IBM manual DFS for Solaris NFS/DFS Secure Gateway Guide and Reference

Page 16

Before configuring a Gateway Server machine, you must do the following:

vConfigure a DCE cell that includes DFS.

vConfigure each machine that is to become a Gateway Server as a DFS client and an NFS server.

vEnsure proper synchronization among the system clocks on machines that are to become Gateway Servers, machines configured as NFS clients that are to contact the Gateway Servers, and machines in the DCE cell to be contacted. You must keep the system clocks on these machines synchronized at all times.

Configuring a Gateway Server Without Enabling Remote Authentication

Perform the steps in this section to enable DCE authentication from a Gateway Server machine without enabling it from NFS clients that contact the Gateway Server. Users can authenticate only by issuing the dfsgw add command on the Gateway Server machine (or by having a system administrator issue the command for them).

1.Log in as the local superuser root on the machine.

2.Install the binary file for the dfsgw command suite in the directory dcelocal/bin on the machine. The dfsgw command suite provides a local interface to the authentication table maintained on the Gateway Server machine. Commands in the dfsgw suite can be used to add, delete, and view mappings in the authentication table. (See “Authenticating to DCE from a Gateway Server Machine” on page 21, “Determining Whether a Specific User Is Authenticated to DCE” on page 22, and “Displaying Information About All Users Who Are Authenticated to DCE” on page 22 for information about using these commands.)

3.Export the DCE global root directory, /..., via NFS. This is typically accomplished via the share command; the exact command and procedure depends on your vendor’s implementation of NFS, as detailed in the vendor documentation.

The Gateway Server machine is now configured to provide DCE authentication only via the dfsgw add command. Repeat these steps on each DFS client that is to be configured as a Gateway Server in this manner. If you later decide to allow users to authenticate to DCE from NFS clients that contact the Gateway Server, simply perform the steps in “Configuring a Gateway Server and Enabling Remote Authentication” on page 7 on the Gateway Server machine.

6DFS for Solaris: NFS/DFS Secure Gateway Guide and Reference

Page 15 Page 17
Image 16
Page 15 Page 17
Contents NFS/DFS Secure Gateway Guide and Reference Page NFS/DFS Secure Gateway Guide and Reference First Edition April Contents Page Preface AudienceApplicability PurposeRelated Documents Typographic and Keying ConventionsBold Constant widthCtrl- x or ReturnPage Overview of the NFS/DFS Secure Gateway DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Overview of the NFS/DFS Secure Gateway DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Configuring Gateway Server Machines DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Configuring the BOS Server Process Add the group subsys/dce/dfs-admin to the admin.bos file Configuring the Gateway Server Process Invoke the dcecp command $ dcecp Gateway Server process is now fully configured on the machine DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Configuring NFS Clients to Access DFS Configuring a Client Without Enabling Remote Authentication Configuring a Client and Enabling Remote AuthenticationDfslogin DfslogoutDfsgw 438/udp dlog Accessing DFS from an NFS Client Unauthenticated Access to DFSAuthenticated Access to DFS Authenticating to DCE from an NFS Client Hhostname Authenticating to DCE from a Gateway Server Machine Determining Whether a Specific User Is Authenticated to DCE Accessing DFS from an NFS Client DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Configuration File and Command Reference DfsgwLog Purpose DescriptionRelated Information Bos getlog8dfs Dfsgwd8dfsDfsgw Purpose OptionsDfsgw add Dfsgw delete$ dfsgw help command $ dfsgw command -helpDfsgw list Dfsgw queryRelated Information Dfsgw add Purpose SynopsisSysname sysname Remotehost namePrivileges Required Examples OutputDfsgwdelete8dfs Dfsgwlist8dfs Dfsgwquery8dfs Dfsgw apropos Purpose Topic stringDfsgw help8dfs Dfsgw delete Purpose Dfsgwadd8dfs Dfsgwlist8dfs Dfsgwquery8dfs Dfsgw help Purpose $ dfsgw help listDfsgw apropos8dfs Dfsgw list Purpose Principal Dfsgwadd8dfsDfsgwdelete8dfs Dfsgwquery8dfs Dfsgw query Purpose Dfsgwadd8dfs Dfsgwdelete8dfs Dfsgwlist8dfs Nodomains Dfsgwd PurposeVerbose Description Bos getlog8dfs Bosserver8dfs Dfsgw8dfs Dcelocal/var/dfs/adm/DfsgwLogDfsgwLog4dfs Index Special CharactersDFS for Solaris NFS/DFS Secure Gateway Guide and Reference First Edition April DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Trademarks DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Readers’ Comments We’d Like to Hear from You How satisfied are you that the information in this book isReaders’ Comments We’d Like to Hear from You GC09-3993-00Page Program Number NFS/DFS Secure Gateway Guide
Top Page Image Contents