IBM NFS/DFS Secure Gateway Network Router User Manual


 
Conguring a Client Without Enabling Remote Authentication
If you congured your Gateway Server machines so that users cannot issue
the dfs_login command to authenticate to DCE, perform the steps in this
section to congure your NFS clients. The steps enable DFS access from an
NFS client without enabling DCE authentication from the client. Users can
authenticate only via the dfsgw add command.
1. Log in as the local superuser root on the machine.
2. Mount the root of the DCE namespace, /..., on the machine. In the
command, hostname is the hostname of a Gateway Server machine which
exports /.... Each Gateway Server machine congured as a Gateway Server
exports /.... To achieve proper load balancing if you congure multiple
Gateway Server machines, ensure that the mounts of /... on your NFS
clients are divided evenly among your Gateway Servers. (You can use the
NFS automount mechanism with a direct automount map to mount /...; see
your vendors NFS documentation for more information.)
# mkdir /...
# mount hostname:/... /...
3. Create a symbolic link from /: to the root of the DFS lespace for the host
DCE cell, /.../cellname/fs. In the command, cellname is the name of the DCE
cell to be accessed from the NFS client (the cell in which the machine that
exports /... is congured as a DFS client).
# ln -s /.../cellname/fs /:
4. Verify that the NFS mount of DCE was successful by using the ls
command to list the contents of /:, which leads to the root directory of the
DFS lespace. The command yields the same output from the NFS client
that it does from a DFS client of the DCE cell.
# ls /:
The NFS client is now congured to provide access to DFS but not to allow
users of the client to authenticate to DCE with the dfs_login command.
Repeat these steps on each NFS client to be congured in this manner. If you
later decide to allow users to authenticate to DCE from the NFS client, simply
perform the steps in Conguring a Client and Enabling Remote
Authentication on the client.
Conguring a Client and Enabling Remote Authentication
If you congured your Gateway Server machines so that users can issue the
dfs_login command to authenticate to DCE, perform the steps in this section
to congure your NFS clients. The steps enable both DFS and DCE
authentication from an NFS client. Users can authenticate via either the dfsgw
add command or the dfs_login command.
14 DFS for Solaris: NFS/DFS Secure Gateway Guide and Reference