Filter
Top Products
When an unauthenticated user creates an object, the object is owned by the
user nobody and the group nogroup. The UID of the user nobody is -2, and
the GID of the group nogroup is also -2. (Identities and ID numbers of an
unauthenticated user and group can vary between systems; see your vendor’s
documentation for more information.)
Unauthenticated access is provided with the NFS/DFS Secure Gateway as a
side effect of configuring Gateway Server machines and NFS clients.
Unauthenticated access is available without the NFS/DFS Secure Gateway.
Simply export /... from a DFS client that is also an NFS Server, and mount /...
on each NFS client from which users are to access DFS.
Authenticated Access to DFS
Authenticated access is available to users who have accounts in the DCE cell.
When an authenticated user accesses an object in the DFS filespace, the user
receives the permissions associated with the DCE identity. When the user
creates an object, the object is owned by the DCE principal and its primary
group.
To authenticate to DCE, you can issue either of the following commands, both
of which establish credentials recognized by the DCE Security Service:
v From an NFS client, issue the dfs_login command. (See “Authenticating to
DCE from an NFS Client” on page 19 for more information.)
v From a Gateway Server machine, issue the dfsgw add command. (See
“Authenticating to DCE from a Gateway Server Machine” on page 21 for
more information.)
Note: The dfs_login and dfs_logout commands are not provided with DFS;
these commands can be used only if they are available from your NFS
vendor and have been installed on an NFS client. If these commands
are not available, use the dfsgw add and dfsgw delete commands,
which work in a similar fashion. See your NFS vendor documentation
for the availability and use of the dfs_login and dfs_logout commands.
A user who desires authenticated access to DFS must have a principal and
account in the registry database of the DCE cell. An entry must exist for the
user in the /etc/passwd file on the machine configured as a Gateway Server
and on each NFS client from which the user is to access DCE. It is
recommended that the user’s UID in the /etc/passwd file match the user’s UID
in the DCE registry database. (On a DCE client, the passwd_export command
can be used to keep /etc/passwd files current with respect to the registry
database; see the IBM Distributed Computing Environment for AIX and Solaris:
Administration Guide - Core Components for more information.)
18 DFS for Solaris: NFS/DFS Secure Gateway Guide and Reference