IBM NFS/DFS Secure Gateway Network Router User Manual

Open as PDF

of 67

$ dcecp

dcecp> principal create hosts/hostname/dfs-server

dcecp> account create hosts/hostname/dfs-server -group subsys/dce/dfs-admin

-org none -password password mypwd password

3. Grant the group subsys/dce/dfs-admin the appropriate permissions on

the ACL for the hosts/hostname/dfs-server principal in the registry

database:

dcecp> acl mod /.:/sec/principal/hosts/hostname/dfs-server

-add {group subsys/dce/dfs-admin rcDnfmag}

dcecp> exit

4. Use the su command to become the local superuser root on the machine:

$ su

Password: root_password

5. Add a server key for the hosts/hostname/dfs-server principal to the

/krb5/v5srvtab keytab ﬁle on the machine. The dced process recognizes

the keytab ﬁle by the entry name self. The command creates the keytab

ﬁle if the ﬁle does not already exist. In the commands, password is the

password of the DCE identity to which you were authenticated when

you created the principal.

# dcecp

dcecp> keytab add self -member hosts/hostname/dfs-server -key password

dcecp> keytab add self -member hosts/hostname/dfs-server -random -registry

dcecp> exit

6. Remove the BosConﬁg ﬁle and any administrative lists that possibly exist

from a previous conﬁguration of the BOS Server on the machine:

# rm -f dcelocal/var/dfs/BosConfig

# rm -f dcelocal/var/dfs/admin.*

7. Start the bosserver process with DFS authorization checking disabled.

The process creates a new BosConﬁg ﬁle and a new admin.bos ﬁle,

which is the administrative list for the BOS Server.

# dcelocal/bin/bosserver -noauth &

8. Add the group subsys/dce/dfs-admin to the admin.bos ﬁle:

# dcelocal/bin/bos addadmin -server /.:/hosts/hostname -adminlist admin.bos

-group subsys/dce/dfs-admin

9. Enable DFS authorization checking by the BOS Server:

# dcelocal/bin/bos setauth -server /.:/hosts/hostname -authchecking on

10. Conﬁgure the bosserver process to start automatically when the system is

restarted by removing the two number signs (#) from the following line

of the /etc/rc.dfs ﬁle (or its equivalent):

##daemonrunning $DCELOCAL/bin/bosserver

The BOS Server is now fully conﬁgured on the machine.

8 DFS for Solaris: NFS/DFS Secure Gateway Guide and Reference

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

IBM NFS/DFS Secure Gateway Network Router User Manual