IBM NFS/DFS Secure Gateway manual Configuring Gateway Server Machines

Page 15

Chapter 2. Configuring Gateway Server Machines

A Gateway Server machine provides authenticated access to the DFS filespace to users on NFS clients. You can configure any machine that is configured as a DFS client and an NFS server as a Gateway Server. Following successful configuration, the machine provides authenticated access to the DFS filespace, and it exports the root of the DCE namespace, /..., via NFS.

You can configure multiple Gateway Server machines to provide DFS access from multiple sources. However, users do not randomly select Gateway Server machines from NFS clients. By default, users on an NFS client contact the Gateway Server machine that exports /... to the client. If you want to balance the load among multiple Gateway Servers, you must configure your NFS clients so that each client mounts /... on a particular Gateway Server machine. (See “Chapter 3. Configuring NFS Clients to Access DFS” on page 13 for information on configuring NFS clients.)

Depending on how closely you want to control access to the DFS filespace, configure your Gateway Server machines in one of the following ways:

vConfigure the Gateway Server machines so that users cannot issue the dfs_login command to authenticate to DCE.

This configuration allows system administrators to manage all DCE authentication from the Gateway Server machines. You can allow users to issue the dfsgw add command themselves, or you can limit use of the command to administrators only. To configure a Gateway Server machine without enabling remote authentication via the dfs_login command, follow the instructions in “Configuring a Gateway Server Without Enabling Remote Authentication” on page 6.

vConfigure the Gateway Server machines so that users can issue the dfs_login command to remotely authenticate to DCE.

This configuration allows users of NFS clients to acquire their own DCE credentials from the NFS clients. To configure a Gateway Server machine and enable remote authentication via the dfs_login command, follow the instructions in “Configuring a Gateway Server and Enabling Remote Authentication” on page 7.

Note: The dfs_login and dfs_logout commands are not provided with DFS; these commands can be used only if they are available from your NFS vendor and have been installed on an NFS client. If these commands are not available, use the dfsgw add and dfsgw delete commands, which work in a similar fashion. See your NFS vendor documentation for the availability and use of the dfs_login and dfs_logout commands.

© Copyright IBM Corp. 1989, 1999

5

Page 14 Page 16
Image 15
Page 14 Page 16
Contents NFS/DFS Secure Gateway Guide and Reference Page NFS/DFS Secure Gateway Guide and Reference First Edition April Contents Page Purpose PrefaceAudience ApplicabilityConstant width Related DocumentsTypographic and Keying Conventions BoldReturn Ctrl- x orPage Overview of the NFS/DFS Secure Gateway DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Overview of the NFS/DFS Secure Gateway DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Configuring Gateway Server Machines DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Configuring the BOS Server Process Add the group subsys/dce/dfs-admin to the admin.bos file Configuring the Gateway Server Process Invoke the dcecp command $ dcecp Gateway Server process is now fully configured on the machine DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Configuring NFS Clients to Access DFS Configuring a Client and Enabling Remote Authentication Configuring a Client Without Enabling Remote AuthenticationDfslogout DfsloginDfsgw 438/udp dlog Unauthenticated Access to DFS Accessing DFS from an NFS ClientAuthenticated Access to DFS Authenticating to DCE from an NFS Client Hhostname Authenticating to DCE from a Gateway Server Machine Determining Whether a Specific User Is Authenticated to DCE Accessing DFS from an NFS Client DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Configuration File and Command Reference Bos getlog8dfs Dfsgwd8dfs DfsgwLog PurposeDescription Related InformationDfsgw delete Dfsgw PurposeOptions Dfsgw addDfsgw query $ dfsgw help command$ dfsgw command -help Dfsgw listRelated Information Remotehost name Dfsgw add PurposeSynopsis Sysname sysnamePrivileges Required Output ExamplesDfsgwdelete8dfs Dfsgwlist8dfs Dfsgwquery8dfs Topic string Dfsgw apropos PurposeDfsgw help8dfs Dfsgw delete Purpose Dfsgwadd8dfs Dfsgwlist8dfs Dfsgwquery8dfs $ dfsgw help list Dfsgw help PurposeDfsgw apropos8dfs Dfsgw list Purpose Dfsgwadd8dfs PrincipalDfsgwdelete8dfs Dfsgwquery8dfs Dfsgw query Purpose Dfsgwadd8dfs Dfsgwdelete8dfs Dfsgwlist8dfs Dfsgwd Purpose NodomainsVerbose Description Dcelocal/var/dfs/adm/DfsgwLog Bos getlog8dfs Bosserver8dfs Dfsgw8dfsDfsgwLog4dfs Special Characters IndexDFS for Solaris NFS/DFS Secure Gateway Guide and Reference First Edition April DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Trademarks DFS for Solaris NFS/DFS Secure Gateway Guide and Reference How satisfied are you that the information in this book is Readers’ Comments We’d Like to Hear from YouGC09-3993-00 Readers’ Comments We’d Like to Hear from YouPage Program Number NFS/DFS Secure Gateway Guide
Top Page Image Contents