IBM NFS/DFS Secure Gateway manual Add the group subsys/dce/dfs-admin to the admin.bos file

Page 18

$dcecp

dcecp> principal create hosts/hostname/dfs-server

dcecp> account create hosts/hostname/dfs-server -group subsys/dce/dfs-admin -org none -password password mypwd password

3.Grant the group subsys/dce/dfs-adminthe appropriate permissions on the ACL for the hosts/hostname/dfs-serverprincipal in the registry database:

dcecp> acl mod /.:/sec/principal/hosts/hostname/dfs-server -add {group subsys/dce/dfs-admin rcDnfmag}

dcecp> exit

4.Use the su command to become the local superuser root on the machine:

$ su

Password: root_password

5.Add a server key for the hosts/hostname/dfs-serverprincipal to the /krb5/v5srvtab keytab file on the machine. The dced process recognizes the keytab file by the entry name self. The command creates the keytab file if the file does not already exist. In the commands, password is the password of the DCE identity to which you were authenticated when you created the principal.

#dcecp

dcecp> keytab add self -member hosts/hostname/dfs-server -key password dcecp> keytab add self -member hosts/hostname/dfs-server -random -registry dcecp> exit

6.Remove the BosConfig file and any administrative lists that possibly exist from a previous configuration of the BOS Server on the machine:

#rm -f dcelocal/var/dfs/BosConfig

#rm -f dcelocal/var/dfs/admin.*

7.Start the bosserver process with DFS authorization checking disabled. The process creates a new BosConfig file and a new admin.bos file, which is the administrative list for the BOS Server.

#dcelocal/bin/bosserver -noauth &

8.Add the group subsys/dce/dfs-admin to the admin.bos file:

#dcelocal/bin/bos addadmin -server /.:/hosts/hostname-adminlist admin.bos -group subsys/dce/dfs-admin

9.Enable DFS authorization checking by the BOS Server:

#dcelocal/bin/bos setauth -server /.:/hosts/hostname-authchecking on

10.Configure the bosserver process to start automatically when the system is restarted by removing the two number signs (#) from the following line of the /etc/rc.dfs file (or its equivalent):

##daemonrunning $DCELOCAL/bin/bosserver

The BOS Server is now fully configured on the machine.

8DFS for Solaris: NFS/DFS Secure Gateway Guide and Reference

Page 17 Page 19
Image 18
Page 17 Page 19
Contents NFS/DFS Secure Gateway Guide and Reference Page NFS/DFS Secure Gateway Guide and Reference First Edition April Contents Page Applicability PrefaceAudience PurposeBold Related DocumentsTypographic and Keying Conventions Constant widthCtrl- x or ReturnPage Overview of the NFS/DFS Secure Gateway DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Overview of the NFS/DFS Secure Gateway DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Configuring Gateway Server Machines DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Configuring the BOS Server Process Add the group subsys/dce/dfs-admin to the admin.bos file Configuring the Gateway Server Process Invoke the dcecp command $ dcecp Gateway Server process is now fully configured on the machine DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Configuring NFS Clients to Access DFS Configuring a Client Without Enabling Remote Authentication Configuring a Client and Enabling Remote AuthenticationDfslogin DfslogoutDfsgw 438/udp dlog Accessing DFS from an NFS Client Unauthenticated Access to DFSAuthenticated Access to DFS Authenticating to DCE from an NFS Client Hhostname Authenticating to DCE from a Gateway Server Machine Determining Whether a Specific User Is Authenticated to DCE Accessing DFS from an NFS Client DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Configuration File and Command Reference Related Information DfsgwLog PurposeDescription Bos getlog8dfs Dfsgwd8dfsDfsgw add Dfsgw PurposeOptions Dfsgw deleteDfsgw list $ dfsgw help command$ dfsgw command -help Dfsgw queryRelated Information Sysname sysname Dfsgw add PurposeSynopsis Remotehost namePrivileges Required Output ExamplesDfsgwdelete8dfs Dfsgwlist8dfs Dfsgwquery8dfs Dfsgw apropos Purpose Topic stringDfsgw help8dfs Dfsgw delete Purpose Dfsgwadd8dfs Dfsgwlist8dfs Dfsgwquery8dfs Dfsgw help Purpose $ dfsgw help listDfsgw apropos8dfs Dfsgw list Purpose Principal Dfsgwadd8dfsDfsgwdelete8dfs Dfsgwquery8dfs Dfsgw query Purpose Dfsgwadd8dfs Dfsgwdelete8dfs Dfsgwlist8dfs Dfsgwd Purpose NodomainsVerbose Description Dcelocal/var/dfs/adm/DfsgwLog Bos getlog8dfs Bosserver8dfs Dfsgw8dfsDfsgwLog4dfs Index Special CharactersDFS for Solaris NFS/DFS Secure Gateway Guide and Reference First Edition April DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Trademarks DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Readers’ Comments We’d Like to Hear from You How satisfied are you that the information in this book isReaders’ Comments We’d Like to Hear from You GC09-3993-00Page Program Number NFS/DFS Secure Gateway Guide
Top Page Image Contents