System Administration Guide: Resource Management and Network Services

NFS Client Failover

Dynamic failover of read-only file systems was added in the Solaris 2.6 release. Failover provides a high level of availability for read-only resources that are already replicated, such as man pages, other documentation, and shared binaries. Failover can occur anytime after the file system is mounted. Manual mounts can now list multiple replicas, much like the automounter in previous releases. The automounter has not changed, except that failover need not wait until the file system is remounted. See "How to Use Client-Side Failover" and "Client-Side Failover" for more information.

Kerberos Support for the NFS Service

Support for Kerberos V4 clients was included in the Solaris 2.0 release. In the 2.6 release, the mount and share commands were altered to support NFS version 3 mounts that use Kerberos V5 authentication. Also, the share command was changed to enable multiple authentication flavors for different clients. See "RPCSEC_GSS Security Flavor" for more information about changes that involve security flavors. See "Configuring SEAM NFS Servers" in System Administration Guide: Security Services for information about Kerberos V5 authentication.

WebNFS Support

The Solaris 2.6 release also included the ability to make a file system on the Internet accessible through firewalls, using an extension to the NFS protocol. One of the advantages to using the WebNFS™ protocol for Internet access is its reliability. The service is built as an extension of the NFS version 3 and version 2 protocol. Also, an NFS server provides greater throughput under a heavy load than Hypertext Transfer protocol (HTTP) access to a Web server. This throughput can decrease the amount of time that is required to retrieve a file. In addition, the WebNFS implementation provides the ability to share these files without the administrative overhead of an anonymous ftp site. See "Security Negotiation for the WebNFS Service" for a description of more changes that are related to the WebNFS service. See "WebNFS Administration Tasks" for more task information.

RPCSEC_GSS Security Flavor

A security flavor, called RPCSEC_GSS, is supported in the Solaris 7 release. This flavor uses the standard GSS-API interfaces to provide authentication, integrity, and privacy, as well as enabling support of multiple security mechanisms. See "Kerberos Support for the NFS Service" for more information about support of Kerberos V5 authentication. See GSS-API Programming Guide for more information about GSS-API.

Solaris 7 Extensions for NFS Mounting

The Solaris 7 release includes extensions to the mount command and automountd command that enable the mount request to use the public file handle instead of the MOUNT protocol. The MOUNT protocol is the same access method that the WebNFS service uses. By circumventing the MOUNT protocol, the mount can occur through a firewall. In addition, because fewer transactions need to occur between the server and client, the mount should occur faster.

The extensions also enable NFS URLs to be used instead of the standard path name. Also, you can use the public option with the mount command and the automounter maps to force the use of the public file handle. See "WebNFS Support" for more information about changes to the WebNFS service.

Security Negotiation for the WebNFS Service

A new protocol has been added to enable a WebNFS client to negotiate a security mechanism with an NFS server in the Solaris 8 release. This protocol provides the ability to use secure transactions when using the WebNFS service. See "How WebNFS Security Negotiation Works" for more information.

NFS Server Logging

In the Solaris 8 release, NFS server logging enables an NFS server to provide a record of file operations that have been performed on its file systems. The record includes information to track what is accessed, when it is accessed, and who accessed it. You can specify the location of the logs that contain this information through a set of configuration options. You can also use these options to select the operations that should be logged. This feature is particularly useful for sites that make anonymous FTP archives available to NFS and WebNFS clients. See "How to Enable NFS Server Logging" for more information.

Autofs Features

Autofs works with file systems that are specified in the local name space. This information can be maintained in NIS, NIS+, or local files.

A fully multithreaded version of automountd was included in the Solaris 2.6 release. This enhancement makes autofs more reliable and enables concurrent servicing of multiple mounts, which prevents the service from hanging if a server is unavailable.

The new automountd also provides better on-demand mounting. Previous releases would mount an entire set of file systems if they were hierarchically related. Now only the top file system is mounted. Other file systems that are related to this mount point are mounted when needed.

The autofs service supports browsability of indirect maps. This support enables a user to see what directories could be mounted, without having to actually mount each one of the file systems. A -nobrowse option has been added to the autofs maps, so that large file systems, such as /net and /home, are not automatically browsable. Also, you can turn off autofs browsability on each client by using the -n option with automount. See "Disabling Autofs Browsability" for more information.


14. Managing Network File Systems (Overview) Features of the NFS Service NFS Large File Support


	NFS Client Failover Dynamic failover of read-only file systems was added in the Solaris 2.6 release. Failover provides a high level of availability for read-only resources that are already replicated, such as man pages, other documentation, and shared binaries. Failover can occur anytime after the file system is mounted. Manual mounts can now list multiple replicas, much like the automounter in previous releases. The automounter has not changed, except that failover need not wait until the file system is remounted. See "How to Use Client-Side Failover" and "Client-Side Failover" for more information. Kerberos Support for the NFS Service Support for Kerberos V4 clients was included in the Solaris 2.0 release. In the 2.6 release, the `mount` and `share` commands were altered to support NFS version 3 mounts that use Kerberos V5 authentication. Also, the `share` command was changed to enable multiple authentication flavors for different clients. See "RPCSEC_GSS Security Flavor" for more information about changes that involve security flavors. See "Configuring SEAM NFS Servers" in System Administration Guide: Security Services for information about Kerberos V5 authentication. WebNFS Support The Solaris 2.6 release also included the ability to make a file system on the Internet accessible through firewalls, using an extension to the NFS protocol. One of the advantages to using the WebNFS™ protocol for Internet access is its reliability. The service is built as an extension of the NFS version 3 and version 2 protocol. Also, an NFS server provides greater throughput under a heavy load than Hypertext Transfer protocol (HTTP) access to a Web server. This throughput can decrease the amount of time that is required to retrieve a file. In addition, the WebNFS implementation provides the ability to share these files without the administrative overhead of an anonymous `ftp` site. See "Security Negotiation for the WebNFS Service" for a description of more changes that are related to the WebNFS service. See "WebNFS Administration Tasks" for more task information. RPCSEC_GSS Security Flavor A security flavor, called RPCSEC_GSS, is supported in the Solaris 7 release. This flavor uses the standard GSS-API interfaces to provide authentication, integrity, and privacy, as well as enabling support of multiple security mechanisms. See "Kerberos Support for the NFS Service" for more information about support of Kerberos V5 authentication. See GSS-API Programming Guide for more information about GSS-API. Solaris 7 Extensions for NFS Mounting The Solaris 7 release includes extensions to the `mount` command and `automountd` command that enable the mount request to use the public file handle instead of the MOUNT protocol. The MOUNT protocol is the same access method that the WebNFS service uses. By circumventing the MOUNT protocol, the mount can occur through a firewall. In addition, because fewer transactions need to occur between the server and client, the mount should occur faster. The extensions also enable NFS URLs to be used instead of the standard path name. Also, you can use the `public` option with the `mount` command and the automounter maps to force the use of the public file handle. See "WebNFS Support" for more information about changes to the WebNFS service. Security Negotiation for the WebNFS Service A new protocol has been added to enable a WebNFS client to negotiate a security mechanism with an NFS server in the Solaris 8 release. This protocol provides the ability to use secure transactions when using the WebNFS service. See "How WebNFS Security Negotiation Works" for more information. NFS Server Logging In the Solaris 8 release, NFS server logging enables an NFS server to provide a record of file operations that have been performed on its file systems. The record includes information to track what is accessed, when it is accessed, and who accessed it. You can specify the location of the logs that contain this information through a set of configuration options. You can also use these options to select the operations that should be logged. This feature is particularly useful for sites that make anonymous FTP archives available to NFS and WebNFS clients. See "How to Enable NFS Server Logging" for more information. Autofs Features Autofs works with file systems that are specified in the local name space. This information can be maintained in NIS, NIS+, or local files. A fully multithreaded version of `automountd` was included in the Solaris 2.6 release. This enhancement makes autofs more reliable and enables concurrent servicing of multiple mounts, which prevents the service from hanging if a server is unavailable. The new `automountd` also provides better on-demand mounting. Previous releases would mount an entire set of file systems if they were hierarchically related. Now only the top file system is mounted. Other file systems that are related to this mount point are mounted when needed. The autofs service supports browsability of indirect maps. This support enables a user to see what directories could be mounted, without having to actually mount each one of the file systems. A `-nobrowse` option has been added to the autofs maps, so that large file systems, such as `/net` and `/home`, are not automatically browsable. Also, you can turn off autofs browsability on each client by using the `-n` option with `automount`. See "Disabling Autofs Browsability" for more information.