nfsidmap [-v] [-t timeout] key desc
       nfsidmap [-v] [-c]
       nfsidmap [-v] [-u|-g|-r user]

       The  file  /usr/sbin/nfsidmap  is used by the NFS idmapper to translate
       user and group ids into names, and to translate user  and  group  names
       into ids. Idmapper uses request-key to perform the upcall and cache the
       result.  /usr/sbin/nfsidmap is called by  /sbin/request-key,  and  will
       perform  the translation and initialize a key with the resulting infor-

       nfsidmap can also used to clear the keyring of all the keys  or  revoke
       one particular key.  This is useful when the id mappings have failed to
       due to a lookup error resulting in all the cached uids/gids to  be  set
       to the user id nobody.

       -c     Clear the keyring of all the keys.

       -g user
              Revoke the gid key of the given user.

       -r user
              Revoke both the uid and gid key of the given user.

       -t timeout
              Set  the  expiration timer, in seconds, on the key.  The default
              is 600 seconds (10 mins).

       -u user
              Revoke the uid key of the given user.

       -v     Increases the verbosity of the output to syslog (can  be  speci-
              fied multiple times).

       The   file   /etc/request-key.conf   will   need   to  be  modified  so
       /sbin/request-key can properly direct the upcall.  The  following  line
       should be added before a call to keyctl negate:

       create    id_resolver    *    *    /usr/sbin/nfsidmap -t 600 %k %d

       This   will   direct   all   id_resolver   requests   to   the  program
       /usr/sbin/nfsidmap.  The -t 600  defines  how  many  seconds  into  the
       future  the  key  will  expire.   This  is  an  optional  parameter for
       /usr/sbin/nfsidmap and will default to 600 seconds when not specified.

       The idmapper system uses four key descriptions:

              uid: Find the UID for the given user
              gid: Find the GID for the given group

       gram.  request-key will find the first matching line and run the corre-
       sponding  program.   In  this case, /some/other/program will handle all
       uid lookups, and /usr/sbin/nfsidmap will handle gid,  user,  and  group

       Bryan Schumaker, <>

                                1 October 2010                     nfsidmap(5)
Man Pages Copyright Respective Owners. Site Copyright (C) 1994 - 2017 Hurricane Electric. All Rights Reserved.