Filter
Top Products
Note: The dfs_login and dfs_logout commands are not provided with DFS;
these commands can be used only if they are available from your NFS
vendor. If these commands are not available, use the dfsgw add and
dfsgw delete commands, which work in a similar fashion. See your
NFS vendor documentation for the availability and use of the dfs_login
and dfs_logout commands.
1. If you have not already done so, perform all of the steps in “Configuring a
Client Without Enabling Remote Authentication” on page 14 to mount /...
on the machine.
2. If you have not already done so, log in as the local superuser root on the
machine.
3. Install the binary files for the dfs_login and dfs_logout commands in the
/usr/bin directory on the machine. These commands provide the following
functionality:
dfs_login
Establishes an authenticated session for users of the NFS client by
obtaining DCE credentials on a Gateway Server machine. (See
“Authenticating to DCE from an NFS Client” on page 19 for
information about using this command.)
dfs_logout
Ends an authenticated session established with the dfs_login
command. (See “Authenticating to DCE from an NFS Client” on
page 19 for information about using this command.)
(The dfs_login and dfs_logout commands use version 5 of Kerberos to
communicate with the DCE Security Service.)
4. Create the Kerberos configuration file named /krb5/krb.conf. The
dfs_login command reads this file to determine the name of a DCE
Security Server that it can contact. This file must be identical to the
/krb5/krb.conf file on machines in the host DCE cell; copy it from a
machine in the DCE cell.
5. Create the Kerberos configuration file named /krb5/krb.realms. The
Kerberos runtime uses the information in this file to translate Internet
domains to the corresponding Kerberos realms. In the file, the Kerberos
realm has the same name as the DCE cell. Each line of the file must have
the following format:
domain krb-realm
where domain is the name of the local Internet domain, and krb-realm is the
name of the Kerberos realm (the name of the DCE cell to be accessed). For
example, in the following krb.realms file, def.com is the name of the
Internet domain, and abc.com is the name of the DCE cell. If machines
from multiple domains are to contact the DCE cell, you need a separate
line for each domain. Note that realm names are case-sensitive.
Chapter 3. Configuring NFS Clients to Access DFS 15