Support User Manuals

IBM NFS/DFS Secure Gateway Network Router User Manual

Open as PDF

of 67

Conﬁguring a Client Without Enabling Remote Authentication

If you conﬁgured your Gateway Server machines so that users cannot issue

the dfs_login command to authenticate to DCE, perform the steps in this

section to conﬁgure your NFS clients. The steps enable DFS access from an

NFS client without enabling DCE authentication from the client. Users can

authenticate only via the dfsgw add command.

1. Log in as the local superuser root on the machine.

2. Mount the root of the DCE namespace, /..., on the machine. In the

command, hostname is the hostname of a Gateway Server machine which

exports /.... Each Gateway Server machine conﬁgured as a Gateway Server

exports /.... To achieve proper load balancing if you conﬁgure multiple

Gateway Server machines, ensure that the mounts of /... on your NFS

clients are divided evenly among your Gateway Servers. (You can use the

NFS automount mechanism with a direct automount map to mount /...; see

your vendor’s NFS documentation for more information.)

# mkdir /...

# mount hostname:/... /...

3. Create a symbolic link from /: to the root of the DFS ﬁlespace for the host

DCE cell, /.../cellname/fs. In the command, cellname is the name of the DCE

cell to be accessed from the NFS client (the cell in which the machine that

exports /... is conﬁgured as a DFS client).

# ln -s /.../cellname/fs /:

4. Verify that the NFS mount of DCE was successful by using the ls

command to list the contents of /:, which leads to the root directory of the

DFS ﬁlespace. The command yields the same output from the NFS client

that it does from a DFS client of the DCE cell.

# ls /:

The NFS client is now conﬁgured to provide access to DFS but not to allow

users of the client to authenticate to DCE with the dfs_login command.

Repeat these steps on each NFS client to be conﬁgured in this manner. If you

later decide to allow users to authenticate to DCE from the NFS client, simply

perform the steps in “Conﬁguring a Client and Enabling Remote

Authentication” on the client.

Conﬁguring a Client and Enabling Remote Authentication

If you conﬁgured your Gateway Server machines so that users can issue the

dfs_login command to authenticate to DCE, perform the steps in this section

to conﬁgure your NFS clients. The steps enable both DFS and DCE

authentication from an NFS client. Users can authenticate via either the dfsgw

add command or the dfs_login command.

14 DFS for Solaris: NFS/DFS Secure Gateway Guide and Reference

previous next