IBM NFS/DFS Secure Gateway manual Authenticating to DCE from an NFS Client

Page 29

The dfsgw add command can be used to refresh DCE credentials. If they are not refreshed, DCE credentials (tickets) expire after the lifetime specified by the DCE Security Service. After they expire, the tickets can no longer be used for authenticated access. To end an authenticated session before the ticket lifetime has passed, you can issue either of the following commands:

vFrom the NFS client from which authenticated access to DFS is provided, enter the dfs_logout command. (See “Authenticating to DCE from an NFS Client”)

vFrom the Gateway Server machine via which the DFS is accessed, enter the dfsgw delete command. (See “Authenticating to DCE from a Gateway Server Machine” on page 21)

Both commands remove the entry from the authentication table that provides authenticated access from the NFS client. Regardless of which command you used to establish the DCE credentials (dfs_login or dfsgw add), you can end the authenticated session with the dfs_logout command or the dfsgw delete command. Neither command affects authenticated access from the other NFS clients. If your DCE credentials are the basis of another entry in the authentication table, you still have authenticated access via that other entry.

To refresh your DCE credentials before they expire, use the dfsgw add command, which refreshes the ticket lifetime of your existing TGT. to obtain new credentials, then use the dfs_login or dfsgw add command to replace your existing TGT with the new TGT.

Note that if you configure multiple Gateway Server machines, each server machine houses its own authentication table. The dfs_login and dfs_logout commands affect entries only in the authentication table maintained on the Gateway Server machine they contact; commands in the dfsgw suite affect entries only in the authentication table on the machine on which they are issued.

Authenticating to DCE from an NFS Client

The dfs_login command authenticates a user to DCE from an NFS client. The command contacts the DCE Security Service to obtain a TGT and a service ticket for the Gateway Server (dfsgwd) process for the user. It encrypts the user’s TGT with the service ticket and sends these to the Gateway Server process. It also sends the UID of the user who issues the command and the network address of the NFS client from which the command is issued. The Gateway Server process uses this information to create a valid login context, including a PAG, and an entry in the authentication table for the user.

Note: The dfs_login and dfs_logout commands are not provided with DFS; these commands are provided by your NFS vendor. The instructions

Chapter 4. Accessing DFS from an NFS Client 19

Page 28 Page 30
Image 29
Page 28 Page 30
Contents NFS/DFS Secure Gateway Guide and Reference Page NFS/DFS Secure Gateway Guide and Reference First Edition April Contents Page Audience PrefaceApplicability PurposeTypographic and Keying Conventions Related DocumentsBold Constant widthReturn Ctrl- x orPage Overview of the NFS/DFS Secure Gateway DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Overview of the NFS/DFS Secure Gateway DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Configuring Gateway Server Machines DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Configuring the BOS Server Process Add the group subsys/dce/dfs-admin to the admin.bos file Configuring the Gateway Server Process Invoke the dcecp command $ dcecp Gateway Server process is now fully configured on the machine DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Configuring NFS Clients to Access DFS Configuring a Client and Enabling Remote Authentication Configuring a Client Without Enabling Remote AuthenticationDfslogout DfsloginDfsgw 438/udp dlog Unauthenticated Access to DFS Accessing DFS from an NFS ClientAuthenticated Access to DFS Authenticating to DCE from an NFS Client Hhostname Authenticating to DCE from a Gateway Server Machine Determining Whether a Specific User Is Authenticated to DCE Accessing DFS from an NFS Client DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Configuration File and Command Reference Description DfsgwLog PurposeRelated Information Bos getlog8dfs Dfsgwd8dfsOptions Dfsgw PurposeDfsgw add Dfsgw delete$ dfsgw command -help $ dfsgw help commandDfsgw list Dfsgw queryRelated Information Synopsis Dfsgw add PurposeSysname sysname Remotehost namePrivileges Required Dfsgwdelete8dfs Dfsgwlist8dfs Dfsgwquery8dfs OutputExamples Topic string Dfsgw apropos PurposeDfsgw help8dfs Dfsgw delete Purpose Dfsgwadd8dfs Dfsgwlist8dfs Dfsgwquery8dfs $ dfsgw help list Dfsgw help PurposeDfsgw apropos8dfs Dfsgw list Purpose Dfsgwadd8dfs PrincipalDfsgwdelete8dfs Dfsgwquery8dfs Dfsgw query Purpose Dfsgwadd8dfs Dfsgwdelete8dfs Dfsgwlist8dfs Verbose Dfsgwd PurposeNodomains Description DfsgwLog4dfs Dcelocal/var/dfs/adm/DfsgwLogBos getlog8dfs Bosserver8dfs Dfsgw8dfs Special Characters IndexDFS for Solaris NFS/DFS Secure Gateway Guide and Reference First Edition April DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Trademarks DFS for Solaris NFS/DFS Secure Gateway Guide and Reference How satisfied are you that the information in this book is Readers’ Comments We’d Like to Hear from YouGC09-3993-00 Readers’ Comments We’d Like to Hear from YouPage Program Number NFS/DFS Secure Gateway Guide
Top Page Image Contents