IBM NFS/DFS Secure Gateway manual Add the group subsys/dce/dfs-admin to the admin.bos file

$dcecp

dcecp> principal create hosts/hostname/dfs-server

dcecp> account create hosts/hostname/dfs-server -group subsys/dce/dfs-admin -org none -password password mypwd password

3.Grant the group subsys/dce/dfs-adminthe appropriate permissions on the ACL for the hosts/hostname/dfs-serverprincipal in the registry database:

dcecp> acl mod /.:/sec/principal/hosts/hostname/dfs-server -add {group subsys/dce/dfs-admin rcDnfmag}

dcecp> exit

4.Use the su command to become the local superuser root on the machine:

$ su

Password: root_password

5.Add a server key for the hosts/hostname/dfs-serverprincipal to the /krb5/v5srvtab keytab file on the machine. The dced process recognizes the keytab file by the entry name self. The command creates the keytab file if the file does not already exist. In the commands, password is the password of the DCE identity to which you were authenticated when you created the principal.

#dcecp

dcecp> keytab add self -member hosts/hostname/dfs-server -key password dcecp> keytab add self -member hosts/hostname/dfs-server -random -registry dcecp> exit

6.Remove the BosConfig file and any administrative lists that possibly exist from a previous configuration of the BOS Server on the machine:

#rm -f dcelocal/var/dfs/BosConfig

#rm -f dcelocal/var/dfs/admin.*

7.Start the bosserver process with DFS authorization checking disabled. The process creates a new BosConfig file and a new admin.bos file, which is the administrative list for the BOS Server.

#dcelocal/bin/bosserver -noauth &

8.Add the group subsys/dce/dfs-admin to the admin.bos file:

#dcelocal/bin/bos addadmin -server /.:/hosts/hostname-adminlist admin.bos -group subsys/dce/dfs-admin

9.Enable DFS authorization checking by the BOS Server:

#dcelocal/bin/bos setauth -server /.:/hosts/hostname-authchecking on

10.Configure the bosserver process to start automatically when the system is restarted by removing the two number signs (#) from the following line of the /etc/rc.dfs file (or its equivalent):

##daemonrunning $DCELOCAL/bin/bosserver

The BOS Server is now fully configured on the machine.

8DFS for Solaris: NFS/DFS Secure Gateway Guide and Reference