Provided by: openafs-client_1.8.12.1-1_amd64 
NAME
fs_nukenfscreds - Discard NFS translator tokens
SYNOPSIS
fs nukenfscreds -addr <host>
[-help]
fs nu -a <host>
[-h]
DESCRIPTION
When using the NFS translator, it is possible for clients to supply AFS tokens that the NFS translator
will use for NFS-originating accesses from a specific host and uid. The fs nukenfscreds command, when run
on the translator host, will destroy all tokens for all uids for a specific NFS client host. After this
command is run successfully, all accesses for all users from that host will be unauthenticated until they
provide AFS tokens again.
This command can be useful in the following scenario. Say you have an NFS client machine accessing a
translator, and the machine is decommissioned, and a new machine is brought up with the same IP. If there
are credentials associated with certain uids from that host, it is possible that accesses from the new
host will use the same credentials from the old host, even if they haven't authenticated. With the
fs_nukenfscreds command, you can destroy all credentials associated with the machine when it is
decommissioned, ensuring that that situation cannot occur.
OPTIONS
-addr <host>
Specifies which host to invalidate tokens for. Specify either a resolvable host name or an IP
address.
-help
Prints the online help for this command. All other valid options are ignored.
OUTPUT
If the specified tokens were destroyed successfully, no output is generated.
EXAMPLES
The following example destroys credentials from all PAGs for the NFS translator client host
198.51.100.20:
% fs nukenfscreds -addr 198.51.100.20
PRIVILEGE REQUIRED
The issuer must be logged in as the local superuser "root".
SEE ALSO
fs_exportafs(1), klog(1), knfs(1)
COPYRIGHT
Copyright 2013 Sine Nomine Associates
This documentation is covered by the BSD License as written in the doc/LICENSE file. This man page was
written by Andrew Deason for OpenAFS.
OpenAFS 2024-08-22 FS_NUKENFSCREDS(1)