IBM NFS/DFS Secure Gateway Network Router User Manual


 
Before conguring a Gateway Server machine, you must do the following:
v Congure a DCE cell that includes DFS.
v Congure each machine that is to become a Gateway Server as a DFS client
and an NFS server.
v Ensure proper synchronization among the system clocks on machines that
are to become Gateway Servers, machines congured as NFS clients that are
to contact the Gateway Servers, and machines in the DCE cell to be
contacted. You must keep the system clocks on these machines
synchronized at all times.
Conguring a Gateway Server Without Enabling Remote Authentication
Perform the steps in this section to enable DCE authentication from a
Gateway Server machine without enabling it from NFS clients that contact the
Gateway Server. Users can authenticate only by issuing the dfsgw add
command on the Gateway Server machine (or by having a system
administrator issue the command for them).
1. Log in as the local superuser root on the machine.
2. Install the binary le for the dfsgw command suite in the directory
dcelocal/bin on the machine. The dfsgw command suite provides a local
interface to the authentication table maintained on the Gateway Server
machine. Commands in the dfsgw suite can be used to add, delete, and
view mappings in the authentication table. (See Authenticating to DCE
from a Gateway Server Machineon page 21, Determining Whether a
Specic User Is Authenticated to DCEon page 22, and Displaying
Information About All Users Who Are Authenticated to DCEon page 22
for information about using these commands.)
3. Export the DCE global root directory, /..., via NFS. This is typically
accomplished via the share command; the exact command and procedure
depends on your vendors implementation of NFS, as detailed in the
vendor documentation.
The Gateway Server machine is now congured to provide DCE
authentication only via the dfsgw add command. Repeat these steps on each
DFS client that is to be congured as a Gateway Server in this manner. If you
later decide to allow users to authenticate to DCE from NFS clients that
contact the Gateway Server, simply perform the steps in Conguring a
Gateway Server and Enabling Remote Authenticationon page 7 on the
Gateway Server machine.
6 DFS for Solaris: NFS/DFS Secure Gateway Guide and Reference