Description
The dfsgw add command authenticates a user to DCE. The command contacts
the DCE Security Service to obtain a TGT for the user. To obtain a TGT, a user
must have a valid account in the registry database of the DCE cell. The TGT
is used to create a valid login context for the user. The login context includes
a Process Activation Group (PAG), which DFS stores in the kernel of the
Gateway Server machine to identify the user’s TGT. The TGT serves as the
user’s DCE credentials to provide authenticated access to files and directories
in the DFS filespace from the specified NFS client.
The dfsgw add command adds an entry for the user to the authentication
table on the local Gateway Server machine. The entry is a mapping that pairs
the user’s UID and the network address of the NFS client for which the user
has DCE credentials with the user’s PAG. Because each Gateway Server
machine maintains its own authentication table, you must issue the command
on the Gateway Server machine on which an entry is to be added to the
authentication table.
The dfsgw add command returns an exit value of 0 (zero) if it adds an entry
for the user to the authentication table. Otherwise, it returns a nonzero exit
value.
DCE credentials obtained with the command are valid for the default ticket
lifetime in effect in the registry database of the DCE cell. DCE credentials can
be refreshed by issuing the dfsgw add command before they expire. In this
case, the command automatically associates the user with the DCE principal;
it does not have to be supplied. After the credentials expire, they can no
longer be used for authenticated access to DFS. You must obtain new
credentials by issuing the dfsgw add command.
The dfsgw add command does not obtain a new TGT if you do not name a
principal other than yourself on the command line and you already have a
valid TGT in the current login context. If you do not already have an entry in
the authentication table for the specified NFS client, the command uses your
existing PAG to create a new entry for you. If you already have an entry in
the authentication table for the NFS client, the command refreshes your DCE
credentials.
Use the dfsgw delete command to end an authenticated session by removing
an entry from the authentication table.
Privileges Required
The issuer must be logged into the Gateway Server machine either as the user
for whom credentials are to be created or as the local superuser root.
Chapter 5. Configuration File and Command Reference 31