HP Visualize J5000 hp enterprise file system: planning and configuring hp DCE/ - Page 156
OSF DCE Administration Guide-Core Components
View all HP Visualize J5000 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 156 highlights
The DFS/NFS Secure Gateway Configuring Gateway Server Machines database. (On a DCE client, the passwd_export command can be used to keep /etc/passwd files current with respect to the registry database; see the OSF DCE Administration Guide-Core Components for more information.) The dfs_login and dfsgw add commands obtain a new TGT if you already have a valid TGT in your current login context and you do not request DCE credentials for a different user. However, the commands do allow you to use your existing TGT to establish authenticated access to DFS from additional NFS clients. If you do not already have an entry in the authentication table for an NFS client from which you request authenticated access, the commands create a new entry for you, using the existing TGT as the basis of the new entry; if you already have an entry in the authentication table for the NFS client, the commands update the authentication table with new PAG and expiration time information. DCE credentials (tickets) expire after the lifetime specified by the DCE Security Service. Once they expire, the tickets can no longer be used for authenticated access. To end an authenticated session before the ticket lifetime has passed, you can issue either of the following commands: • From the NFS client from which authenticated access to DFS is provided, enter the dfs_logout. (See "Authenticating to DCE from an NFS Client.") • From the Gateway Server machine via which DFS is accessed, enter the dfsgw delete command. (See "Authenticating to DCE from a Gateway Server Machine.") Both commands remove the entry from the authentication table that provides authenticated access from the NFS client. Regardless of which command you used to establish the DCE credentials (dfs_login or dfsgw add), you can end the authenticated session with the dfs_logout command or the dfsgw delete command. Neither command affects authenticated access from other NFS clients. If your DCE credentials are the basis of another entry in the authentication table, you still have authenticated access via that other entry. To refresh your DCE credentials before they expire, use the kinit command to obtain new credentials, then use the dfs_login or dfsgw add command to replace your existing TGT with the new TGT. This procedure provides you with authenticated access to DFS for the ticket lifetime of your new TGT. If you do not have access to the kinit command, you cannot refresh your DCE credentials. 156