IBM NFS/DFS Secure Gateway manual Dfslogin, Dfslogout

Page 25

Note: The dfs_login and dfs_logout commands are not provided with DFS; these commands can be used only if they are available from your NFS vendor. If these commands are not available, use the dfsgw add and dfsgw delete commands, which work in a similar fashion. See your NFS vendor documentation for the availability and use of the dfs_login and dfs_logout commands.

1.If you have not already done so, perform all of the steps in “Configuring a Client Without Enabling Remote Authentication” on page 14 to mount /...

on the machine.

2.If you have not already done so, log in as the local superuser root on the machine.

3.Install the binary files for the dfs_login and dfs_logout commands in the /usr/bin directory on the machine. These commands provide the following functionality:

dfs_login

Establishes an authenticated session for users of the NFS client by obtaining DCE credentials on a Gateway Server machine. (See “Authenticating to DCE from an NFS Client” on page 19 for information about using this command.)

dfs_logout

Ends an authenticated session established with the dfs_login command. (See “Authenticating to DCE from an NFS Client” on page 19 for information about using this command.)

(The dfs_login and dfs_logout commands use version 5 of Kerberos to communicate with the DCE Security Service.)

4.Create the Kerberos configuration file named /krb5/krb.conf. The dfs_login command reads this file to determine the name of a DCE Security Server that it can contact. This file must be identical to the /krb5/krb.conf file on machines in the host DCE cell; copy it from a machine in the DCE cell.

5.Create the Kerberos configuration file named /krb5/krb.realms. The Kerberos runtime uses the information in this file to translate Internet domains to the corresponding Kerberos realms. In the file, the Kerberos realm has the same name as the DCE cell. Each line of the file must have the following format:

domain krb-realm

where domain is the name of the local Internet domain, and krb-realmis the name of the Kerberos realm (the name of the DCE cell to be accessed). For example, in the following krb.realms file, def.com is the name of the Internet domain, and abc.com is the name of the DCE cell. If machines from multiple domains are to contact the DCE cell, you need a separate line for each domain. Note that realm names are case-sensitive.

Chapter 3. Configuring NFS Clients to Access DFS 15

Page 24 Page 26
Image 25
Page 24 Page 26
Contents NFS/DFS Secure Gateway Guide and Reference Page NFS/DFS Secure Gateway Guide and Reference First Edition April Contents Page Audience PrefaceApplicability PurposeTypographic and Keying Conventions Related DocumentsBold Constant widthReturn Ctrl- x orPage Overview of the NFS/DFS Secure Gateway DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Overview of the NFS/DFS Secure Gateway DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Configuring Gateway Server Machines DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Configuring the BOS Server Process Add the group subsys/dce/dfs-admin to the admin.bos file Configuring the Gateway Server Process Invoke the dcecp command $ dcecp Gateway Server process is now fully configured on the machine DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Configuring NFS Clients to Access DFS Configuring a Client and Enabling Remote Authentication Configuring a Client Without Enabling Remote AuthenticationDfslogout DfsloginDfsgw 438/udp dlog Unauthenticated Access to DFS Accessing DFS from an NFS ClientAuthenticated Access to DFS Authenticating to DCE from an NFS Client Hhostname Authenticating to DCE from a Gateway Server Machine Determining Whether a Specific User Is Authenticated to DCE Accessing DFS from an NFS Client DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Configuration File and Command Reference Description DfsgwLog PurposeRelated Information Bos getlog8dfs Dfsgwd8dfsOptions Dfsgw PurposeDfsgw add Dfsgw delete$ dfsgw command -help $ dfsgw help commandDfsgw list Dfsgw queryRelated Information Synopsis Dfsgw add PurposeSysname sysname Remotehost namePrivileges Required Examples OutputDfsgwdelete8dfs Dfsgwlist8dfs Dfsgwquery8dfs Topic string Dfsgw apropos PurposeDfsgw help8dfs Dfsgw delete Purpose Dfsgwadd8dfs Dfsgwlist8dfs Dfsgwquery8dfs $ dfsgw help list Dfsgw help PurposeDfsgw apropos8dfs Dfsgw list Purpose Dfsgwadd8dfs PrincipalDfsgwdelete8dfs Dfsgwquery8dfs Dfsgw query Purpose Dfsgwadd8dfs Dfsgwdelete8dfs Dfsgwlist8dfs Nodomains Dfsgwd PurposeVerbose Description Bos getlog8dfs Bosserver8dfs Dfsgw8dfs Dcelocal/var/dfs/adm/DfsgwLogDfsgwLog4dfs Special Characters IndexDFS for Solaris NFS/DFS Secure Gateway Guide and Reference First Edition April DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Trademarks DFS for Solaris NFS/DFS Secure Gateway Guide and Reference How satisfied are you that the information in this book is Readers’ Comments We’d Like to Hear from YouGC09-3993-00 Readers’ Comments We’d Like to Hear from YouPage Program Number NFS/DFS Secure Gateway Guide
Top Page Image Contents