IBM NFS/DFS Secure Gateway manual Authenticated Access to DFS

Page 28

When an unauthenticated user creates an object, the object is owned by the user nobody and the group nogroup. The UID of the user nobody is -2, and the GID of the group nogroup is also -2. (Identities and ID numbers of an unauthenticated user and group can vary between systems; see your vendor’s documentation for more information.)

Unauthenticated access is provided with the NFS/DFS Secure Gateway as a side effect of configuring Gateway Server machines and NFS clients. Unauthenticated access is available without the NFS/DFS Secure Gateway. Simply export /... from a DFS client that is also an NFS Server, and mount /...

on each NFS client from which users are to access DFS.

Authenticated Access to DFS

Authenticated access is available to users who have accounts in the DCE cell. When an authenticated user accesses an object in the DFS filespace, the user receives the permissions associated with the DCE identity. When the user creates an object, the object is owned by the DCE principal and its primary group.

To authenticate to DCE, you can issue either of the following commands, both of which establish credentials recognized by the DCE Security Service:

vFrom an NFS client, issue the dfs_login command. (See “Authenticating to DCE from an NFS Client” on page 19 for more information.)

vFrom a Gateway Server machine, issue the dfsgw add command. (See

“Authenticating to DCE from a Gateway Server Machine” on page 21 for more information.)

Note: The dfs_login and dfs_logout commands are not provided with DFS; these commands can be used only if they are available from your NFS vendor and have been installed on an NFS client. If these commands are not available, use the dfsgw add and dfsgw delete commands, which work in a similar fashion. See your NFS vendor documentation for the availability and use of the dfs_login and dfs_logout commands.

A user who desires authenticated access to DFS must have a principal and account in the registry database of the DCE cell. An entry must exist for the user in the /etc/passwd file on the machine configured as a Gateway Server and on each NFS client from which the user is to access DCE. It is recommended that the user’s UID in the /etc/passwd file match the user’s UID in the DCE registry database. (On a DCE client, the passwd_export command can be used to keep /etc/passwd files current with respect to the registry database; see the IBM Distributed Computing Environment for AIX and Solaris: Administration Guide - Core Components for more information.)

18DFS for Solaris: NFS/DFS Secure Gateway Guide and Reference

Page 27 Page 29
Image 28
Page 27 Page 29
Contents NFS/DFS Secure Gateway Guide and Reference Page NFS/DFS Secure Gateway Guide and Reference First Edition April Contents Page Preface AudienceApplicability PurposeRelated Documents Typographic and Keying ConventionsBold Constant widthCtrl- x or ReturnPage Overview of the NFS/DFS Secure Gateway DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Overview of the NFS/DFS Secure Gateway DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Configuring Gateway Server Machines DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Configuring the BOS Server Process Add the group subsys/dce/dfs-admin to the admin.bos file Configuring the Gateway Server Process Invoke the dcecp command $ dcecp Gateway Server process is now fully configured on the machine DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Configuring NFS Clients to Access DFS Configuring a Client Without Enabling Remote Authentication Configuring a Client and Enabling Remote AuthenticationDfslogin DfslogoutDfsgw 438/udp dlog Accessing DFS from an NFS Client Unauthenticated Access to DFSAuthenticated Access to DFS Authenticating to DCE from an NFS Client Hhostname Authenticating to DCE from a Gateway Server Machine Determining Whether a Specific User Is Authenticated to DCE Accessing DFS from an NFS Client DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Configuration File and Command Reference DfsgwLog Purpose DescriptionRelated Information Bos getlog8dfs Dfsgwd8dfsDfsgw Purpose OptionsDfsgw add Dfsgw delete$ dfsgw help command $ dfsgw command -helpDfsgw list Dfsgw queryRelated Information Dfsgw add Purpose SynopsisSysname sysname Remotehost namePrivileges Required Examples OutputDfsgwdelete8dfs Dfsgwlist8dfs Dfsgwquery8dfs Dfsgw apropos Purpose Topic stringDfsgw help8dfs Dfsgw delete Purpose Dfsgwadd8dfs Dfsgwlist8dfs Dfsgwquery8dfs Dfsgw help Purpose $ dfsgw help listDfsgw apropos8dfs Dfsgw list Purpose Principal Dfsgwadd8dfsDfsgwdelete8dfs Dfsgwquery8dfs Dfsgw query Purpose Dfsgwadd8dfs Dfsgwdelete8dfs Dfsgwlist8dfs Nodomains Dfsgwd PurposeVerbose Description Bos getlog8dfs Bosserver8dfs Dfsgw8dfs Dcelocal/var/dfs/adm/DfsgwLogDfsgwLog4dfs Index Special CharactersDFS for Solaris NFS/DFS Secure Gateway Guide and Reference First Edition April DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Trademarks DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Readers’ Comments We’d Like to Hear from You How satisfied are you that the information in this book isReaders’ Comments We’d Like to Hear from You GC09-3993-00Page Program Number NFS/DFS Secure Gateway Guide
Top Page Image Contents