The dfsgw add command can be used to refresh DCE credentials. If they are
not refreshed, DCE credentials (tickets) expire after the lifetime specified by
the DCE Security Service. After they expire, the tickets can no longer be used
for authenticated access. To end an authenticated session before the ticket
lifetime has passed, you can issue either of the following commands:
v
From the NFS client from which authenticated access to DFS is provided,
enter the dfs_logout command. (See “Authenticating to DCE from an NFS
Client”)
v
From the Gateway Server machine via which the DFS is accessed, enter the
dfsgw delete
command. (See “Authenticating to DCE from a Gateway
Server Machine” on page 21)
Both commands remove the entry from the authentication table that provides
authenticated access from the NFS client. Regardless of which command you
used to establish the DCE credentials (dfs_login or dfsgw add), you can end
the authenticated session with the dfs_logout command or the dfsgw delete
command. Neither command affects authenticated access from the other NFS
clients. If your DCE credentials are the basis of another entry in the
authentication table, you still have authenticated access via that other entry.
To refresh your DCE credentials before they expire, use the dfsgw add
command, which refreshes the ticket lifetime of your existing TGT. to obtain
new credentials, then use the dfs_login or dfsgw add command to replace
your existing TGT with the new TGT.
Note that if you configure multiple Gateway Server machines, each server
machine houses its own authentication table. The dfs_login and dfs_logout
commands affect entries only in the authentication table maintained on the
Gateway Server machine they contact; commands in the dfsgw suite affect
entries only in the authentication table on the machine on which they are
issued.
Authenticating to DCE from an NFS Client
The dfs_login command authenticates a user to DCE from an NFS client. The
command contacts the DCE Security Service to obtain a TGT and a service
ticket for the Gateway Server (dfsgwd) process for the user. It encrypts the
user’s TGT with the service ticket and sends these to the Gateway Server
process. It also sends the UID of the user who issues the command and the
network address of the NFS client from which the command is issued. The
Gateway Server process uses this information to create a valid login context,
including a PAG, and an entry in the authentication table for the user.
Note:
The dfs_login and dfs_logout commands are not provided with DFS;
these commands are provided by your NFS vendor. The instructions
Chapter 4. Accessing DFS from an NFS Client
19
Summary of Contents for DFS
Page 1: ...DFS for Solaris NFS DFS Secure Gateway Guide and Reference V ersion 3 1 GC09 3993 00 ...
Page 2: ......
Page 3: ...DFS for Solaris NFS DFS Secure Gateway Guide and Reference V ersion 3 1 GC09 3993 00 ...
Page 6: ...iv DFS for Solaris NFS DFS Secure Gateway Guide and Reference ...
Page 10: ...viii DFS for Solaris NFS DFS Secure Gateway Guide and Reference ...
Page 14: ...4 DFS for Solaris NFS DFS Secure Gateway Guide and Reference ...
Page 22: ...12 DFS for Solaris NFS DFS Secure Gateway Guide and Reference ...
Page 34: ...24 DFS for Solaris NFS DFS Secure Gateway Guide and Reference ...
Page 51: ...dfsgw_delete 8dfs dfsgw_query 8dfs Chapter 5 Configuration File and Command Reference 41 ...
Page 58: ...48 DFS for Solaris NFS DFS Secure Gateway Guide and Reference ...
Page 65: ......