IBM NFS/DFS Secure Gateway manual Authenticating to DCE from a Gateway Server Machine

Page 31

To end the authenticated session before the DCE credentials expire, issue the dfs_logout command from the NFS client. The command removes the user’s entry from the authentication table on the Gateway Server machine. The command can be issued either by the user whose entry is to be removed from the authentication table or by a user who is logged into the NFS client as the local superuser root. The command has no effect on authenticated access that the user has established with other NFS clients.

The syntax of the dfs_logout command follows:

dfs_logout [-hhostname] [dce_principal]

where:

-hhostname

Specifies the hostname of the Gateway Server machine. By default, the command uses the hostname of the machine that exports /... to the NFS client. Use this option to contact a different Gateway Server.

dce_principal

Specifies the DCE principal name of the user whose entry is to be removed from the authentication table. By default, the command deletes the entry for the user who issues the command.

For example, the following ends the authenticated session of the issuer of the command:

$dfs_logout

Authenticating to DCE from a Gateway Server Machine

The dfsgw add command authenticates a user to DCE from a Gateway Server machine. Users can use the dfsgw add command if the dfs_login command is not installed on the NFS client from which they desire access to DFS. System administrators can use the command to administer authenticated access to DFS from a Gateway Server machine. Note that for NFS clients not configured to enable DCE authentication, the dfsgw add command represents the only way to authenticate with DCE.

The dfsgw add command provides essentially the same functionality as the dfs_login command. However, unlike the dfs_login command, the dfsgw add command does not communicate with the Gateway Server (dfsgwd) process; it creates the login context and entry in the authentication table. In addition, it requires the issuer to identify the user for whom authenticated access is desired and the NFS client from which the user is to access DFS. Also, the dfs_login command allows the issuer to request a ticket lifetime.

To end a user’s authenticated session from a specified NFS client, issue the dfsgw delete command on the Gateway Server machine. The command

Chapter 4. Accessing DFS from an NFS Client 21

Page 30 Page 32
Image 31
Page 30 Page 32
Contents NFS/DFS Secure Gateway Guide and Reference Page NFS/DFS Secure Gateway Guide and Reference First Edition April Contents Page Purpose PrefaceAudience ApplicabilityConstant width Related DocumentsTypographic and Keying Conventions BoldReturn Ctrl- x orPage Overview of the NFS/DFS Secure Gateway DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Overview of the NFS/DFS Secure Gateway DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Configuring Gateway Server Machines DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Configuring the BOS Server Process Add the group subsys/dce/dfs-admin to the admin.bos file Configuring the Gateway Server Process Invoke the dcecp command $ dcecp Gateway Server process is now fully configured on the machine DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Configuring NFS Clients to Access DFS Configuring a Client and Enabling Remote Authentication Configuring a Client Without Enabling Remote AuthenticationDfslogout DfsloginDfsgw 438/udp dlog Unauthenticated Access to DFS Accessing DFS from an NFS ClientAuthenticated Access to DFS Authenticating to DCE from an NFS Client Hhostname Authenticating to DCE from a Gateway Server Machine Determining Whether a Specific User Is Authenticated to DCE Accessing DFS from an NFS Client DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Configuration File and Command Reference Bos getlog8dfs Dfsgwd8dfs DfsgwLog PurposeDescription Related InformationDfsgw delete Dfsgw PurposeOptions Dfsgw addDfsgw query $ dfsgw help command$ dfsgw command -help Dfsgw listRelated Information Remotehost name Dfsgw add PurposeSynopsis Sysname sysnamePrivileges Required Examples OutputDfsgwdelete8dfs Dfsgwlist8dfs Dfsgwquery8dfs Topic string Dfsgw apropos PurposeDfsgw help8dfs Dfsgw delete Purpose Dfsgwadd8dfs Dfsgwlist8dfs Dfsgwquery8dfs $ dfsgw help list Dfsgw help PurposeDfsgw apropos8dfs Dfsgw list Purpose Dfsgwadd8dfs PrincipalDfsgwdelete8dfs Dfsgwquery8dfs Dfsgw query Purpose Dfsgwadd8dfs Dfsgwdelete8dfs Dfsgwlist8dfs Nodomains Dfsgwd PurposeVerbose Description Bos getlog8dfs Bosserver8dfs Dfsgw8dfs Dcelocal/var/dfs/adm/DfsgwLogDfsgwLog4dfs Special Characters IndexDFS for Solaris NFS/DFS Secure Gateway Guide and Reference First Edition April DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Trademarks DFS for Solaris NFS/DFS Secure Gateway Guide and Reference How satisfied are you that the information in this book is Readers’ Comments We’d Like to Hear from YouGC09-3993-00 Readers’ Comments We’d Like to Hear from YouPage Program Number NFS/DFS Secure Gateway Guide
Top Page Image Contents