vThe m, a, u, and g permissions on the principal hosts/hostnamedfsgw- server. The principal is created during the configuration steps.

vThe t and M permissions on the group subsys/dce/dfsgw-admin. The group is created during the configuration steps.

vThe R, t, and M permissions on the organization none.

vThe r permission on the registry Policy object for the DCE cell.

This requirement is most easily met by authenticating to a privileged DCE identity (for example, cell_admin or a principal who is a member of the group acct-admin).

6.Invoke the dcecp command: $ dcecp

7.For the first Gateway Server process, create the group subsys/dce/dfsgw- admin in the registry database. Use the following dcecp command to create the group:

dcecp> group create subsys/dce/dfsgw-admin

8.Create the principal hosts/hostname/dfsgw-server, and create an account for the principal. The Gateway Server process communicates as the principal hosts/hostname/dfsgw-server. In the commands, password is the password of the DCE identity to which you are authenticated.

dcecp> principal create hosts/hostname/dfsgw-server

dcecp> account create hosts/hostname/dfsgw-server -group subsys/dce/dfsgw-admin -org none -password password -mypwd password

dcecp> exit

9.Use the su command to become the local superuser root on the machine:

$ su

Password: root_password

10.Add a server key for the hosts/hostname/dfsgw-serverprincipal to the krb5/v5srvtab keytab file on the machine. The dced process recognizes the keytab file by the entry name self. In the commands, password is the password of the DCE identity to which you were authenticated when you created the principal.

#dcecp

dcecp> keytab add self -member hosts/hostname/dfsgw-server -key password dcecp> keytab add self -member hosts/hostname/dfsgw-server -random -registry dcecp> exit

11.Log out as the local superuser root to return to your authenticated DCE identity.

12.If your current DCE identity is not included in the

dcelocal/var/dfs/admin.bos file on the machine, either add the identity to the file or authenticate to DCE as a principal that is included in the file. You can use the bos lsadmin command to list the principals and groups included in the admin.bos file:

$ dcelocal/bin/bos lsadmin -server /.:/hosts/hostname-adminlist admin.bos

10DFS for Solaris: NFS/DFS Secure Gateway Guide and Reference

Page 20
Image 20
IBM NFS/DFS Secure Gateway manual Invoke the dcecp command $ dcecp