HP Visualize J5000 hp enterprise file system: planning and configuring hp DCE/ - Page 153
command. See Authenticating to DCE
View all HP Visualize J5000 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 153 highlights
The DFS/NFS Secure Gateway Configuring Gateway Server Machines • dfs_login allows users of the NFS client to establish an authenticated session by obtaining DCE credentials on a Gateway Server machine. (See "Authenticating to DCE from an NFS Client" for information about using this command.) • dfs_logout allows users on the NFS client to end an authenticated session established with the dfs_login command. (See "Authenticating to DCE from an NFS Client" for information about using this command.) The dfs_login and dfs_logout commands use version 5 of Kerberos to communicate with the DCE Security Service. 4 Create the Kerberos configuration file named /krb5/krb.conf. The dfs_login command reads this file to determine the name of a DCE Security Server that it can contact. This file must be identical to the /krb5/krb.conf file on machines in the host DCE cell; copy it from a machine in the DCE cell. 5 Create the Kerberos configuration file named /krb5/krb.realms. The Kerberos runtime uses the information in this file to translate Internet domains to the corresponding Kerberos realms. In the file, the Kerberos realm has the same name as the DCE cell. Each line of the file must have the following format: domain krb-realm where domain is the name of the local Internet domain, and krb-realm is the name of the Kerberos realm (the name of the DCE cell to be accessed). For example, in the following krb.realms file, def.com is the name of the Internet domain, and abc.com is the name of the DCE cell. If machines from multiple domains are to contact the DCE cell, you need a separate line for each domain. Note that realm names are case-sensitive. .DEF.COM abc.com 6 If you use the /etc/services file in your environment, add the following entry for the dfsgw service to the /etc/services file on the machine: dfsgw 438/udp dlog where dfsgw is the name of the service, 438 is the port at which the service receives RPCs, udp is the protocol the service uses to communicate, and dlog is an alias for the dfsgw service. If you use an NIS Services map in your environment, you added an entry to the services map file when you configured the first Gateway Server process. You do not need to add the entry to the services map when you configure NFS clients. 153