IBM NFS/DFS Secure Gateway manual Privileges Required

Page 41

Description

The dfsgw add command authenticates a user to DCE. The command contacts the DCE Security Service to obtain a TGT for the user. To obtain a TGT, a user must have a valid account in the registry database of the DCE cell. The TGT is used to create a valid login context for the user. The login context includes a Process Activation Group (PAG), which DFS stores in the kernel of the Gateway Server machine to identify the user’s TGT. The TGT serves as the user’s DCE credentials to provide authenticated access to files and directories in the DFS filespace from the specified NFS client.

The dfsgw add command adds an entry for the user to the authentication table on the local Gateway Server machine. The entry is a mapping that pairs the user’s UID and the network address of the NFS client for which the user has DCE credentials with the user’s PAG. Because each Gateway Server machine maintains its own authentication table, you must issue the command on the Gateway Server machine on which an entry is to be added to the authentication table.

The dfsgw add command returns an exit value of 0 (zero) if it adds an entry for the user to the authentication table. Otherwise, it returns a nonzero exit value.

DCE credentials obtained with the command are valid for the default ticket lifetime in effect in the registry database of the DCE cell. DCE credentials can be refreshed by issuing the dfsgw add command before they expire. In this case, the command automatically associates the user with the DCE principal; it does not have to be supplied. After the credentials expire, they can no longer be used for authenticated access to DFS. You must obtain new credentials by issuing the dfsgw add command.

The dfsgw add command does not obtain a new TGT if you do not name a principal other than yourself on the command line and you already have a valid TGT in the current login context. If you do not already have an entry in the authentication table for the specified NFS client, the command uses your existing PAG to create a new entry for you. If you already have an entry in the authentication table for the NFS client, the command refreshes your DCE credentials.

Use the dfsgw delete command to end an authenticated session by removing an entry from the authentication table.

Privileges Required

The issuer must be logged into the Gateway Server machine either as the user for whom credentials are to be created or as the local superuser root.

Chapter 5. Configuration File and Command Reference 31

Image 41
Contents NFS/DFS Secure Gateway Guide and Reference Page NFS/DFS Secure Gateway Guide and Reference First Edition April Contents Page Audience PrefaceApplicability PurposeTypographic and Keying Conventions Related DocumentsBold Constant widthReturn Ctrl- x orPage Overview of the NFS/DFS Secure Gateway DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Overview of the NFS/DFS Secure Gateway DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Configuring Gateway Server Machines DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Configuring the BOS Server Process Add the group subsys/dce/dfs-admin to the admin.bos file Configuring the Gateway Server Process Invoke the dcecp command $ dcecp Gateway Server process is now fully configured on the machine DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Configuring NFS Clients to Access DFS Configuring a Client and Enabling Remote Authentication Configuring a Client Without Enabling Remote AuthenticationDfslogout DfsloginDfsgw 438/udp dlog Unauthenticated Access to DFS Accessing DFS from an NFS ClientAuthenticated Access to DFS Authenticating to DCE from an NFS Client Hhostname Authenticating to DCE from a Gateway Server Machine Determining Whether a Specific User Is Authenticated to DCE Accessing DFS from an NFS Client DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Configuration File and Command Reference Description DfsgwLog PurposeRelated Information Bos getlog8dfs Dfsgwd8dfsOptions Dfsgw PurposeDfsgw add Dfsgw delete$ dfsgw command -help $ dfsgw help commandDfsgw list Dfsgw queryRelated Information Synopsis Dfsgw add PurposeSysname sysname Remotehost namePrivileges Required Dfsgwdelete8dfs Dfsgwlist8dfs Dfsgwquery8dfs OutputExamples Topic string Dfsgw apropos PurposeDfsgw help8dfs Dfsgw delete Purpose Dfsgwadd8dfs Dfsgwlist8dfs Dfsgwquery8dfs $ dfsgw help list Dfsgw help PurposeDfsgw apropos8dfs Dfsgw list Purpose Dfsgwadd8dfs PrincipalDfsgwdelete8dfs Dfsgwquery8dfs Dfsgw query Purpose Dfsgwadd8dfs Dfsgwdelete8dfs Dfsgwlist8dfs Verbose Dfsgwd PurposeNodomains Description DfsgwLog4dfs Dcelocal/var/dfs/adm/DfsgwLogBos getlog8dfs Bosserver8dfs Dfsgw8dfs Special Characters IndexDFS for Solaris NFS/DFS Secure Gateway Guide and Reference First Edition April DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Trademarks DFS for Solaris NFS/DFS Secure Gateway Guide and Reference How satisfied are you that the information in this book is Readers’ Comments We’d Like to Hear from YouGC09-3993-00 Readers’ Comments We’d Like to Hear from YouPage Program Number NFS/DFS Secure Gateway Guide