Ibm NFS/DFS Secure Gateway User Manual

DFS fo r SolarisNFS /D FS Secure Gate way Gui de an dReferenceVe r s i o n 3 .1GC09-3993-00

viii DFS for Solaris: NFS/DFS Secure Gateway Guide and Reference

Chapter 1. Overview of the NFS/DFS Secure GatewayThe Network File System (NFS) to DFS Secure Gateway provides amechanism for granting authenticated ac

on the Gateway Server machines, installing the vendor-provided dfs_loginand dfs_logout commands on the NFS clients, configuring Kerberos on theNFS clie

Before establishing a new mapping between a remote user and DCE principal,the existing mapping must be deleted. A user who wants to end anauthenticate

4 DFS for Solaris: NFS/DFS Secure Gateway Guide and Reference

Chapter 2. Configuring Gateway Server MachinesA Gateway Server machine provides authenticated access to the DFS filespaceto users on NFS clients. You ca

Before configuring a Gateway Server machine, you must do the following:v Configure a DCE cell that includes DFS.v Configure each machine that is to becom

Configuring a Gateway Server and Enabling Remote AuthenticationPerform the steps in this section to enable DCE authentication either from aGateway Serv

$ dcecpdcecp> principal create hosts/hostname/dfs-serverdcecp> account create hosts/hostname/dfs-server -group subsys/dce/dfs-admin-org none -pa

Configuring the Gateway Server ProcessTo configure the Gateway Server (dfsgwd) process, perform the followingsteps on the machine to be configured as a G

v The m, a, u, and g permissions on the principal hosts/hostnamedfsgw-server. The principal is created during the configuration steps.v The t and M per

13. Create a simple BOS Server process named dfsgw to run the dfsgwdserver process:$ dcelocal/bin/bos create -server /.:/hosts/hostname -process dfsgw

12 DFS for Solaris: NFS/DFS Secure Gateway Guide and Reference

Chapter 3. Configuring NFS Clients to Access DFSAfter you have configured at least one Gateway Server machine according tothe instructions in “Chapter 2

Configuring a Client Without Enabling Remote AuthenticationIf you configured your Gateway Server machines so that users cannot issuethe dfs_login comman

Note: The dfs_login and dfs_logout commands are not provided with DFS;these commands can be used only if they are available from your NFSvendor. If th

.DEF.COM abc.com6. If you use the /etc/services file in your environment, add the followingentry for the dfsgw service to the /etc/services file on the

Chapter 4. Accessing DFS from an NFS ClientAfter a Gateway Server machine and one or more NFS clients are configuredaccording to the instructions in “C

When an unauthenticated user creates an object, the object is owned by theuser nobody and the group nogroup. The UID of the user nobody is -2, andthe

The dfsgw add command can be used to refresh DCE credentials. If they arenot refreshed, DCE credentials (tickets) expire after the lifetime specified b

DFS fo r SolarisNFS /D FS Secure Gate wa y G ui d e andReferenceVe r s i o n 3 .1GC09-3993-00

given for the dfs_login and dfs_logout commands can only beperformed if your NFS vendor provides these commands. If thesecommands are not available, u

To end the authenticated session before the DCE credentials expire, issue thedfs_logout command from the NFS client. The command removes the user’sent

provides the same functionality from a Gateway Server machine that thedfs_logout command provides from an NFS client. The dfsgw deletecommand can be i

who has DFS access, and the date and time at which each user’s DCEcredentials expire. See the reference page for the dfsgw list command formore inform

24 DFS for Solaris: NFS/DFS Secure Gateway Guide and Reference

Chapter 5. Configuration File and Command ReferenceThis chapter contains configuration file and command reference informationfor the NFS/DFS Secure Gatew

DfsgwLogPurposeLog file that contains messages generated by the Gateway Server process ofthe NFS/DFS Secure GatewayDescriptionThe DfsgwLog file contains

dfsgwPurposeIntroduction to the dfsgw command suite used with the NFS/DFS SecureGatewayOptionsThe following options are used with many dfsgw commands.

dfsgw listDisplays a list of users who are authenticated to DCE via the GatewayServer machine.dfsgw queryDetermines whether a specific user is authenti

Related InformationCommands:dfsgw_add(8dfs)dfsgw_apropos(8dfs)dfsgw_delete(8dfs)dfsgw_help(8dfs)dfsgw_list(8dfs)dfsgw_query(8dfs)dfs_intro(8dfs)Chapte

NoteBefore using this information and the product it supports, be sure to read the general information under“Notices” on page 49.First Edition (April

dfsgw addPurposeAdds an entry to the authentication table on the Gateway Server machineSynopsisdfsgw add -id networkID:userID [-dceid login_name[:pass

DescriptionThe dfsgw add command authenticates a user to DCE. The command contactsthe DCE Security Service to obtain a TGT for the user. To obtain a T

OutputThe dfsgw add command displays the following prompts to request a DCEprincipal and password:Enter Principal Name: principalEnter Password: passw

dfsgw aproposPurposeDisplays the help entry for each dfsgw command that contains a specifiedstringSynopsisdfsgw apropos -topic string [-help]Options-to

Related InformationCommands:dfsgw help(8dfs)34 DFS for Solaris: NFS/DFS Secure Gateway Guide and Reference

dfsgw deletePurposeRemoves an entry from the authentication table on the Gateway ServermachineSynopsisdfsgw delete -id networkID:userID [-af address_f

Privilege RequiredThe issuer must be logged into the Gateway Server machine either as the userwhose entry is to be removed from the authentication tab

dfsgw helpPurposeShows syntax of specified dfsgw commands or lists functional descriptions ofall dfsgw commandsSynopsisdfsgw help [-topic string][-help

dfsgw list: list all entries in the ATUsage: dfsgw list [-help]Related InformationCommands:dfsgw apropos(8dfs)38 DFS for Solaris: NFS/DFS Secure Gatew

dfsgw listPurposeLists all entries in the authentication table on the Gateway Server machineSynopsisdfsgw list [-help]Options-help Displays help infor

ContentsPreface ... vAudience ... vApplicability ... vPurpose... vDocument Organization ... vRelated Document

hostnameNames the NFS client for which the entry grants authenticated accessto DFSprincipalDisplays the principal name of the user to whom the entry g

dfsgw_delete(8dfs)dfsgw_query(8dfs)Chapter 5. Configuration File and Command Reference 41

dfsgw queryPurposeQueries the authentication table on the Gateway Server machineSynopsisdfsgw query -id networkID:userID [-af address_family][-help]Op

Privilege RequiredThe issuer must be logged into the Gateway Server machine either as the userwhose entry in the authentication table is to be examine

dfsgwdPurposeInitializes the Gateway Server process for the NFS/DFS Secure GatewaySynopsisdfsgwd [-service service_number][-sysname sysname][-nodomain

DescriptionThe dfsgwd command initializes the Gateway Server process. The dfsgwdprocess runs on machines configured as DFS clients to enable remoteauth

Privileges RequiredThe issuer must be the local superuser root on the local machine.Filesdcelocal/var/dfs/adm/DfsgwLogThe default log file for the dfsg

IndexSpecial Characters@sys and @host variables 44, 45AACL permissions 7, 9authenticating to DCEdetermining whether a specificuser is authenticated 22d

48 DFS for Solaris: NFS/DFS Secure Gateway Guide and Reference

NoticesFirst Edition (April 2000)This information was developed for products and services offered in theU.S.A.IBM may not offer the products, services

iv DFS for Solaris: NFS/DFS Secure Gateway Guide and Reference

This information could include technical inaccuracies or typographical errors.Changes are periodically made to the information herein; these changes w

All statements regarding IBM’s future direction or intent are subject to changeor withdrawal without notice, and represent goals and objectives only.A

UNIX is a registered trademark in the United States, other countries or bothand is licensed exclusively through X/Open Company Limited.Other company,

Readers’ Comments — We’d Like to Hear from YouDFS for SolarisNFS/DFS Secure Gateway Guide and ReferenceVersion 3.1Publication No. GC09-3993-00Overall,

Readers’ Comments — We’d Like to Hear from YouGC09-3993-00GC09-3993-00Cut or FoldAlong LineCut or FoldAlong LineFold and Tape Please do not staple

Program Number:Printed in the United States of Americaon recycled paper containing 10%recovered post-consumer fiber.GC09-3993-00

Spine information: DFS fo r SolarisNFS/DFS Secure Gatewa y Gui d e andReferenceVersion 3.1 GC09-3993-00

PrefaceThe IBM DFS for Solaris NFS/DFS Secure Gateway Guide and Reference containsguide and reference information about the NFS/DFS Secure Gateway for

Related DocumentsFor information about DCE in general, and DCE administration for Solaris inparticular, refer to the following documents:v IBM Distrib

<Ctrl- x>or|xThe notation <Ctrl- x> or |x followed by the name of a key indicatesa control character sequence. For example, <Ctrl-C>