Configuring a Client Without Enabling Remote Authentication

If you configured your Gateway Server machines so that users cannot issue the dfs_login command to authenticate to DCE, perform the steps in this section to configure your NFS clients. The steps enable DFS access from an NFS client without enabling DCE authentication from the client. Users can authenticate only via the dfsgw add command.

1.Log in as the local superuser root on the machine.

2.Mount the root of the DCE namespace, /..., on the machine. In the command, hostname is the hostname of a Gateway Server machine which exports /.... Each Gateway Server machine configured as a Gateway Server exports /.... To achieve proper load balancing if you configure multiple Gateway Server machines, ensure that the mounts of /... on your NFS clients are divided evenly among your Gateway Servers. (You can use the NFS automount mechanism with a direct automount map to mount /...; see your vendor’s NFS documentation for more information.)

#mkdir /...

#mount hostname:/... /...

3.Create a symbolic link from /: to the root of the DFS filespace for the host DCE cell, /.../cellname/fs. In the command, cellname is the name of the DCE cell to be accessed from the NFS client (the cell in which the machine that exports /... is configured as a DFS client).

#ln -s /.../cellname/fs /:

4.Verify that the NFS mount of DCE was successful by using the ls command to list the contents of /:, which leads to the root directory of the DFS filespace. The command yields the same output from the NFS client that it does from a DFS client of the DCE cell.

#ls /:

The NFS client is now configured to provide access to DFS but not to allow users of the client to authenticate to DCE with the dfs_login command. Repeat these steps on each NFS client to be configured in this manner. If you later decide to allow users to authenticate to DCE from the NFS client, simply perform the steps in “Configuring a Client and Enabling Remote Authentication” on the client.

Configuring a Client and Enabling Remote Authentication

If you configured your Gateway Server machines so that users can issue the dfs_login command to authenticate to DCE, perform the steps in this section to configure your NFS clients. The steps enable both DFS and DCE authentication from an NFS client. Users can authenticate via either the dfsgw add command or the dfs_login command.

14DFS for Solaris: NFS/DFS Secure Gateway Guide and Reference

Page 24
Image 24
IBM NFS/DFS Secure Gateway manual Configuring a Client Without Enabling Remote Authentication