Chapter 1. Overview of the NFS/DFS Secure Gateway
The Network File System (NFS) to DFS Secure Gateway provides a
mechanism for granting authenticated access to the DFS filespace from an
NFS client. The NFS/DFS Secure Gateway enables users to access data in the
DFS filespace from a machine that is configured as an NFS client but not as a
DCE client.
To use the NFS/DFS Secure Gateway for authenticated access to DFS, you
must configure at least one Gateway Server machine. A Gateway Server
machine must be a DFS client in the DCE cell to which access is to be
provided. One function of a Gateway Server machine is to export the root of
the DCE global namespace, /..., via NFS. Mount /... on each NFS client from
which users are to access DFS to provide unauthenticated access to DFS.
The primary function of a Gateway Server machine is to provide DCE
authentication to users of NFS clients. NFS users who have valid accounts in
the registry database of the DCE cell authenticate to DCE to gain
authenticated access to DFS. Depending on the needs of users and the security
considerations of the DCE cell, you can provide local authentication to DCE
from Gateway Server machines, remote authentication to DCE from NFS
clients, or both. Local and remote authentication work as follows:
v
Local authentication to DCE from Gateway Server machines is provided via
the dfsgw add command. With local authentication, you can enable users to
issue the dfsgw add command to authenticate themselves, or you can
control access to DFS by allowing only system administrators to provide
authentication via the dfsgw add command. (The dfsgw command suite
includes additional commands to provide for central administration from
Gateway Server machines.)
Local authentication requires little configuration, but it provides a limited
approach to authentication. Configuration consists only of installing the
dfsgw
commands on Gateway Server machines. However, authentication
requires either administrative intervention or remote access to the Gateway
Server machine (via the telnet program, for example); the latter approach
results in user passwords being sent over the network in the clear.
v
Remote authentication to DCE from NFS clients can be provided via the
dfs_login
command, if the command is supplied by the NFS vendor. With
remote authentication, users can issue the dfs_login command to
authenticate themselves.
Remote authentication requires additional configuration, but it provides a
less burdensome and more secure approach to authentication. Configuration
consists of installing and configuring the Gateway Server (dfsgwd) process
© Copyright IBM Corp. 1989, 1999
1
Содержание DFS
Страница 1: ...DFS for Solaris NFS DFS Secure Gateway Guide and Reference V ersion 3 1 GC09 3993 00 ...
Страница 2: ......
Страница 3: ...DFS for Solaris NFS DFS Secure Gateway Guide and Reference V ersion 3 1 GC09 3993 00 ...
Страница 6: ...iv DFS for Solaris NFS DFS Secure Gateway Guide and Reference ...
Страница 10: ...viii DFS for Solaris NFS DFS Secure Gateway Guide and Reference ...
Страница 14: ...4 DFS for Solaris NFS DFS Secure Gateway Guide and Reference ...
Страница 22: ...12 DFS for Solaris NFS DFS Secure Gateway Guide and Reference ...
Страница 34: ...24 DFS for Solaris NFS DFS Secure Gateway Guide and Reference ...
Страница 44: ...Related Information Commands dfsgw help 8dfs 34 DFS for Solaris NFS DFS Secure Gateway Guide and Reference ...
Страница 51: ...dfsgw_delete 8dfs dfsgw_query 8dfs Chapter 5 Configuration File and Command Reference 41 ...
Страница 58: ...48 DFS for Solaris NFS DFS Secure Gateway Guide and Reference ...
Страница 65: ......
Страница 67: ...Spine information DFS for Solaris NFS DFS Secure Gateway Guide and Reference Version 3 1 GC09 3993 00 ...