DFS fo r SolarisNFS /D FS Secure Gate way Gui de an dReferenceVe r s i o n 3 .1GC09-3993-00
viii DFS for Solaris: NFS/DFS Secure Gateway Guide and Reference
Chapter 1. Overview of the NFS/DFS Secure GatewayThe Network File System (NFS) to DFS Secure Gateway provides amechanism for granting authenticated ac
on the Gateway Server machines, installing the vendor-provided dfs_loginand dfs_logout commands on the NFS clients, configuring Kerberos on theNFS clie
Before establishing a new mapping between a remote user and DCE principal,the existing mapping must be deleted. A user who wants to end anauthenticate
4 DFS for Solaris: NFS/DFS Secure Gateway Guide and Reference
Chapter 2. Configuring Gateway Server MachinesA Gateway Server machine provides authenticated access to the DFS filespaceto users on NFS clients. You ca
Before configuring a Gateway Server machine, you must do the following:v Configure a DCE cell that includes DFS.v Configure each machine that is to becom
Configuring a Gateway Server and Enabling Remote AuthenticationPerform the steps in this section to enable DCE authentication either from aGateway Serv
$ dcecpdcecp> principal create hosts/hostname/dfs-serverdcecp> account create hosts/hostname/dfs-server -group subsys/dce/dfs-admin-org none -pa
Configuring the Gateway Server ProcessTo configure the Gateway Server (dfsgwd) process, perform the followingsteps on the machine to be configured as a G
v The m, a, u, and g permissions on the principal hosts/hostnamedfsgw-server. The principal is created during the configuration steps.v The t and M per
13. Create a simple BOS Server process named dfsgw to run the dfsgwdserver process:$ dcelocal/bin/bos create -server /.:/hosts/hostname -process dfsgw
12 DFS for Solaris: NFS/DFS Secure Gateway Guide and Reference
Chapter 3. Configuring NFS Clients to Access DFSAfter you have configured at least one Gateway Server machine according tothe instructions in “Chapter 2
Configuring a Client Without Enabling Remote AuthenticationIf you configured your Gateway Server machines so that users cannot issuethe dfs_login comman
Note: The dfs_login and dfs_logout commands are not provided with DFS;these commands can be used only if they are available from your NFSvendor. If th
.DEF.COM abc.com6. If you use the /etc/services file in your environment, add the followingentry for the dfsgw service to the /etc/services file on the
Chapter 4. Accessing DFS from an NFS ClientAfter a Gateway Server machine and one or more NFS clients are configuredaccording to the instructions in “C
When an unauthenticated user creates an object, the object is owned by theuser nobody and the group nogroup. The UID of the user nobody is -2, andthe
The dfsgw add command can be used to refresh DCE credentials. If they arenot refreshed, DCE credentials (tickets) expire after the lifetime specified b
DFS fo r SolarisNFS /D FS Secure Gate wa y G ui d e andReferenceVe r s i o n 3 .1GC09-3993-00
given for the dfs_login and dfs_logout commands can only beperformed if your NFS vendor provides these commands. If thesecommands are not available, u
To end the authenticated session before the DCE credentials expire, issue thedfs_logout command from the NFS client. The command removes the user’sent
provides the same functionality from a Gateway Server machine that thedfs_logout command provides from an NFS client. The dfsgw deletecommand can be i
who has DFS access, and the date and time at which each user’s DCEcredentials expire. See the reference page for the dfsgw list command formore inform
24 DFS for Solaris: NFS/DFS Secure Gateway Guide and Reference
Chapter 5. Configuration File and Command ReferenceThis chapter contains configuration file and command reference informationfor the NFS/DFS Secure Gatew
DfsgwLogPurposeLog file that contains messages generated by the Gateway Server process ofthe NFS/DFS Secure GatewayDescriptionThe DfsgwLog file contains
dfsgwPurposeIntroduction to the dfsgw command suite used with the NFS/DFS SecureGatewayOptionsThe following options are used with many dfsgw commands.
dfsgw listDisplays a list of users who are authenticated to DCE via the GatewayServer machine.dfsgw queryDetermines whether a specific user is authenti
Related InformationCommands:dfsgw_add(8dfs)dfsgw_apropos(8dfs)dfsgw_delete(8dfs)dfsgw_help(8dfs)dfsgw_list(8dfs)dfsgw_query(8dfs)dfs_intro(8dfs)Chapte
NoteBefore using this information and the product it supports, be sure to read the general information under“Notices” on page 49.First Edition (April
dfsgw addPurposeAdds an entry to the authentication table on the Gateway Server machineSynopsisdfsgw add -id networkID:userID [-dceid login_name[:pass
DescriptionThe dfsgw add command authenticates a user to DCE. The command contactsthe DCE Security Service to obtain a TGT for the user. To obtain a T
OutputThe dfsgw add command displays the following prompts to request a DCEprincipal and password:Enter Principal Name: principalEnter Password: passw
dfsgw aproposPurposeDisplays the help entry for each dfsgw command that contains a specifiedstringSynopsisdfsgw apropos -topic string [-help]Options-to
Related InformationCommands:dfsgw help(8dfs)34 DFS for Solaris: NFS/DFS Secure Gateway Guide and Reference
dfsgw deletePurposeRemoves an entry from the authentication table on the Gateway ServermachineSynopsisdfsgw delete -id networkID:userID [-af address_f
Privilege RequiredThe issuer must be logged into the Gateway Server machine either as the userwhose entry is to be removed from the authentication tab
dfsgw helpPurposeShows syntax of specified dfsgw commands or lists functional descriptions ofall dfsgw commandsSynopsisdfsgw help [-topic string][-help
dfsgw list: list all entries in the ATUsage: dfsgw list [-help]Related InformationCommands:dfsgw apropos(8dfs)38 DFS for Solaris: NFS/DFS Secure Gatew
dfsgw listPurposeLists all entries in the authentication table on the Gateway Server machineSynopsisdfsgw list [-help]Options-help Displays help infor
ContentsPreface ... vAudience ... vApplicability ... vPurpose... vDocument Organization ... vRelated Document
hostnameNames the NFS client for which the entry grants authenticated accessto DFSprincipalDisplays the principal name of the user to whom the entry g
dfsgw_delete(8dfs)dfsgw_query(8dfs)Chapter 5. Configuration File and Command Reference 41
dfsgw queryPurposeQueries the authentication table on the Gateway Server machineSynopsisdfsgw query -id networkID:userID [-af address_family][-help]Op
Privilege RequiredThe issuer must be logged into the Gateway Server machine either as the userwhose entry in the authentication table is to be examine
dfsgwdPurposeInitializes the Gateway Server process for the NFS/DFS Secure GatewaySynopsisdfsgwd [-service service_number][-sysname sysname][-nodomain
DescriptionThe dfsgwd command initializes the Gateway Server process. The dfsgwdprocess runs on machines configured as DFS clients to enable remoteauth
Privileges RequiredThe issuer must be the local superuser root on the local machine.Filesdcelocal/var/dfs/adm/DfsgwLogThe default log file for the dfsg
IndexSpecial Characters@sys and @host variables 44, 45AACL permissions 7, 9authenticating to DCEdetermining whether a specificuser is authenticated 22d
48 DFS for Solaris: NFS/DFS Secure Gateway Guide and Reference
NoticesFirst Edition (April 2000)This information was developed for products and services offered in theU.S.A.IBM may not offer the products, services
iv DFS for Solaris: NFS/DFS Secure Gateway Guide and Reference
This information could include technical inaccuracies or typographical errors.Changes are periodically made to the information herein; these changes w
All statements regarding IBM’s future direction or intent are subject to changeor withdrawal without notice, and represent goals and objectives only.A
UNIX is a registered trademark in the United States, other countries or bothand is licensed exclusively through X/Open Company Limited.Other company,
Readers’ Comments — We’d Like to Hear from YouDFS for SolarisNFS/DFS Secure Gateway Guide and ReferenceVersion 3.1Publication No. GC09-3993-00Overall,
Readers’ Comments — We’d Like to Hear from YouGC09-3993-00GC09-3993-00Cut or FoldAlong LineCut or FoldAlong LineFold and Tape Please do not staple
Program Number:Printed in the United States of Americaon recycled paper containing 10%recovered post-consumer fiber.GC09-3993-00
Spine information: DFS fo r SolarisNFS/DFS Secure Gatewa y Gui d e andReferenceVersion 3.1 GC09-3993-00
PrefaceThe IBM DFS for Solaris NFS/DFS Secure Gateway Guide and Reference containsguide and reference information about the NFS/DFS Secure Gateway for
Related DocumentsFor information about DCE in general, and DCE administration for Solaris inparticular, refer to the following documents:v IBM Distrib
<Ctrl- x>or|xThe notation <Ctrl- x> or |x followed by the name of a key indicatesa control character sequence. For example, <Ctrl-C>
Comments to this Manuals