IBM NFS/DFS Secure Gateway Network Router User Manual


 
Conguring the Gateway Server Process
To congure the Gateway Server (dfsgwd) process, perform the following
steps on the machine to be congured as a Gateway Server. The steps assume
that the BOS Server is already running on the machine. In all of the steps,
hostname is the hostname of the local machine.
Note: You need to perform some steps only when you congure the rst
Gateway Server process. Such steps are qualied with the phrase for the
first Gateway Server process.
1. If you have not already done so, perform all the steps in Conguring a
Gateway Server Without Enabling Remote Authenticationon page 6 to
install the dfsgw binary le on the machine and to export /... from the
machine.
2. If you have not already done so, log in as the local superuser root on the
machine.
3. Install the binary le for the dfsgwd process in the directory dcelocal/bin
on the machine. The dfsgwd process provides users of NFS clients with a
remote interface to the authentication table maintained on the Gateway
Server machine.
4. Add the dfsgw service to the Internet services database. The dfsgw
service provides the login facility for the NFS/DFS Secure Gateway. To
add the service, do one of the following:
v If you use the /etc/services le in your environment, add an entry for
the dfsgw service to the /etc/services le on the machine.
v If you use a Network Information Service (NIS) services map in your
environment, add an entry for the dfsgw service to the NIS services
map le on the NIS master. Add the entry to the services map only for
the first Gateway Server process; do not add the entry for additional
Gateway Server processes or NFS clients.
In either case, you need to add the following entry for the service:
dfsgw 438/udp dlog
where dfsgw is the name of the service, 438 is the port at which the
service receives RPCs, udp is the protocol the service uses to
communicate, and dlog is an alias for the dfsgw service.
5. Authenticate to DCE as a principal who has the following ACL
permissions on entries in the registry database:
v The i permission on the directory hosts/hostname.
v For the first Gateway Server process, the i permission on the directory
subsys/dce.
Chapter 2. Conguring Gateway Server Machines 9