From e96803d22a7393e280dc206b7db6b008a78f0643 Mon Sep 17 00:00:00 2001 From: Andrew Deason Date: Sat, 19 Oct 2013 16:12:03 -0400 Subject: [PATCH] doc: Add 'fs nukenfscreds' manpage Change-Id: I51c6cd56f463e10ab51adf20a0cf8505e3361326 Reviewed-on: http://gerrit.openafs.org/10414 Reviewed-by: Derrick Brashear Tested-by: Derrick Brashear --- doc/man-pages/pod1/fs_nukenfscreds.pod | 80 ++++++++++++++++++++++++++ 1 file changed, 80 insertions(+) create mode 100644 doc/man-pages/pod1/fs_nukenfscreds.pod diff --git a/doc/man-pages/pod1/fs_nukenfscreds.pod b/doc/man-pages/pod1/fs_nukenfscreds.pod new file mode 100644 index 000000000..089843280 --- /dev/null +++ b/doc/man-pages/pod1/fs_nukenfscreds.pod @@ -0,0 +1,80 @@ +=head1 NAME + +fs_nukenfscreds - Discard NFS translator tokens + +=head1 SYNOPSIS + +=for html +
+ +B S<<< B<-addr> > >>> + [B<-help>] + +B S<<< B<-a> > >>> + [B<-h>] + +=for html +
+ +=head1 DESCRIPTION + +When using the NFS translator, it is possible for clients to supply AFS tokens +that the NFS translator will use for NFS-originating accesses from a specific +host and uid. The B command, when run on the translator host, +will destroy all tokens for all uids for a specific NFS client host. After this +command is run successfully, all accesses for all users from that host will be +unauthenticated until they provide AFS tokens again. + +This command can be useful in the following scenario. Say you have an NFS +client machine accessing a translator, and the machine is decommissioned, and a +new machine is brought up with the same IP. If there are credentials associated +with certain uids from that host, it is possible that accesses from the new +host will use the same credentials from the old host, even if they haven't +authenticated. With the B command, you can destroy all +credentials associated with the machine when it is decommissioned, ensuring +that that situation cannot occur. + +=head1 OPTIONS + +=over 4 + +=item B<-addr> > + +Specifies which host to invalidate tokens for. Specify either a resolvable host +name or an IP address. + +=item B<-help> + +Prints the online help for this command. All other valid options are +ignored. + +=back + +=head1 OUTPUT + +If the specified tokens were destroyed successfully, no output is generated. + +=head1 EXAMPLES + +The following example destroys credentials from all PAGs for the NFS translator +client host 198.51.100.20: + + % fs nukenfscreds -addr 198.51.100.20 + +=head1 PRIVILEGE REQUIRED + +The issuer must be logged in as the local superuser C. + +=head1 SEE ALSO + +L, +L, +L + +=head1 COPYRIGHT + +Copyright 2013 Sine Nomine Associates + +This documentation is covered by the BSD License as written in the +doc/LICENSE file. This man page was written by Andrew Deason for +OpenAFS. -- 2.39.5