HP Visualize J5000 hp enterprise file system: planning and configuring hp DCE/ - Page 157
Authenticating to DCE from an NFS Client
View all HP Visualize J5000 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 157 highlights
The DFS/NFS Secure Gateway Configuring Gateway Server Machines Note that if you configure multiple Gateway Server machines, each server machine houses its own authentication table. The dfs_login and dfs_logout commands affect entries only in the authentication table maintained on the Gateway Server machine they contact; commands in the dfsgw suite affect entries only in the authentication table on the machine on which they are issued. Authenticating to DCE from an NFS Client The dfs_login command authenticates a user to DCE from an NFS client. The command contacts the DCE Security Service to obtain a TGT and a service ticket for the Gateway Server (dfsgwd) process for the user. It encrypts the user's TGT with the service ticket and sends these to the Gateway Server process. It also sends the UID of the user who issues the command and the network address of the NFS client from which the command is issued. The Gateway Server process uses this information to create a valid login context, including a PAG, and an entry in the authentication table for the user. The syntax of the dfs_login command follows: dfs_login [-h hostname] [-l hh[:mm]] [dce_principal] [dce_password] The command includes the following options and arguments: -h hostname Specifies the hostname of the Gateway Server machine. By default, the command uses the hostname of the machine that exports /.... to the NFS client. Use this option to contact a different Gateway Server. -l hh[:mm] Specifies the lifetime to be assigned to the service ticket obtained with the command. Enter the lifetime as a number of hours and, optionally, minutes. A value specified with this option is subject to the policies in effect in the registry database of the DCE cell. By default, the ticket is assigned the default lifetime assigned to tickets in the DCE cell. dce_principal Specifies the DCE principal name of the user who is to be logged into DCE. By default, the command uses the name of the issuer of the command. 157