IBM NFS/DFS Secure Gateway Network Router User Manual

Open as PDF

of 67

v The m, a, u, and g permissions on the principal hosts/hostnamedfsgw-

server. The principal is created during the conﬁguration steps.

v The t and M permissions on the group subsys/dce/dfsgw-admin. The

group is created during the conﬁguration steps.

v The R, t, and M permissions on the organization none.

v The r permission on the registry Policy object for the DCE cell.

This requirement is most easily met by authenticating to a privileged

DCE identity (for example, cell_admin or a principal who is a member of

the group acct-admin).

6. Invoke the dcecp command:

$ dcecp

7. For the ﬁrst Gateway Server process, create the group subsys/dce/dfsgw-

admin in the registry database. Use the following dcecp command to

create the group:

dcecp> group create subsys/dce/dfsgw-admin

8. Create the principal hosts/hostname/dfsgw-server, and create an account

for the principal. The Gateway Server process communicates as the

principal hosts/hostname/dfsgw-server. In the commands, password is the

password of the DCE identity to which you are authenticated.

dcecp> principal create hosts/hostname/dfsgw-server

dcecp> account create hosts/hostname/dfsgw-server -group subsys/dce/dfsgw-admin

-org none -password password -mypwd password

dcecp> exit

9. Use the su command to become the local superuser root on the machine:

$ su

Password: root_password

10. Add a server key for the hosts/hostname/dfsgw-server principal to the

krb5/v5srvtab keytab ﬁle on the machine. The dced process recognizes

the keytab ﬁle by the entry name self. In the commands, password is the

password of the DCE identity to which you were authenticated when

you created the principal.

# dcecp

dcecp> keytab add self -member hosts/hostname/dfsgw-server -key password

dcecp> keytab add self -member hosts/hostname/dfsgw-server -random -registry

dcecp> exit

11. Log out as the local superuser root to return to your authenticated DCE

identity.

12. If your current DCE identity is not included in the

dcelocal/var/dfs/admin.bos ﬁle on the machine, either add the identity to

the ﬁle or authenticate to DCE as a principal that is included in the ﬁle.

You can use the bos lsadmin command to list the principals and groups

included in the admin.bos ﬁle:

$ dcelocal/bin/bos lsadmin -server /.:/hosts/hostname -adminlist admin.bos

10 DFS for Solaris: NFS/DFS Secure Gateway Guide and Reference

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

IBM NFS/DFS Secure Gateway Network Router User Manual