IBM NFS/DFS Secure Gateway manual Description

Page 55

Description

The dfsgwd command initializes the Gateway Server process. The dfsgwd process runs on machines configured as DFS clients to enable remote authentication via the dfs_login command. The dfsgwd process works with the dfs_login command to obtain DCE credentials for users of NFS clients. The DCE credentials provide users with authenticated access to data in DFS.

The Gateway Server process manipulates mappings for authenticated users in the authentication table on the Gateway Server machine. Each mapping records the following information for an authenticated user:

vThe user’s UNIX user identification number (UID)

vThe network address of the NFS client from which the user has authenticated access to DFS

vThe PAG that stores the user’s DCE ticket-granting ticket (TGT)

The dfs_login and dfs_logout commands provide a remote mechanism for creating and deleting entries in the authentication table on a Gateway Server machine. Commands in the dfsgw command suite provide a local administrative interface to the authentication table on a machine configured as a Gateway Server.

The Gateway Server process recognizes the @sys and @host variables on the NFS client system. This allows the Gateway Server to resolve pathnames to binaries and other system-dependent files correctly, based on the user’s login system name and system type.

The binary file for the dfsgwd process resides in dcelocal/bin. The process is normally run on a DFS client that is exporting a mount point for /..., the root of the DCE namespace, via NFS. The process runs as the DCE principal hosts/ hostname/dfsgw-server.

The dfsgwd process is usually started and controlled by the Basic OverSeer (BOS) Server (bosserver) process. The BOS Server restarts each process it monitors whenever the system is restarted. If the dfsgwd process is not controlled by the BOS Server, the dfsgwd process runs in the foreground by default.

The dfsgwd process writes output about the operations it performs to a log file, by default, named dcelocal/var/dfs/adm/DfsgwLog. You can use the -fileoption to name a different log file. If the dfsgwd process is controlled by the BOS Server, you can use the bos getlog command to read the log file.

Chapter 5. Configuration File and Command Reference 45

Image 55
Contents NFS/DFS Secure Gateway Guide and Reference Page NFS/DFS Secure Gateway Guide and Reference First Edition April Contents Page Purpose PrefaceAudience ApplicabilityConstant width Related DocumentsTypographic and Keying Conventions BoldReturn Ctrl- x orPage Overview of the NFS/DFS Secure Gateway DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Overview of the NFS/DFS Secure Gateway DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Configuring Gateway Server Machines DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Configuring the BOS Server Process Add the group subsys/dce/dfs-admin to the admin.bos file Configuring the Gateway Server Process Invoke the dcecp command $ dcecp Gateway Server process is now fully configured on the machine DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Configuring NFS Clients to Access DFS Configuring a Client and Enabling Remote Authentication Configuring a Client Without Enabling Remote AuthenticationDfslogout DfsloginDfsgw 438/udp dlog Unauthenticated Access to DFS Accessing DFS from an NFS ClientAuthenticated Access to DFS Authenticating to DCE from an NFS Client Hhostname Authenticating to DCE from a Gateway Server Machine Determining Whether a Specific User Is Authenticated to DCE Accessing DFS from an NFS Client DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Configuration File and Command Reference Bos getlog8dfs Dfsgwd8dfs DfsgwLog PurposeDescription Related InformationDfsgw delete Dfsgw PurposeOptions Dfsgw addDfsgw query $ dfsgw help command$ dfsgw command -help Dfsgw listRelated Information Remotehost name Dfsgw add PurposeSynopsis Sysname sysnamePrivileges Required Examples OutputDfsgwdelete8dfs Dfsgwlist8dfs Dfsgwquery8dfs Topic string Dfsgw apropos PurposeDfsgw help8dfs Dfsgw delete Purpose Dfsgwadd8dfs Dfsgwlist8dfs Dfsgwquery8dfs $ dfsgw help list Dfsgw help PurposeDfsgw apropos8dfs Dfsgw list Purpose Dfsgwadd8dfs PrincipalDfsgwdelete8dfs Dfsgwquery8dfs Dfsgw query Purpose Dfsgwadd8dfs Dfsgwdelete8dfs Dfsgwlist8dfs Nodomains Dfsgwd PurposeVerbose Description Bos getlog8dfs Bosserver8dfs Dfsgw8dfs Dcelocal/var/dfs/adm/DfsgwLogDfsgwLog4dfs Special Characters IndexDFS for Solaris NFS/DFS Secure Gateway Guide and Reference First Edition April DFS for Solaris NFS/DFS Secure Gateway Guide and Reference Trademarks DFS for Solaris NFS/DFS Secure Gateway Guide and Reference How satisfied are you that the information in this book is Readers’ Comments We’d Like to Hear from YouGC09-3993-00 Readers’ Comments We’d Like to Hear from YouPage Program Number NFS/DFS Secure Gateway Guide