HP Workstation c3650 hp enterprise file system: planning and configuring hp DC - Page 155
Authenticated Access to DFS
View all HP Workstation c3650 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 155 highlights
The DFS/NFS Secure Gateway Configuring Gateway Server Machines • For objects in non-LFS filesets, unauthenticated users receive the permissions granted by the other mode bits of the object. • For objects in DCE LFS filesets, unauthenticated users receive the permissions granted by the any_other entry, if it exists, on the ACL of the object. The mask_obj entry filters permissions granted via the any_other entry. When an unauthenticated user creates an object, the object is owned by the user nobody and the group nogroup. The UID of the user nobody is -2, and the GID of the group nogroup is also -2. (Note that identities and ID numbers of an unauthenticated user and group can vary between systems; see your vendor's documentation for more information.) Unauthenticated access is provided with the DFS/NFS Secure Gateway as a side effect of configuring Gateway Server machines and NFS clients. Unauthenticated access is available without the DFS/NFS Secure Gateway. Simply export /... from a DFS client that is also an NFS Server, and mount /... on each NFS client from which users are to access DFS. Authenticated Access to DFS Authenticated access is available to users who have accounts in the DCE cell. When an authenticated user accesses an object in the DFS filespace, the user receives the permissions associated with the DCE identity to which the user is authenticated. When the user creates an object, the object is owned by the user and the user's primary group. To authenticate to DCE, you can issue either of the following commands, both of which establish credentials recognized by the DCE Security Service: • From an NFS client, enter the dfs_login command. (See "Authenticating to DCE from an NFS Client.") • From a Gateway Server machine, enter the dfsgw add command. (See "Authenticating to DCE from a Gateway Server Machine.") A user who desires authenticated access to DFS must have a principal and account in the registry database of the DCE cell. An entry must exist for the user in the /etc/passwd file on the machine configured as a Gateway Server and on each NFS client from which the user is to access DCE. The user's UID in the /etc/passwd file must match the user's UID in the DCE registry 155