osx man page for ncdestroy

Osx Man Pages All Man Pages Latest Topics Forum Categories

Query: ncdestroy

OS: osx

Section: 1

Format: Original Unix Latex Style Formatted with HTML and a Horizontal Scroll Bar

NCDESTROY(1)						    BSD General Commands Manual 					      NCDESTROY(1)


NAME

     ncdestroy -- Destroy kernel NFS credentials


SYNOPSIS

     ncdestroy [-v] [-P] [path [path...]]


DESCRIPTION

     ncdestroy invalidates the caller's kernel GSS credentials for any of the specified path's associated NFS mounts.  If no paths are specified
     then all the caller's associated credentials for all NFS file systems are destroyed.

     When a nfs file system is mounted using a GSS mechanism (currently only Kerberos is supported) through the ``sec='' option or by the export
     specified on the server, the resulting session context is stored in a table for each mount. If the user decides to finish his or her session
     or chooses to use a different credential, then ncdestroy can be called to invalidate those credentials in the kernel. New credentials can be
     obtain (typically by calling kinit) and those credentials can be used when accessing the mount.

     The options are as follows:

     -v      Be verbose and show what file system is being operated on and any resulting errors.

     -P      If the trailing component resolves to a symbolic link do not resolve the link but use the current path to determine any associate NFS
	     file system.


EXAMPLES

     If leaving for the day:

      $ kdestroy -A
      $ ncdestroy

     Lets say a user does

      $ kinit user@FOO.COM

     And through the automounter access a path /Network/Serves/someserver/Sources/foo/bar where the mount of /Network/Servers/some-
     server/Sources/foo was done with user@FOO.COM.

      $ cat /Network/Servers/someserver/Sources/foo/bar
      cat: /Network/Servers/someserver/Sources/foo/bar: Permission denied

     The user realizes that in order to have access on the server his identity should be user2@BAR.COM. So:

      $ kdestroy -A
      $ kinit user2@BAR.COM
      $ ncdestroy /Network/Servers/someserver/Sources/foo

     Now the local user can access bar


NOTES

     In the above example the user destroyed all credentials so the only credential to choose was new credential user2@BAR.COM. However, if
     accessing the server with user@FOO.COM was done by getting a cross realm TGT to obtain the service ticket nfs/some.server.fqdn@BAR.COM, then
     it won't be necessary to use kdestroy. The GSS infrastructure will prefer to use credentials in the same realm as the service.


DIAGNOSTICS

     The ncdestroy command will exit with 1 if any of the supplied paths don't exist. If all paths exist or no paths are given the exit status
     will be 0.


SEE ALSO

     kinit(1), kdestroy(1), mount_nfs(8)


BUGS

     There should be an option to kdestroy to destroy cached nfs contexts.


BSD
								 December 10, 2012							       BSD
Related Man Pages
ncinit(1) - mojave
ncdestroy(1) - osx
kdestroy(1) - x11r4
kdestroy(1) - xfree86
kdestroy(1) - bsd
Similar Topics in the Unix Linux Community
iptables, ftp
AIX NIM backup with Firewall
Evaluate the value of a variable?
kinit
sed behaving oddly, repeats lines