nfsidmap can also used to clear the keyring of all the keys or revoke one particular key. This is useful when the id mappings have failed to due to a lookup error resulting in all the cached uids/gids to be set to the user id nobody.
create id_resolver * * /usr/sbin/nfsidmap -t 600 %k %d
This will direct all id_resolver requests to the program /usr/sbin/nfsidmap. The -t 600 defines how many seconds into the future the key will expire. This is an optional parameter for /usr/sbin/nfsidmap and will default to 600 seconds when not specified.
The idmapper system uses four key descriptions:
uid: Find the UID for the given user
gid: Find the GID for the given group
user: Find the user name for the given UID
group: Find the group name for the given GID
You can choose to handle any of these individually, rather than using the generic upcall program. If you would like to use your own program for a uid lookup then you would edit your request-key.conf so it looks similar to this:
create id_resolver uid:* * /some/other/program %k %d
create id_resolver * * /usr/sbin/nfsidmap %k %d
Notice that the new line was added above the line for the generic program. request-key will find the first matching line and run the corresponding program. In this case, /some/other/program will handle all uid lookups, and /usr/sbin/nfsidmap will handle gid, user, and group lookups.