Provided by: openafs-client_1.8.2-1ubuntu0.1_amd64 bug


       fs_nukenfscreds - Discard NFS translator tokens


       fs nukenfscreds -addr <host>

       fs nu -a <host>


       When using the NFS translator, it is possible for clients to supply AFS tokens that the
       NFS translator will use for NFS-originating accesses from a specific host and uid. The fs
       nukenfscreds command, when run on the translator host, will destroy all tokens for all
       uids for a specific NFS client host. After this command is run successfully, all accesses
       for all users from that host will be unauthenticated until they provide AFS tokens again.

       This command can be useful in the following scenario. Say you have an NFS client machine
       accessing a translator, and the machine is decommissioned, and a new machine is brought up
       with the same IP. If there are credentials associated with certain uids from that host, it
       is possible that accesses from the new host will use the same credentials from the old
       host, even if they haven't authenticated. With the fs_nukenfscreds command, you can
       destroy all credentials associated with the machine when it is decommissioned, ensuring
       that that situation cannot occur.


       -addr <host>
           Specifies which host to invalidate tokens for. Specify either a resolvable host name
           or an IP address.

           Prints the online help for this command. All other valid options are ignored.


       If the specified tokens were destroyed successfully, no output is generated.


       The following example destroys credentials from all PAGs for the NFS translator client

          % fs nukenfscreds -addr


       The issuer must be logged in as the local superuser "root".


       fs_exportafs(1), klog(1), knfs(1)


       Copyright 2013 Sine Nomine Associates

       This documentation is covered by the BSD License as written in the doc/LICENSE file. This
       man page was written by Andrew Deason for OpenAFS.