IBM NFS/DFS Secure Gateway manual Invoke the dcecp command $ dcecp

Page 20

vThe m, a, u, and g permissions on the principal hosts/hostnamedfsgw- server. The principal is created during the configuration steps.

vThe t and M permissions on the group subsys/dce/dfsgw-admin. The group is created during the configuration steps.

vThe R, t, and M permissions on the organization none.

vThe r permission on the registry Policy object for the DCE cell.

This requirement is most easily met by authenticating to a privileged DCE identity (for example, cell_admin or a principal who is a member of the group acct-admin).

6.Invoke the dcecp command: $ dcecp

7.For the first Gateway Server process, create the group subsys/dce/dfsgw- admin in the registry database. Use the following dcecp command to create the group:

dcecp> group create subsys/dce/dfsgw-admin

8.Create the principal hosts/hostname/dfsgw-server, and create an account for the principal. The Gateway Server process communicates as the principal hosts/hostname/dfsgw-server. In the commands, password is the password of the DCE identity to which you are authenticated.

dcecp> principal create hosts/hostname/dfsgw-server

dcecp> account create hosts/hostname/dfsgw-server -group subsys/dce/dfsgw-admin -org none -password password -mypwd password

dcecp> exit

9.Use the su command to become the local superuser root on the machine:

$ su

Password: root_password

10.Add a server key for the hosts/hostname/dfsgw-serverprincipal to the krb5/v5srvtab keytab file on the machine. The dced process recognizes the keytab file by the entry name self. In the commands, password is the password of the DCE identity to which you were authenticated when you created the principal.

#dcecp

dcecp> keytab add self -member hosts/hostname/dfsgw-server -key password dcecp> keytab add self -member hosts/hostname/dfsgw-server -random -registry dcecp> exit

11.Log out as the local superuser root to return to your authenticated DCE identity.

12.If your current DCE identity is not included in the

dcelocal/var/dfs/admin.bos file on the machine, either add the identity to the file or authenticate to DCE as a principal that is included in the file. You can use the bos lsadmin command to list the principals and groups included in the admin.bos file:

$ dcelocal/bin/bos lsadmin -server /.:/hosts/hostname-adminlist admin.bos

10DFS for Solaris: NFS/DFS Secure Gateway Guide and Reference

Page 19 Page 21
Image 20
Page 19 Page 21
Contents NFS/DFS Secure Gateway Guide and Reference Page NFS/DFS Secure Gateway Guide and Reference First Edition April Contents Page Preface AudienceApplicability PurposeRelated Documents Typographic and Keying ConventionsBold Constant widthCtrl- x or ReturnPage Overview of the NFS/DFS Secure Gateway DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Overview of the NFS/DFS Secure Gateway DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Configuring Gateway Server Machines DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Configuring the BOS Server Process Add the group subsys/dce/dfs-admin to the admin.bos file Configuring the Gateway Server Process Invoke the dcecp command $ dcecp Gateway Server process is now fully configured on the machine DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Configuring NFS Clients to Access DFS Configuring a Client Without Enabling Remote Authentication Configuring a Client and Enabling Remote AuthenticationDfslogin DfslogoutDfsgw 438/udp dlog Accessing DFS from an NFS Client Unauthenticated Access to DFSAuthenticated Access to DFS Authenticating to DCE from an NFS Client Hhostname Authenticating to DCE from a Gateway Server Machine Determining Whether a Specific User Is Authenticated to DCE Accessing DFS from an NFS Client DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Configuration File and Command Reference DfsgwLog Purpose DescriptionRelated Information Bos getlog8dfs Dfsgwd8dfsDfsgw Purpose OptionsDfsgw add Dfsgw delete$ dfsgw help command $ dfsgw command -helpDfsgw list Dfsgw queryRelated Information Dfsgw add Purpose SynopsisSysname sysname Remotehost namePrivileges Required Dfsgwdelete8dfs Dfsgwlist8dfs Dfsgwquery8dfs OutputExamples Dfsgw apropos Purpose Topic stringDfsgw help8dfs Dfsgw delete Purpose Dfsgwadd8dfs Dfsgwlist8dfs Dfsgwquery8dfs Dfsgw help Purpose $ dfsgw help listDfsgw apropos8dfs Dfsgw list Purpose Principal Dfsgwadd8dfsDfsgwdelete8dfs Dfsgwquery8dfs Dfsgw query Purpose Dfsgwadd8dfs Dfsgwdelete8dfs Dfsgwlist8dfs Verbose Dfsgwd PurposeNodomains Description DfsgwLog4dfs Dcelocal/var/dfs/adm/DfsgwLogBos getlog8dfs Bosserver8dfs Dfsgw8dfs Index Special CharactersDFS for Solaris NFS/DFS Secure Gateway Guide and Reference First Edition April DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Trademarks DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Readers’ Comments We’d Like to Hear from You How satisfied are you that the information in this book isReaders’ Comments We’d Like to Hear from You GC09-3993-00Page Program Number NFS/DFS Secure Gateway Guide
Top Page Image Contents