Support User Manuals

IBM NFS/DFS Secure Gateway Network Router User Manual

Open as PDF

of 67

Before conﬁguring a Gateway Server machine, you must do the following:

v Conﬁgure a DCE cell that includes DFS.

v Conﬁgure each machine that is to become a Gateway Server as a DFS client

and an NFS server.

v Ensure proper synchronization among the system clocks on machines that

are to become Gateway Servers, machines conﬁgured as NFS clients that are

to contact the Gateway Servers, and machines in the DCE cell to be

contacted. You must keep the system clocks on these machines

synchronized at all times.

Conﬁguring a Gateway Server Without Enabling Remote Authentication

Perform the steps in this section to enable DCE authentication from a

Gateway Server machine without enabling it from NFS clients that contact the

Gateway Server. Users can authenticate only by issuing the dfsgw add

command on the Gateway Server machine (or by having a system

administrator issue the command for them).

1. Log in as the local superuser root on the machine.

2. Install the binary ﬁle for the dfsgw command suite in the directory

dcelocal/bin on the machine. The dfsgw command suite provides a local

interface to the authentication table maintained on the Gateway Server

machine. Commands in the dfsgw suite can be used to add, delete, and

view mappings in the authentication table. (See “Authenticating to DCE

from a Gateway Server Machine” on page 21, “Determining Whether a

Speciﬁc User Is Authenticated to DCE” on page 22, and “Displaying

Information About All Users Who Are Authenticated to DCE” on page 22

for information about using these commands.)

3. Export the DCE global root directory, /..., via NFS. This is typically

accomplished via the share command; the exact command and procedure

depends on your vendor’s implementation of NFS, as detailed in the

vendor documentation.

The Gateway Server machine is now conﬁgured to provide DCE

authentication only via the dfsgw add command. Repeat these steps on each

DFS client that is to be conﬁgured as a Gateway Server in this manner. If you

later decide to allow users to authenticate to DCE from NFS clients that

contact the Gateway Server, simply perform the steps in “Conﬁguring a

Gateway Server and Enabling Remote Authentication” on page 7 on the

Gateway Server machine.

6 DFS for Solaris: NFS/DFS Secure Gateway Guide and Reference

previous next