IBM NFS/DFS Secure Gateway manual Configuring the BOS Server Process

Page 17

Configuring a Gateway Server and Enabling Remote Authentication

Perform the steps in this section to enable DCE authentication either from a Gateway Server machine or from NFS clients that contact the Gateway Server. Users authenticate from the Gateway Server machine by issuing the dfsgw add command; they authenticate from an NFS client by issuing the dfs_login command. A Gateway Server machine to be configured in this manner runs the Gateway Server process (dfsgwd). The steps in “Configuring the Gateway Server Process” on page 9 configure the dfsgwd process on the Gateway Server machine.

It is recommended that a Gateway Server machine configured in this way also runs the Basic OverSeer (BOS) Server to monitor and simplify administration of the dfsgwd process. The steps in “Configuring the BOS Server Process” configure a BOS Server process (bosserver) on the Gateway Server machine. Perform the steps in “Configuring the BOS Server Process” only if the BOS Server is not already running on the machine. (Note that you typically run the BOS Server only on DFS servers, but you can run it on DFS clients. See the IBM DFS for AIX and Solaris Administration Guide for more information about the BOS Server.)

Configuring the BOS Server Process

To configure the BOS Server process (bosserver), perform the following steps on the machine to be configured as a Gateway Server. In all cases, hostname is the hostname of the local machine. (Note that it can be necessary to install the bosserver binary file on the machine if it is not already present.)

1.Authenticate to DCE as a principal who has the following ACL permissions on entries in the registry database:

v The i permission on the directory hosts/hostname.

vThe m, a, u, g, and c permissions on the principal

hosts/hostname/dfs-server. The principal is created during the configuration steps.

vThe t and M permissions on the group subsys/dce/dfs-admin.

vThe R, t, and M permissions on the organization none.

vThe r permission on the registry Policy object for the DCE cell.

This requirement is most easily met by authenticating to a privileged DCE identity (for example, cell_admin or a principal who is a member of the group acct-admin).

2.Create the principal hosts/hostname/dfs-server, and create an account for the principal. In the commands, password is the password of the DCE identity to which you are authenticated.

Chapter 2. Configuring Gateway Server Machines 7

Page 16 Page 18
Image 17
Page 16 Page 18
Contents NFS/DFS Secure Gateway Guide and Reference Page NFS/DFS Secure Gateway Guide and Reference First Edition April Contents Page Audience PrefaceApplicability PurposeTypographic and Keying Conventions Related DocumentsBold Constant widthReturn Ctrl- x orPage Overview of the NFS/DFS Secure Gateway DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Overview of the NFS/DFS Secure Gateway DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Configuring Gateway Server Machines DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Configuring the BOS Server Process Add the group subsys/dce/dfs-admin to the admin.bos file Configuring the Gateway Server Process Invoke the dcecp command $ dcecp Gateway Server process is now fully configured on the machine DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Configuring NFS Clients to Access DFS Configuring a Client and Enabling Remote Authentication Configuring a Client Without Enabling Remote AuthenticationDfslogout DfsloginDfsgw 438/udp dlog Unauthenticated Access to DFS Accessing DFS from an NFS ClientAuthenticated Access to DFS Authenticating to DCE from an NFS Client Hhostname Authenticating to DCE from a Gateway Server Machine Determining Whether a Specific User Is Authenticated to DCE Accessing DFS from an NFS Client DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Configuration File and Command Reference Description DfsgwLog PurposeRelated Information Bos getlog8dfs Dfsgwd8dfsOptions Dfsgw PurposeDfsgw add Dfsgw delete$ dfsgw command -help $ dfsgw help commandDfsgw list Dfsgw queryRelated Information Synopsis Dfsgw add PurposeSysname sysname Remotehost namePrivileges Required Dfsgwdelete8dfs Dfsgwlist8dfs Dfsgwquery8dfs OutputExamples Topic string Dfsgw apropos PurposeDfsgw help8dfs Dfsgw delete Purpose Dfsgwadd8dfs Dfsgwlist8dfs Dfsgwquery8dfs $ dfsgw help list Dfsgw help PurposeDfsgw apropos8dfs Dfsgw list Purpose Dfsgwadd8dfs PrincipalDfsgwdelete8dfs Dfsgwquery8dfs Dfsgw query Purpose Dfsgwadd8dfs Dfsgwdelete8dfs Dfsgwlist8dfs Verbose Dfsgwd PurposeNodomains Description DfsgwLog4dfs Dcelocal/var/dfs/adm/DfsgwLogBos getlog8dfs Bosserver8dfs Dfsgw8dfs Special Characters IndexDFS for Solaris NFS/DFS Secure Gateway Guide and Reference First Edition April DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Trademarks DFS for Solaris NFS/DFS Secure Gateway Guide and Reference How satisfied are you that the information in this book is Readers’ Comments We’d Like to Hear from YouGC09-3993-00 Readers’ Comments We’d Like to Hear from YouPage Program Number NFS/DFS Secure Gateway Guide
Top Page Image Contents