports ipnodes lookup request and provides support to lookup IPv6 data
in the backend libraries. Manipulation and viewing
of ACLs over an NFS mount point is supported and ACL manipulation
does not fail (ENOSUP) over an NFS mount
point. The adb tool is replaced by the kctune tool for manipulating the NFS kernel variables.
Commands: The
spray command provides the following new command options: -d and
-t. The -d option specifies the
time interval in microseconds before the next packet is sent. The
-t option specifies the class of transports. The NFS environment configuration
command (setoncenv) displays all NFS configuration variables, NFS public
and private kctune variables, and subsystem specific variables.
It can modify the contents of the following files: /etc/default/nfs, /etc/default/autofs, /etc/default/keyserv, /etc/default/nfslogd, /etc/rc.config.d/nfsconf, and /etc/rc.config.d/namesvrs.
Daemons: The
pcnfsd daemon is multi-threaded and supports shadow password
and Secure RPC. The pcnfsd protocol limits username entries to 32 characters and
client hostname entries to 64 characters in wtmps database, and printer names to 64 characters. All successful
authentication requests are logged in the wtmps database. A new user mode daemon,
gssd, generates and validates API security tokens, and maps
the GSSAPI principal names to the local user and group ids. The biod daemon is removed from the system. Asynchronous I/O is now handled
through kernel threads per mount point instead of by the biod daemon. A single nfsd process runs on the system where NFS is enabled. The
nfsd daemon is now multi-threaded. The lockd daemon is now a threaded kernel daemon and its port number
is fixed at 4045. The mountd and statd daemons are now threaded and can be configured to support
a fixed port number for the RPC transport endpoint. The NFS Authentication service
is added to the mountd daemon, and the service sets the access rights of the
client attempting to access the NFS server. A new daemon, nfslogd, supports operational logging to the NFS server. It generates
the activity log by analyzing RPC operations processed by the NFS server.
This daemon is not enabled by default. The nfs4cbd daemon provides support for the NFSv4 Delegation feature. keyserv daemon enhancements: The
keyserv daemon is now multi-threaded. When keyserv is started with the -D option to turn
on the debugging mode, a default log file (/var/nfs/keyserv.log) is created. Two new methods enable the use of default keys for
nobody: They are: a new option, -e and the default
parameter setting in the new /etc/default/keyserv file.
Files: A new
default configuration file for NFS services (/etc/default/nfs) contains the parameter values to set the default behavior
of various NFS commands and daemons in NFS Services. A new NFS security file (
/etc/nfssec.conf) provides a list of all valid and supported NFS security
modes. A new default configuration
file for keyserv (/etc/default/keyserv) contains the default parameter values to set the use
of default keys for nobody.
Impact | |
With the obsolescence
of NIS+ database, users must now configure an LDAP database to store
and retrieve keys. To use LDAP you must set the publickey entry
in /etc/nsswitch.conf to ldap. The /etc/exports file is replaced by /etc/dfs/dfstab. The format of /etc/dfs/dfstab is different from /etc/exports. If you have created a parser application for /etc/exports, use the exp2dfs tool to convert the /etc/exportfs file
to /etc/dfs/dfstab file. To access NFS through a firewall, you must either: Use the NFSv4
protocol and specify the opening port as 2049 and set the rpcbind port
as 111, or Configure a fixed port for
statd and mountd and
specify the opening port as 2049 and set the rpcbind port as 111,
or Use the configured fixed
port for mountd, statd and
specify 4045 as the port for lockd to support NFSv2 and NFSv3.
On systems where NFS is enabled,
customers will not see multiple nfsd processes running. The -l option
used with the lockd, mountd,
and statd daemons does not provide its original
functionality of overriding the default log file and is not supported.
If you specify the -l option with the mountd or
statd daemon, the option is ignored. The logfile
(mountd.log or statd.log) can now be found at the fixed location
/var/nfs/. If you specify the -l option with the
lockd daemon, the listen queue is set on
the lockd transport endpoint. Mounts with invalid options
are ignored with a warning message instead of an error. To use NFSv4, the nfsmapid daemon must be running on both the client and server. For the NFS client to support
NFSv4 Delegations, the nfs4cbd daemon must be running. If the new default NFS Services
configuration file is used instead of /etc/rc.config.d/nfsconf, the behavior of the NFS daemons remains the same regardless
of the way the daemons are started (script or command line). To use Secure NFS with Kerberos,
the gssd daemon must be running. The kctune tool helps you tune the NFS server and NFS client parameters.
Changes made to the parameters are persistent across a reboot, patch
installation, or kernel regeneration. If you have systems running
different versions of HP-UX in your network, you must start
rpc.lockd with the -C option
on all pre-HP-UX 11i v3 systems to ensure that consistency is maintained
on a client system when a file lock is cancelled.
Compatibility | |
In previous
releases, while creating a key pair for the remote host using newkey command,
you are prompted for the local root login password and hostname’s
root login password. With HP-UX 11i v3, you are prompted only for
the hostname’s root login password. In previous releases, while
creating a key pair for the local host using newkey command, you
are prompted for the local root login password and hostname’s
root login password. With HP-UX 11i v3, you are prompted only for
the local root login password. If you have an existing parser
application for the /etc/exports file, the application fails on HP-UX 11i v3 as the
/etc/exports file is not supported. The application can also fail
if the /etc/exports file is moved from a system running an older version
of HP-UX to a system running HP-UX 11i v3. Use the exp2dfs tool to convert the /etc/exports file to the /etc/dfs/dfstab file. Sharing an NFS file system
using the -rw option or the -ro option
can take a hostname for a parameter. If the -rw=hostname syntax is used and the NFS server uses
DNS, you must specify the fully qualified hostname or the clients
fails to mount the NFS server. An attempt to unmount a shared
local file system now returns an EBUSY error,
and the local file system remains mounted until all shared directories
within the local file system are unshared. During system startup and
shutdown, the behavior of the rpc.statd and
the rpc.lockd daemons is the same as in
earlier HP-UX releases. However, if you use the startup scripts
to start or stop the NFS client or NFS server, the statd or
lockd daemons are not stopped. Use the
lockmgr startup script to start or stop the statd or
lockd daemons.
Performance | |
The multi-threaded
pcnfsd daemon provides better performance.
However, memory consumption is impacted by the number of threads
created and the total number of threads and your system configuration. The multi-threaded keyserv provides
better performance. However, memory consumption is impacted by the
number of threads created and the total number of threads and your
system configuration.
Obsolescence | |
Trusted mode
support in pcnfsd, newkey, and chkey is
discontinued. The nisplus database type
as an option is discontinued in newkey, chkey, and keylogin commands, and getpublickey()/getsecretkey() function calls in libnsl. The -l option
used with lockd, mountd,
and statd daemons is deprecated in this release. The /etc/rc.config.d/nfsconf is obsoleted and replaced by the default NFS Services
Configuration (/etc/default/nfs) file. Use of adb tool to change values of kernel parameters is no longer
supported.
|
Printable version
