IBM NFS/DFS Secure Gateway manual Configuring a Client Without Enabling Remote Authentication

Page 24

Configuring a Client Without Enabling Remote Authentication

If you configured your Gateway Server machines so that users cannot issue the dfs_login command to authenticate to DCE, perform the steps in this section to configure your NFS clients. The steps enable DFS access from an NFS client without enabling DCE authentication from the client. Users can authenticate only via the dfsgw add command.

1.Log in as the local superuser root on the machine.

2.Mount the root of the DCE namespace, /..., on the machine. In the command, hostname is the hostname of a Gateway Server machine which exports /.... Each Gateway Server machine configured as a Gateway Server exports /.... To achieve proper load balancing if you configure multiple Gateway Server machines, ensure that the mounts of /... on your NFS clients are divided evenly among your Gateway Servers. (You can use the NFS automount mechanism with a direct automount map to mount /...; see your vendor’s NFS documentation for more information.)

#mkdir /...

#mount hostname:/... /...

3.Create a symbolic link from /: to the root of the DFS filespace for the host DCE cell, /.../cellname/fs. In the command, cellname is the name of the DCE cell to be accessed from the NFS client (the cell in which the machine that exports /... is configured as a DFS client).

#ln -s /.../cellname/fs /:

4.Verify that the NFS mount of DCE was successful by using the ls command to list the contents of /:, which leads to the root directory of the DFS filespace. The command yields the same output from the NFS client that it does from a DFS client of the DCE cell.

#ls /:

The NFS client is now configured to provide access to DFS but not to allow users of the client to authenticate to DCE with the dfs_login command. Repeat these steps on each NFS client to be configured in this manner. If you later decide to allow users to authenticate to DCE from the NFS client, simply perform the steps in “Configuring a Client and Enabling Remote Authentication” on the client.

Configuring a Client and Enabling Remote Authentication

If you configured your Gateway Server machines so that users can issue the dfs_login command to authenticate to DCE, perform the steps in this section to configure your NFS clients. The steps enable both DFS and DCE authentication from an NFS client. Users can authenticate via either the dfsgw add command or the dfs_login command.

14DFS for Solaris: NFS/DFS Secure Gateway Guide and Reference

Page 23 Page 25
Image 24
Page 23 Page 25
Contents NFS/DFS Secure Gateway Guide and Reference Page NFS/DFS Secure Gateway Guide and Reference First Edition April Contents Page Preface AudienceApplicability PurposeRelated Documents Typographic and Keying ConventionsBold Constant widthCtrl- x or ReturnPage Overview of the NFS/DFS Secure Gateway DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Overview of the NFS/DFS Secure Gateway DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Configuring Gateway Server Machines DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Configuring the BOS Server Process Add the group subsys/dce/dfs-admin to the admin.bos file Configuring the Gateway Server Process Invoke the dcecp command $ dcecp Gateway Server process is now fully configured on the machine DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Configuring NFS Clients to Access DFS Configuring a Client Without Enabling Remote Authentication Configuring a Client and Enabling Remote AuthenticationDfslogin DfslogoutDfsgw 438/udp dlog Accessing DFS from an NFS Client Unauthenticated Access to DFSAuthenticated Access to DFS Authenticating to DCE from an NFS Client Hhostname Authenticating to DCE from a Gateway Server Machine Determining Whether a Specific User Is Authenticated to DCE Accessing DFS from an NFS Client DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Configuration File and Command Reference DfsgwLog Purpose DescriptionRelated Information Bos getlog8dfs Dfsgwd8dfsDfsgw Purpose OptionsDfsgw add Dfsgw delete$ dfsgw help command $ dfsgw command -helpDfsgw list Dfsgw queryRelated Information Dfsgw add Purpose SynopsisSysname sysname Remotehost namePrivileges Required Output ExamplesDfsgwdelete8dfs Dfsgwlist8dfs Dfsgwquery8dfs Dfsgw apropos Purpose Topic stringDfsgw help8dfs Dfsgw delete Purpose Dfsgwadd8dfs Dfsgwlist8dfs Dfsgwquery8dfs Dfsgw help Purpose $ dfsgw help listDfsgw apropos8dfs Dfsgw list Purpose Principal Dfsgwadd8dfsDfsgwdelete8dfs Dfsgwquery8dfs Dfsgw query Purpose Dfsgwadd8dfs Dfsgwdelete8dfs Dfsgwlist8dfs Dfsgwd Purpose NodomainsVerbose Description Dcelocal/var/dfs/adm/DfsgwLog Bos getlog8dfs Bosserver8dfs Dfsgw8dfsDfsgwLog4dfs Index Special CharactersDFS for Solaris NFS/DFS Secure Gateway Guide and Reference First Edition April DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Trademarks DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Readers’ Comments We’d Like to Hear from You How satisfied are you that the information in this book isReaders’ Comments We’d Like to Hear from You GC09-3993-00Page Program Number NFS/DFS Secure Gateway Guide
Top Page Image Contents