IBM manual Overview of the NFS/DFS Secure Gateway

Page 11
The Network File System (NFS) to DFS Secure Gateway provides a mechanism for granting authenticated access to the DFS filespace from an NFS client. The NFS/DFS Secure Gateway enables users to access data in the DFS filespace from a machine that is configured as an NFS client but not as a DCE client.
To use the NFS/DFS Secure Gateway for authenticated access to DFS, you must configure at least one Gateway Server machine. A Gateway Server machine must be a DFS client in the DCE cell to which access is to be provided. One function of a Gateway Server machine is to export the root of the DCE global namespace, /..., via NFS. Mount /... on each NFS client from which users are to access DFS to provide unauthenticated access to DFS.
The primary function of a Gateway Server machine is to provide DCE authentication to users of NFS clients. NFS users who have valid accounts in the registry database of the DCE cell authenticate to DCE to gain authenticated access to DFS. Depending on the needs of users and the security considerations of the DCE cell, you can provide local authentication to DCE from Gateway Server machines, remote authentication to DCE from NFS clients, or both. Local and remote authentication work as follows:
v Local authentication to DCE from Gateway Server machines is provided via the dfsgw add command. With local authentication, you can enable users to issue the dfsgw add command to authenticate themselves, or you can control access to DFS by allowing only system administrators to provide authentication via the dfsgw add command. (The dfsgw command suite includes additional commands to provide for central administration from Gateway Server machines.)
Local authentication requires little configuration, but it provides a limited approach to authentication. Configuration consists only of installing the dfsgw commands on Gateway Server machines. However, authentication requires either administrative intervention or remote access to the Gateway Server machine (via the telnet program, for example); the latter approach results in user passwords being sent over the network in the clear.
v Remote authentication to DCE from NFS clients can be provided via the dfs_login command, if the command is supplied by the NFS vendor. With remote authentication, users can issue the dfs_login command to authenticate themselves.
Remote authentication requires additional configuration, but it provides a less burdensome and more secure approach to authentication. Configuration consists of installing and configuring the Gateway Server (dfsgwd) process

Chapter 1. Overview of the NFS/DFS Secure Gateway

© Copyright IBM Corp. 1989, 1999

1

Image 11
Contents NFS/DFS Secure Gateway Guide and Reference Page NFS/DFS Secure Gateway Guide and Reference First Edition April Contents Page Purpose PrefaceAudience ApplicabilityConstant width Related DocumentsTypographic and Keying Conventions BoldReturn Ctrl- x orPage Overview of the NFS/DFS Secure Gateway DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Overview of the NFS/DFS Secure Gateway DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Configuring Gateway Server Machines DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Configuring the BOS Server Process Add the group subsys/dce/dfs-admin to the admin.bos file Configuring the Gateway Server Process Invoke the dcecp command $ dcecp Gateway Server process is now fully configured on the machine DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Configuring NFS Clients to Access DFS Configuring a Client and Enabling Remote Authentication Configuring a Client Without Enabling Remote AuthenticationDfslogout DfsloginDfsgw 438/udp dlog Unauthenticated Access to DFS Accessing DFS from an NFS ClientAuthenticated Access to DFS Authenticating to DCE from an NFS Client Hhostname Authenticating to DCE from a Gateway Server Machine Determining Whether a Specific User Is Authenticated to DCE Accessing DFS from an NFS Client DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Configuration File and Command Reference Bos getlog8dfs Dfsgwd8dfs DfsgwLog PurposeDescription Related InformationDfsgw delete Dfsgw PurposeOptions Dfsgw addDfsgw query $ dfsgw help command$ dfsgw command -help Dfsgw listRelated Information Remotehost name Dfsgw add PurposeSynopsis Sysname sysnamePrivileges Required Dfsgwdelete8dfs Dfsgwlist8dfs Dfsgwquery8dfs OutputExamples Topic string Dfsgw apropos PurposeDfsgw help8dfs Dfsgw delete Purpose Dfsgwadd8dfs Dfsgwlist8dfs Dfsgwquery8dfs $ dfsgw help list Dfsgw help PurposeDfsgw apropos8dfs Dfsgw list Purpose Dfsgwadd8dfs PrincipalDfsgwdelete8dfs Dfsgwquery8dfs Dfsgw query Purpose Dfsgwadd8dfs Dfsgwdelete8dfs Dfsgwlist8dfs Verbose Dfsgwd PurposeNodomains Description DfsgwLog4dfs Dcelocal/var/dfs/adm/DfsgwLogBos getlog8dfs Bosserver8dfs Dfsgw8dfs Special Characters IndexDFS for Solaris NFS/DFS Secure Gateway Guide and Reference First Edition April DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Trademarks DFS for Solaris NFS/DFS Secure Gateway Guide and Reference How satisfied are you that the information in this book is Readers’ Comments We’d Like to Hear from YouGC09-3993-00 Readers’ Comments We’d Like to Hear from YouPage Program Number NFS/DFS Secure Gateway Guide