Page 2: Legal Notices
Legal Notices Legal Notices The information in this document is subject to change without notice. Hewlett-Packard makes no warranty of any kind with regard to this document, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. Hewlett-Packard shall not be held liable for errors contained herein or direct, indirect, special, incidental or consequential damages in connection with the furnishing, performance, or use of this material.
Page 3 Legal Notices This software is based in part on the Fourth Berkeley Software Distribution under license from the Regents of the University of California. ©copyright 1980, 1984, 1986 Novell, Inc. ©copyright 1986-1992 Sun Microsystems, Inc. ©copyright 1985-86, 1988 Massachusetts Institute of Technology. ©copyright 1989-93 The Open Software Foundation, Inc.
Page 4 Legal Notices...
Page 5: Table Of Contents
Contents Planning and Configuring HP DCE/9000 Enhanced DFS Version 3.0 1 1 About HP DCE/9000 Enhanced DFS Overview of HP DCE/9000 Enhanced DFS Version 3.0 12 Benefits 13 Features 14 Restriction of RPC Addresses 14 DCE/DFS TCL Configuration Functions 15...
Page 6 Contents Before Installing and Configuring Enhanced DFS 3.0 27 To Install and Configure Enhanced DFS 28 Enhanced DFS 3.0 Filesets 29 Migrating root.dfs from UFS to Episode 31 Replicating root.dfs Using “Cheap Replication” 34 Handling of setuid Programs and Device Files in DFS 36 setuid Script 36 Additional DFS Cache Manager Commands 38 Stopping Enhanced DFS 43...
Page 7 Contents Configuring a DFS Client 57 dfs_config Environment Variables 60 A TCL Functions DCE TCL Functions 64 Configuration Functions 64 Unconfiguration Function 75 Cleanup Functions 76 Miscellaneous Functions 84 DCE TCL Examples 112 Configuring a DCE Client 112 Configuring a Single-machine DCE Server 112 Configuring dced 113 Configuring secd 113 Configuring cdsd 114...
Page 8 Contents B The DFS/NFS Secure Gateway Overview of the DFS/NFS Gateway 140 Configuring Gateway Server Machines 143 Configuring a Gateway Server Without Enabling Remote Authentication 144 Configuring a Gateway Server and Enabling Remote Authentication 145 Configuring the BOS Server Process 146 Configuring the Gateway Server Process 148 Configuring NFS Clients to Access DFS 150 Configuring a Client Without Enabling Remote Authentication 151...
Page 9: About This Document
Hewlett-Packard. For features of standard DFS, see the OSF documentation. This book is organized as follows: • Chapter 1 describes the benefits and features of HP DCE/9000 Enhanced DFS and provides important compatibility information and installation requirements. • Chapter 2 describes installing HP DCE/9000 Enhanced DFS.
Page 11: About Hp Dce/9000 Enhanced Dfs
About HP DCE/9000 Enhanced DFS HP DCE/9000 Enhanced DFS Version 3.0 is a distributed file system functionally equivalent to Version 1.2.2 of The Open Group (formerly Open Software Foundation) DCE Distributed File Service (DFS). Enhanced DFS is one component of the HP Enterprise File System product family.
Page 12: Overview Of Hp Dce/9000 Enhanced Dfs Version 3.0
Overview of HP DCE/9000 Enhanced DFS Version 3.0 Overview of HP DCE/9000 Enhanced DFS Version 3.0 HP DCE/9000 Enhanced DFS 3.0 is a distributed client/server application that presents DCE with a global view of a set of files and directories, independent of machine boundaries.
Page 13: Benefits
• Backs up and restores system and user data as needed Enhanced DFS 3.0 operates on top of and interacts with the following HP DCE 1.7 components: •...
Page 14: Features
About HP DCE/9000 Enhanced DFS Features Features Enhanced DFS 3.0 offers complete HP DCE/9000 1.7 DFS server functionality for distributed computing environments, which can include: • Server machines • Client machines • Data access management • Administrative domains • Administrative lists and groups •...
Page 15: Dce/Dfs Tcl Configuration Functions
About HP DCE/9000 Enhanced DFS Features DCE/DFS TCL Configuration Functions Enhanced DFS 3.0 offers a number of configuration, unconfiguration, cleanup, and miscellaneous TCL functions for DCE and DFS. For more information, see Appendix A. Global Variables Enhanced DFS 3.0 offers a number of global variables including directory variables, execution variables, and security server variables.
Page 16: Administration Tools For Enhanced Dfs 3.0
Admin web. The EFS Admin web is a group of HTML files and CGI scripts shipped with the Enhanced DFS product (see "HP Enterprise File System Admin web" in this chapter). You can run the EfsStatus tool directly from a command line by entering /opt/dce/efsadmin/bin/efsstatus.dcp.
Page 17: Hp Enterprise File System Admin Web
• send mail about Enhanced DFS to HP Note that you can access a copy of the HP DCE/9000 Enhanced DFS Version 3.0 Release Note (in HTML format) from the The HTML Release Note is the same as the printed Release Note, except it may contain post-product-release updates to the printed version.
Page 18: Compatibility Information And Installation Requirements
DCE/9000 Version 1.4x, 1.5.x, EFS 1.0, DFS 2.0, and 1.7 DFS clients and servers. Enhanced DFS 3.0 servers can "serve" HP DCE/9000 Version 1.4x and 1.7 DFS clients; conversely, HP DCE/9000 Version 1.4x and 1.7 DFS servers can serve Enhanced DFS 3.0 clients.
Page 19: What Manuals Are Available For This Version
HP DCE/9000 Enhanced DFS Version 3.0 Release Note — available online via the World Wide Web at HP’s EFS home page web site. See the “HP Enterprise File System Admin Web” section in Chapter 1 for details about accessing this file.
Page 20 About HP DCE/9000 Enhanced DFS What Manuals are Available for This Version...
Page 21: Installing And Configuring Enhanced Dfs
Installing and Configuring Enhanced DFS 3.0 This chapter describes how to install and configure HP DCE/9000 Enhanced DFS Version 3.0 on HP-UX 11.0. It also contains a list of the filesets for Enhanced DFS.
Page 22: Planning For Enhanced Dfs 3.0 Installation And Configuration
Installing and Configuring Enhanced DFS 3.0 Planning for Enhanced DFS 3.0 Installation and Configuration Planning for Enhanced DFS 3.0 Installation and Configuration You can configure the following types of Enhanced DFS servers: • A System Control server distributes system configuration information that is shared by all Enhanced DFS server machines in a cell.
Page 23 This problem does not arise with Episode aggregates, since Episode is not locally mountable and you cannot have a disk cache residing there. Episode aggregates must reside in a separate file system. When exporting a UFS fileset, however, consider using a memory cache if you have only a single partition.
Page 24: Preparing To Administer Dfs
Installing and Configuring Enhanced DFS 3.0 Preparing to Administer DFS Preparing to Administer DFS If you are logging in as the root user and are planning to run the DFS daemons directly, adding the directory /opt/dce/sbin to the appropriate path variable for the shell makes the execution of the DFS daemons more convenient.
Page 25: Considerations For Enhanced Dfs 3.0 Installation And Configuration
Considerations for Enhanced DFS 3.0 Installation and Configuration Considerations for Enhanced DFS 3.0 Installation and Configuration HP recommends considering the following points for Enhanced DFS 3.0 Installation and Configuration: • Installation requires about 21 MB of disk space. • The default cache location is /var/opt/dce/adm/dfs/cache. The default maximum cache size is 10 MB.
Page 26 Installing and Configuring Enhanced DFS 3.0 Considerations for Enhanced DFS 3.0 Installation and Configuration system (A DCE/DFS File Server/Fileset Database Machine combination needs about 89 MB of additional swap space) A minumum of 164 MB of swap space for a file/fileset database/backup server system (A DCE/DFS Fileset Database/Backup Server Machine combination needs about 164 MB of swap space) An average of 10 MB of DFS cache disk space...
Page 27: Before Installing And Configuring Enhanced Dfs 3.0
• Create the file system for the root.dfs/ fileset. HP recommends creating an Episode file system, or migrating a UFS file system to Episode. If you migrate an Episode file system, before you run dce_config or perform the migration procedure, use the HP-UX Logical Volume Manager (LVM) to create the logical volume on which you want to store the Episode file system.
Page 28: To Install And Configure Enhanced Dfs
Installing and Configuring Enhanced DFS 3.0 To Install and Configure Enhanced DFS To Install and Configure Enhanced DFS The update procedure for Enhanced DFS is the same whether the predecessor product DFS 1.7 is configured or not. To directly map the EFS 3.0 product to any of its predecessors, use the “Match what target has”...
Page 29: Enhanced Dfs 3.0 Filesets
Enhanced DFS 3.0 Filesets The Enhanced DFS 3.0 software is divided into products and filesets. The following table shows the Enhanced DFS 3.0 filesets, arranged according to product, and includes a description and a list of dependencies. Product Fileset EFS-DFSCore EFS-BPRG EFS-CLIENT EFS-COMMON...
Page 30 Installing and Configuring Enhanced DFS 3.0 Enhanced DFS 3.0 Filesets Product Fileset EFS-DFSServer EFS-ADMIN EFS-EPISODE EFS-KERN-EPI EFS-KERN-SVR EFS-SERVER EFS-SERVER-CMN EFS-ENG-A-MAN EFS-ResourceKit EFS-WEB EFS-CNTRB-SNTL EFS-CNTRB-TKMAJ Description EFS administration prerequisites: tools DCE-Core.DCE-CORE-RUN DCE-CoreAdmin.DCE-CORE- DIAG corequisites: OS-Core.CMDS-MIN EFS-DFSCore.EFS-CLIENT EFS Episode commands corequisite: EFS-DFSServer.EFS-KERN-EPI EFS Episode kernel corequisite: library...
Page 31: Migrating Root.dfs From Ufs To Episode
Revision 1.2.2. An HTML version of this document is provided in the Enhanced DFS fileset EFS-DOCS, and installed in the directory /opt/dce/efs_docs. 1 Use the HP-UX Logical Volume Manager (LVM) to create the logical volume on which you want to store the Episode file system. Be sure to select "None" for the file system "Usage:"...
Page 32 Installing and Configuring Enhanced DFS 3.0 Migrating root.dfs from UFS to Episode 5 Use the dce_login command to become the administrator. Example: dce_login cell_admin password 6 Use the fts create command to create a read/write fileset to be used as the new Episode root.dfs.
Page 33 14 Set up ACLs appropriately, including Initial Container Creation (IC) and Initial Object Creation (IO) ACLs. See Chapter 3 of the The OSF DCE DFS Administration Guide, Revision 1.2.2 for details. Note that the default ACLs for a newly created fileset are equivalent to a UNIX mode of 700; specifically: dcecp>...
Page 34: Replicating Root.dfs Using "Cheap Replication
Installing and Configuring Enhanced DFS 3.0 Replicating root.dfs Using “Cheap Replication” Replicating root.dfs Using “Cheap Replication” If your root.dfs fileset uses Episode, you can use the following procedure to replicate root.dfs. The first replica must use cheap replication; that is, replicated on the same aggregate.
Page 35 6 Use this command to make sure that the replica (the read-only copy of root.dfs) is valid: fts lsfldb root.dfs 7 cd to /, then use this command to force the Cache Manager to update the fileset information: cm checkfilesets 8 Use this command to make sure the root.dfs.readonly fileset is now mounted at fts lsqquota /: 9 Use this command to make sure /:/.rw is now valid:...
Page 36: Handling Of Setuid Programs And Device Files In Dfs
Installing and Configuring Enhanced DFS 3.0 Handling of setuid Programs and Device Files in DFS Handling of setuid Programs and Device Files in DFS By default, the DFS Cache Manager (that is, the DFS client) does not allow a setuid program to change the effective uid or gid of the process executing it. The cm setsetuid command directs the DFS to permit a setuid program to change the effective uid or gid.
Page 37 Installing and Configuring Enhanced DFS 3.0 Handling of setuid Programs and Device Files in DFS # These files contain the global and local configuration # for the setuid state. The global file should contain the # setuid state that is common to everyone in the cell. # Putting it into DFS makes it visible to all clients.
Page 38: Additional Dfs Cache Manager Commands
Installing and Configuring Enhanced DFS 3.0 Handling of setuid Programs and Device Files in DFS if [ -r ${localconf} ]; then while read PATH STATE; do cm setsetuid ${PATH} -state ${STATE} done < ${localconf} For more information, see the OSF DCE DFS Reference Guide, Revision 1.2.2.
Page 39 NAME - Shows whether hard mount semantics are in effect for cm gethardmount the specified or current fileset SYNOPSIS cm gethardmount [-path {file|dir}] [-help] OPTIONS -path {file | dir} Names a file or directory from each fileset whose hard mount status information is to be displayed.
Page 40 Installing and Configuring Enhanced DFS 3.0 Handling of setuid Programs and Device Files in DFS OUTPUT The cm gethardmount command first displays the line Fileset pathname status: In the output, is the name of a file or directory specified with the pathname option.
Page 41 NAME - Specifies whether hard mount semantics are in effect cm sethardmount for the specified or current fileset. SYNOPSIS cm sethardmount [-path {file|dir}] [-state {on/off}] [-help] Hard mount semantics have the same meanings as NFS hard mount semantics. Operations on hard mounted filesets wait for completion by the server.
Page 42 Installing and Configuring Enhanced DFS 3.0 Handling of setuid Programs and Device Files in DFS DESCRIPTION The cm sethardmount command specifies whether the Cache Manager should provide hard mount semantics for the indicated filesets. Indicate each fileset for which hard mount semantics are to be provided or not provided by specifying the name of a file or directory in the fileset with the option.
Page 43: Stopping Enhanced Dfs
Stopping Enhanced DFS Neither dce_config nor the SAM-based DCM (DCE Configuration Manager) can successfully stop Enhanced DFS daemons. Enhanced DFS can only be stopped by rebooting the system. A reboot is required to stop those Enhanced DFS daemons that are kernel processes. If Enhanced DFS is started automatically at boot time and you want to prevent this, you can take either of the following actions.
Page 44: Removing Enhanced Dfs Configuration Information And Dfs Cache Files
Installing and Configuring Enhanced DFS 3.0 Removing Enhanced DFS Configuration Information and DFS Cache Files Removing Enhanced DFS Configuration Information and DFS Cache Files The easiest method to cleanly remove DCE configuration information and Enhanced DFS cache files from a node, returning DCE to an installed but pre-configured state, is: 1 Use dce_config to unconfigure the node from the DCE cell.
Page 45: Restricting Rpc Addresses
Installing and Configuring Enhanced DFS 3.0 Restricting RPC Addresses Restricting RPC Addresses Enhanced DFS 3.0 includes restricting RPC addresses with the use of the environment variable, RPC_SUPPORTED_NETADDRS. The format of the RPC_SUPPORTED_NETADDRS string is as follows: RPC_SUPPORTED_NETADDRS=protseq:netaddr For example, assuming that host myhost is located at IP address 10.3.2.1, the Korn shell statements: export RPC_SUPPORTED_NETADDRS=ip:myhost export RPC_SUPPORTED_NETADDRS=ip:10.3.2.1...
Page 46: Setting Global Variables
Installing and Configuring Enhanced DFS 3.0 Setting Global Variables Setting Global Variables Global variables include directory variables, execution variables, and security server variables. Global variables may be defined by the user if the default setting is not correct for whatever reason. If none are defined, the configuration scripts will still work correctly.
Page 47 Security server variables can change how the security server is eventually configured. • LOW_UID - This is the starting UID value to use when new entries are made in the security registry. Default is ‘100’. • LOW_GID - This is the starting GID value to use when new entries are made in the security registry.
Page 48: Using Tuning Variables
Installing and Configuring Enhanced DFS 3.0 Using Tuning Variables Using Tuning Variables Enhanced DFS 3.0 includes variables that allow system administrators to specify startup parameters for DFS daemons. NOTE: Although you can pass any supported option to the various daemons using these variables, many options should notbe passed, and specifying them can cause problems for your installation.
Page 49: Running Dce_Config To Configure Enhanced Dfs
Running dce_config to Configure Enhanced DFS This chapter describes how to configure HP DCE/9000 Enhanced DFS 3.0 on HP-UX 11.0 using the dce_config utility. You cannot configure Enhanced DFS 3.0 with the SAM-based DCM (DCE Configuration Manager) tool. Follow the instructions in this chapter to complete the installation and configuration in the “Installing and Configuring Enhanced DFS 3.0”...
Page 50: Configuring A System Control Server
Running dce_config to Configure Enhanced DFS Configuring a System Control Server Configuring a System Control Server A System Control server is not required. If you want to configure a System Control server, perform the following steps: 1 As root, run dce_config. From the DCE Main Menu, choose CONFIGURE: DCE Main Menu (on hostname) selection: 1 (CONFIGURE) DCE Configuration Menu (on hostname)
Page 51 3 From the DCE Additional Server Configuration Menu, choose DFS System Control Machine: Additional Server Configuration Menu (on hostname) 1. Additional CDS Server(s) 2. DTS 3. DFS System Control Machine 4. DFS Private File Server 5. DFS File Server 6. DFS Fileset Location Database Server 7.
Page 52: Configuring A Dfs Fileset Location Database
Running dce_config to Configure Enhanced DFS Configuring a DFS Fileset Location Database Configuring a DFS Fileset Location Database Each cell that uses DFS requires at least one Fileset Location Database (FLDB) server. If you are configuring a DFS System Control server, you should do so before configuring the DFS FLDB server.
Page 53 S:****** Starting bosserver... Checking for a Ubik sync site in hosts/node_name Host /.:/hosts/node_name is now the sync site 2 dce_config prompts for the name of the System Control machine. If your cell does not use a System Control machine, enter the name of the local machine. This name must exactly match the output of the hostname command.
Page 54 Running dce_config to Configure Enhanced DFS Configuring a DFS Fileset Location Database 8 dce_config prompts for a numerical aggregate ID. Enter a unique ID, corresponding to the type and integer you used in the aggregate name. Enter the LFS aggregate id (1): 1 9 dce_config displays information about the aggregate and about the fileset specified in Step 4: number of sites: 1...
Page 55: Configuring A File Server And A Private File Server
Configuring a File Server and a Private File Server The steps to configure a File server and a Private File server are the same. In the steps that follow, a File server is configured to illustrate the sequence of prompts and actions. However, you can use the same instructions to configure a Private File server.
Page 56 Running dce_config to Configure Enhanced DFS Configuring a File Server and a Private File Server 5 dce_config prompts for the fileset name. Enter a name of your choice. Enter the LFS fileset name (lfs_set): root.dfs 6 dce_config prompts for the aggregate name. Enter a name of your choice. Common names are lfsx or epix where x is the aggregate ID.
Page 57: Configuring A Dfs Client
Configuring a DFS Client A DFS Client machine must have been previously configured as a DCE client. Before you configure a DFS client, determine the following: • The cache size, where it is located (system memory or the local disk), and the directory where it will be stored.
Page 58 All DFS daemons started 8 Choose whether to configure an NFS/DFS Gateway. See Chapter 1 in the Planning and Configuring HP DCE 1.7 manual NFS/DFS Gateway. Would you like to configure this DFS client as an NFS...
Page 59 9 Reply to the prompt “Would you like to use BOS server to monitor and administer the dfsgwd process?”. If you want the dfsgw server administrator to administer and monitor the dfsgw server via BOS (bosserver) commands, enter y. Otherwise, enter n. Would you like to use BOS server to monitor and administer the dfsgwd process? y S:****** Modifying the registry database for DFS...
Page 60: Dfs_Config Environment Variables
Running dce_config to Configure Enhanced DFS dfs_config Environment Variables dfs_config Environment Variables dfs_config recognizes the following environment variables. If these environment variables are set and exported, dfs_config will skip the corresponding prompts for information when run in interactive mode. Environment Variable AGG_DEV_NAME AGG_FS_TYPE AGG_MOUNT_PATH...
Page 61 Environment Variable CONFIG_DFS_FLDB_ONLY CONFIG_NFS_GATEWAY CONFIG_NFS_GATEWAY_USEBOS DFS_SERVER_INSTALL DFSGW_PORT EPI_FORMAT_PART EPI_FORCE_INIT INIT_LFS INSTALL_OPT_SERS INSTALL_OPT_CLIENT Running dce_config to Configure Enhanced DFS dfs_config Environment Variables Definition "n" (default) causes a File server to be automatically configured when a Fileset Location Database (FLDB) server is configured;...
Page 62 Running dce_config to Configure Enhanced DFS dfs_config Environment Variables Environment Variable LOAD_LFS_KEXT ROOT_FILESET_NM SCM_NAME Definition “y” if user wants to load the LFS kernel extension; “n” otherwise. The root fileset name. The name of the system control machine to be used during configuration.
Page 63: A Tcl Functions
TCL Functions This appendix describes the DCE and DFS TCL functions. It also includes examples of primary DFS functions.
Page 64: Dce Tcl Functions
TCL Functions DCE TCL Functions DCE TCL Functions The DCE TCL functions consist of configuration, unconfiguration, cleanup, and miscellaneous functions. The following sections describe these functions in detail. Configuration Functions The configuration functions include the following: • tcl_dce_config_cdsclient - Configures the local host as a CDS client •...
Page 65 NAME tcl_dce_config_cdsclient Adds the correct CDS entries into the registry database and creates the cds.conf file. Once all the initialization is complete, this function starts the CDS advertiser, cdsadv, and then initializes the local namespace for the CDS client. SYNOPSIS tcl_dce_config_cdsclient celladmin celladmin_pw) PARAMETERS...
Page 66 TCL Functions DCE TCL Functions NAME tcl_dce_config_cdsreplica replica. Gets the name of the initial CDS server and compares it with the name of the local host to make sure they are not the same. The host must also already have dced running, as well as be configured as a security and cds client.
Page 67 NAME tcl_dce_config_cdsserver server. This function first makes sure dced is running correctly on the node, and that the node is a security client. If not, it makes the node a security client. Performs the basic CDS initialization, then starts cdsd using the -a option.
Page 68 TCL Functions DCE TCL Functions NAME tcl_dce_config_dceclient If the DCE library does not exist, this function will not run. If all the proper conditions are met, this function configures the local (specified) host with dced in remote mode, and as a security client, a CDS client, and a DTS client.
Page 69 NAME - Configures the local host (specified by tcl_dce_config_dced hostname) with DCED. Also sets the correct timezone. SYNOPSIS tcl_dce_config_dced (hostname cellname sec_server) PARAMETERS hostname The name of the local host. This parameter is required (as opposed to discovered using the ‘hostname’ command) because the user will be encouraged to specify the hostname using the full domain name, as opposed to the short name.
Page 70 TCL Functions DCE TCL Functions NAME tcl_dce_config_dceserver server. Will configure dced, a security server, a cds server, and, depending on the value of the ‘dts_type’ variable, a DTS client or server. The function checks to see if the standard dce library is already installed, and if not, exits with an error.
Page 71 NAME tcl_dce_config_dtsserver machine, depending on the value of the ‘dts_type’ variable. Starts the dtsd daemon regardless of which type of DTS machine is configured. SYNOPSIS tcl_dce_config_dtsserver celladmin_pw) PARAMETERS hostname The name of the local host. This parameter is required (as opposed to discovered using the ‘hostname’...
Page 72 TCL Functions DCE TCL Functions NAME tcl_dce_config_secclient for the local host. Gets the name and IP address of the security server in the existing cell, then creates the krb.conf file so security will interoperate with kerberos correctly. Adds a keytab entry to the registry database for this new client.
Page 73 NAME tcl_dce_config_secreplica security replica. The host must also already have dced running, as well as be configured as a security and cds client. Also modifies ACLs on the necessary namespace objects. SYNOPSIS tcl_dce_config_secreplica (hostname celladmin celladmin_pw) PARAMETERS hostname The name of the local host. This parameter is required (as opposed to discovered using the ‘hostname’...
Page 74 TCL Functions DCE TCL Functions NAME tcl_dce_config_secserver security server. This function first checks that secd has been installed, and if so, creates the dce_cf.db file. Initializes the security service database, then starts secd and the security client service. SYNOPSIS tcl_dce_config_secserver celladmin_pw) PARAMETERS hostname...
Page 75: Unconfiguration Function
Unconfiguration Function The unconfiguration function, tcl_dce_unconfig, unconfigures the specified host from an existing DCE cell. NAME - Unconfigures the specified host from an existing tcl_dce_unconfig DCE cell. Performs all registry and namespace removal from the cell itself but does not affect the files on the local host. This function does not have to run on the local host.
Page 76: Cleanup Functions
TCL Functions DCE TCL Functions Cleanup Functions The cleanup functions include the following: • tcl_cleanup - Attempts to clean up the host DCE configuration whenever global variable CLEAN_UP is set to ‘yes’ • tcl_dce_cleanup_cds - Set up the commands required to unconfigure the CDS client •...
Page 77 NAME - Attempts to clean up the host DCE configuration whenever tcl_cleanup CLEAN_UP = y. SYNOPSIS tcl_dce_cleanup_dced (input) PARAMETERS input The list of commands that make up the cleanup attempt. RETURNS TCL_OK Successfully ran the cleanup commands represented by ‘input’. err_msg An error was encountered.
Page 78 TCL Functions DCE TCL Functions NAME - Sets up the commands required to unconfigure tcl_dce_cleanup_cds the CDS client. Unconfigures the client if CLEAN_UP = y when the tcl cleanup function is called. SYNOPSIS tcl_dce_cleanup_cds (hostname cds_server) PARAMETERS hostname The name of the local host to clean up. cds_server The name of the server cached on the local host.
Page 79 NAME tcl_dce_cleanup_cdsreplica unconfigure the local machine from being a CDS replica. Unconfigures the CDS replica if CLEAN_UP = y when the tcl cleanup function is called. SYNOPSIS tcl_dce_cleanup_cdsreplica (hostname cds_dirlist) PARAMETERS hostname The name of the local host containing the cds replica. cds_dirlist The directory list to un-replicate.
Page 80 TCL Functions DCE TCL Functions NAME - Sets up the commands required to unconfigure tcl_dce_cleanup_dced dced. Unconfigures DCED if CLEAN_UP = y when the tcl cleanup function is called. SYNOPSIS tcl_dce_cleanup_dced (hostname) PARAMETERS hostname The name of the local host to clean up. RETURNS $result The result passed up from the tcl cleanup function.
Page 81 TCL Functions DCE TCL Functions NAME - Sets up the commands required to unconfigure tcl_dce_cleanup_dtsd dtsd. Unconfigures the dts server if CLEAN_UP = y when the tcl cleanup function is called. SYNOPSIS tcl_dce_cleanup_dtsd () RETURNS $result The result passed up from the tcl cleanup function.
Page 82 TCL Functions DCE TCL Functions NAME tcl_dce_cleanup_secreplica unconfigure the local machine from being a security replica. Unconfigures the security replica if CLEAN_UP = y when the tcl cleanup function is called. SYNOPSIS tcl_dce_cleanup_secreplica (hostname replica_name) PARAMETERS hostname The name of the local host containing the security replica. replica_name The name of the security replica.
Page 83 NAME tcl_dce_cleanup_security unconfigure the security client. Unconfigures the security client if CLEAN_UP = y when the tcl cleanup function is called. SYNOPSIS tcl_dce_cleanup_security (hostname cellname) PARAMETERS hostname The name of the local host to clean up. cellname The name of the cell which the local host is in. RETURNS $result The result passed up from the tcl cleanup function.
Page 84: Miscellaneous Functions
TCL Functions DCE TCL Functions Miscellaneous Functions The miscellaneous functions include the following: • tcl_checktime - Synchronizes local host’s system time with the time on the cell time server • tcl_dce_cds_addserver_init - Initialize the name service to reflect an additional CDS server •...
Page 85 • tcl_dce_verify_consistency - Used to ensure that any exisiting security replicas are consistent with the security master • tcl_dcelogin - Logs into dce as the cell administrator • tcl_find_name - If the specified name is found in the specified file, this function sends back TCL_OK.
Page 86 TCL Functions DCE TCL Functions NAME - Synchronizes the local host’s system time with the time tcl_checktime on the cell time server. Updates the local host’s system time if the time difference is greater than the tolerance specified below. SYNOPSIS tcl_checktime (hostname time_server) PARAMETERS hostname...
Page 87 NAME tcl_dce_cds_addserver_init additional CDS server. Creates all required directories and objects in the namespace. Sets namespace ACLs as appropriate. SYNOPSIS tcl_dce_cds_addserver_init (hostname celladmin_pw) PARAMETERS hostname The name of the local host. This parameter is required (as opposed to discovered using the ‘hostname’ command) because the user will be encouraged to specify the hostname using the full domain name, as opposed to the short name.
Page 88 TCL Functions DCE TCL Functions NAME tcl_dce_cds_client_init the namespace. Sets namespace ACLs as appropriate. SYNOPSIS tcl_dce_cds_client_init (hostname cellname cds_server) PARAMETERS hostname The name of the local host. This parameter is required (as opposed to discovered using the ‘hostname’ command) because the user will be encouraged to specify the hostname using the full domain name, as opposed to the short name.
Page 89 NAME tcl_dce_cds_server_init DCE required directories and objects in the name space. Sets namespace ACLs as appropriate. SYNOPSIS tcl_dce_cds_server_init (hostname cellname sec_server) PARAMETERS hostname The name of the local host. This parameter is required (as opposed to discovered using the ‘hostname’ command) because the user will be encouraged to specify the hostname using the full domain name, as opposed to the short name.
Page 90 TCL Functions DCE TCL Functions NAME tcl_dce_check_for_sec_client_service machine for an active or configured security client (sec_client) service. SYNOPSIS tcl_dce_check_for_sec_client_service () RETURNS TCL_OK No active sec_client service exists. ALREADY_RUNNING An active sec_client service exists. err_msg An error was encountered. - Checks the local...
Page 91 NAME tcl_dce_create_dcecfdb the correct directory. The simple format of the file contains the cellname and the hostname of the local host, as well as krb5 information. SYNOPSIS tcl_dce_create_dcecfdb (hostname cellname sec_server) PARAMETERS hostname The name of the local host. This parameter is required (as opposed to discovered using the ‘hostname’...
Page 92 TCL Functions DCE TCL Functions NAME tcl_dce_create_krbconf and adds the kerberos5 entry to /etc/services. SYNOPSIS tcl_dce_create_krbconf (cellname sec_server) PARAMETERS cellname The name of the cell you wish to configure into. sec_server The name of the security server in the cell you wish to configure into. RETURNS TCL_OK Successfully created the krbconf file on the local host.
Page 93 NAME - Performs the initialization required to add the tcl_dce_init_pesite pe_site file to the local system and to check that the host clock is synchronized with the cell security server. SYNOPSIS tcl_dce_init_pesite (hostname sec_server) PARAMETERS hostname The name of the local host. This parameter is required (as opposed to discovered using the ‘hostname’...
Page 94 TCL Functions DCE TCL Functions NAME - Removes the files created by DCE during the initial tcl_dce_remove configuration and subsequent operations, thereby allowing the local host to be configured again. Note that if a host is being ‘removed’ from an existing cell (in which it is a client), it should be unconfigured’...
Page 95 NAME tcl_dce_set_security_acl namespace. Specifies the secd bindings directly on the command line. (Do not change this, unless you fully understand the implications.) It is not safe to assume that CDS is available to provide the bindings when this function is run.
Page 96 TCL Functions DCE TCL Functions NAME - Stops all running DCE daemons (that are stoppable). tcl_dce_shutdown SYNOPSIS tcl_dce_shutdown (hostname force) PARAMETERS hostname The name of the local host. This parameter is required (as opposed to discovered using the ‘hostname’ command) because the user will be encouraged to specify the hostname using the full domain name, as opposed to the short name.
Page 97 NAME tcl_dce_start_sec_client_service security client services on the local host. SYNOPSIS tcl_dce_start_sec_client_service (mod_rc) PARAMETERS mod_rc Update the rcfile if set to “yes”. RETURNS TCL_OK Successfully started the security client services. err_msg An error was encountered. TCL Functions DCE TCL Functions - Starts the already-configured...
Page 98 TCL Functions DCE TCL Functions NAME tcl_dce_stop_sec_client_service security client services on the local host. SYNOPSIS tcl_dce_stop_sec_client_service () RETURNS TCL_OK Successfully stopped the security client services. err_msg An error was encountered. - Stops the already-configured...
Page 99 NAME - Ensures that the CDS namespace service is up and tcl_dce_verify_cds running correctly. SYNOPSIS tcl_dce_verify_cds () RETURNS TCL_OK CDS is running correctly. err_msg An error was encountered. TCL Functions DCE TCL Functions...
Page 100 TCL Functions DCE TCL Functions NAME tcl_dce_verify_consistency replicas are consistent with the security master. SYNOPSIS tcl_dce_verify_consistency () RETURNS TCL_OK Security replicas and master are consistent. err_msg An error was encountered. - Ensures that any exisiting security...
Page 101 NAME - Logs into dce as the cell administrator. tcl_dcelogin SYNOPSIS tcl_dcelogin (celladmin celladmin_pw) PARAMETERS celladmin The account acting as the cell administrator. celladmin_pw The cell administrator’s password. RETURNS TCL_OK Successfully logged into dce as the specified account. err_msg An error was encountered. TCL Functions DCE TCL Functions...
Page 102 TCL Functions DCE TCL Functions NAME - Returns ‘TCL_OK’ if it finds the specified name in the tcl_find_name specified file or ‘NOT FOUND’ if it does not. SYNOPSIS tcl_find_name (name file) PARAMETERS name The name to search for. file The file in which to search. RETURNS TCL_OK Successfully found specified name in file.
Page 103 NAME - Gets UNIX ID information from the system. tcl_get_ids SYNOPSIS tcl_get_ids (type) PARAMETERS type The type to use when looking for high UID. RETURNS high_uid The high UID calculated by the system. TCL Functions DCE TCL Functions...
Page 104 TCL Functions DCE TCL Functions NAME - Returns the process identification (pid) of the process tcl_get_pid specified in proc_name or ‘NOT FOUND’ if the process is not running. SYNOPSIS tcl_get_pid (proc_name) PARAMETERS proc_name The name of the process to search for. RETURNS pid # Successfully found the running process.
Page 105 NAME - Determines which uids and gids to use for the initial and tcl_get_ugid subsequent additions into the security registry. SYNOPSIS tcl_get_ugid (low_uid low_gid) PARAMETERS low_uid Initial User ID (uid) to use. low_gid Initial Group ID (gid) to use. RETURNS low_uid:low_gid A pair of numbers representing the low uid and low gid.
Page 106 TCL Functions DCE TCL Functions NAME - Writes the given message to stdout and/or a logfile tcl_log_msg depending on the priority of the message type specified as the first parameter. SYNOPSIS tcl_log_msg (msg_type msg passwd) PARAMETERS msg_type The priority or type of the message. The full text of the message to display.
Page 107 NAME - Modifies the file specified by ‘filename’ so the correct tcl_mod_rcfile daemons will be started at boot time. SYNOPSIS tcl_mod_rcfile (mdaemon sw filename) PARAMETERS mdaemon The DCE/DFS daemon to mark. Switches to apply when the daemon is modified. filename The name of the file where the configuration information is stored.
Page 108 TCL Functions DCE TCL Functions NAME - Removes any line from the file named in ‘filename’ tcl_rmline_file which matches the string provided in ‘dline’. SYNOPSIS tcl_rmline_file (dline filename) PARAMETERS dline The info to delete when found in the file. filename The file to remove information from.
Page 109 NAME - Establishes a DCE timezone setting by creating a tcl_settimezone localtime link if it does not yet exist. When the HPUX TZ system variable contains a recognizable value, the localtime link is set to point to the corresponding DCE timezone information file. If TZ is not correct, the localtime link is set to point to GMT.
Page 110 TCL Functions DCE TCL Functions NAME - Executes a system kill on the specified daemon and tcl_slay_daemon the specified process id number. SYNOPSIS tcl_slay_daemon (daemon_name daemon_pid) PARAMETERS daemon_name The name of the dce daemon to kill. daemon_pid The pid the dce daemon is running as. RETURNS TCL_OK Successfully stopped the specified daemon and process.
Page 111 NAME - Modifies the file specified by ‘filename’ so the tcl_unmod_rcfile specified daemon will not be started at boot time. SYNOPSIS tcl_unmod_rcfile (mdaemon sw filename) PARAMETERS mdaemon The DCE/DFS daemon to unmark. Switches to apply when the daemon is modified. filename The name of the file where the configuration information is stored.
Page 112: Dce Tcl Examples
> cds_server dts_type celladmin celladmin_pw) The local host name is passed for users that would like to specify a full domain name (for example, oddball.ch.apollo.hp.com) instead of the short name you get from the system hostname command. The cds_server parameter is passed in order to cache if dcecp can’t figure out one for itself.
Page 113: Configuring Dced
(hostname cellname sec_server) The hostname parameter can be passed as either the full domain name (for example, blech.ch.apollo.hp.com) or the short name (for example, blech). Specify the cellname parameter without the /.../ in front. If you are configuring the dced on a machine to be a client in an existing cell, sec_server would be the name of the security server in that cell.
Page 114: Configuring Cdsd
> sec_server celladmin celladmin_pw) The hostname parameter can be passed as either the full domain name (for example, blech.ch.apollo.hp.com) or the short name (for example, blech). Specify the cellname parameter without the /.../ in front. The dts_type parameter should be one of ‘client’, ‘local’, ‘global’ or ‘none’. Choose your own celladmin account name (usually ‘cell_admin’) and password.
Page 115: Configuring A Cds Replica
Example: dcecp> tcl_dce_config_secreplica oddball cell_admin \ > -dce- dcecp> Configuring a CDS Replica tcl_dce_config_cdsreplica (hostname cds_server \ > celladmin celladmin_pw cds_dirlist) Will create a CDS replica server on an existing dce client machine. The node you run this function on must be an existing dce client. The hostname will be used as the name of the clearinghouse (with ‘_ch’...
Page 116: Removing A Machine From An Existing Cell
TCL Functions DCE TCL Examples Removing a Machine from an Existing Cell tcl_dce_remove (hostname) On a client, do this after an tcl_dce_unconfig. On a server, do this to completely remove the server and destroy the cell. It doesn’t touch the registry or namespace, but does stop any running daemons and then removes all the files it can find that were created by dce while it ran.
Page 117: Dfs Tcl Functions
DFS TCL Functions The DFS TCL functions consist of configuration, unconfiguration, and miscellaneous functions. The following sections describe these functions in detail. Configuration Functions The configuration functions include the following: • tcl_dfs_config_bakserver - Configures a bakserver on the local host •...
Page 118 TCL Functions DFS TCL Functions NAME tcl_dfs_config_bakserver SYNOPSIS tcl_dfs_config_bosserver (celladmin celladmin_pw) PARAMETERS celladmin The account acting as the cell administrator. celladmin_pw The cell administrator’s password. RETURNS TCL_OK Successfully configured a bakserver on host. err_msg An error was encountered. - Configures a bakserver on the local host.
Page 119 NAME tcl_dfs_config_bosserver SYNOPSIS tcl_dfs_config_bosserver () RETURNS TCL_OK Successfully configured a bosserver on the local host. err_msg An error was encountered. DFS TCL Functions - Configures a bosserver on the local host. TCL Functions...
Page 120 TCL Functions DFS TCL Functions NAME tcl_dfs_config_dfsclient The local host must already be configured with DCE, either as a client or a server. SYNOPSIS tcl_dfs_config_dfsclient (cache_type cache_size cache_dir) PARAMETERS cache_type Type of caching to use. The only two legal values are ‘disk’ and ‘mem’. Using anything else will result in an error.
Page 121 NAME tcl_dfs_config_dfsfldb Server. SYNOPSIS tcl_dfs_config_dfsfldb (celladmin celladmin_pw) PARAMETERS celladmin The account acting as the cell administrator. celladmin_pw The cell administrator’s password. RETURNS TCL_OK Successfully configured the local host as a DFS FLDB Server. err_msg An error was encountered. - Configures a DFS Fileset Location Database TCL Functions DFS TCL Functions...
Page 122 TCL Functions DFS TCL Functions NAME - Configures a DFS Fileset Server. tcl_dfs_config_dfsfs SYNOPSIS tcl_dfs_config_dfsfs (celladmin celladmin_pw) PARAMETERS celladmin The account acting as the cell administrator. celladmin_pw The cell administrator’s password. RETURNS TCL_OK Successfully configured the local host as a DFS Fileset Server. err_msg An error was encountered.
Page 123 NAME tcl_dfs_config_repserver SYNOPSIS tcl_dfs_config_repserver (celladmin celladmin_pw) PARAMETERS celladmin The account acting as the cell administrator. celladmin_pw The cell administrator’s password. RETURNS TCL_OK Successfully configured a repserver or repserver already configured. err_msg An error was encountered. DFS TCL Functions - Configures a repserver on the local host. TCL Functions...
Page 124: Unconfiguration Functions
TCL Functions DFS TCL Functions Unconfiguration Functions The unconfiguration functions include the following: • tcl_dfs_unconfig_bakserver - Unconfigures a bakserver on the local host • tcl_dfs_unconfig_bosserver - Unconfigures a bosserver on the local host • tcl_dfs_unconfig_dfsclient - Unconfigures the local host as a dfs client •...
Page 125 NAME tcl_dfs_unconfig_bakserver host. SYNOPSIS tcl_dfs_unconfig_bakserver (celladmin celladmin_pw force) PARAMETERS celladmin The account acting as the cell administrator. celladmin_pw The cell administrator’s password. force Allow the unconfigure even if it is the last bakserver. Default: 0 (no force). RETURNS TCL_OK Successfully unconfigured a bakserver on this host. err_msg An error was encountered.
Page 126 TCL Functions DFS TCL Functions NAME tcl_dfs_unconfig_bosserver host. SYNOPSIS tcl_dfs_unconfig_bosserver (celladmin celladmin_pw) PARAMETERS celladmin The account acting as the cell administrator. celladmin_pw The cell administrator’s password. RETURNS TCL_OK Successfully unconfigured the bosserver on the local host. err_msg An error was encountered. - Unconfigures a bosserver on the local...
Page 127 NAME tcl_dfs_unconfig_dfsclient client. SYNOPSIS tcl_dfs_unconfig_dfsclient () RETURNS TCL_OK Successfully unconfigured the host as a dfs client. err_msg An error was encountered. TCL Functions DFS TCL Functions - Unconfigures the local host as a dfs...
Page 128 TCL Functions DFS TCL Functions NAME tcl_dfs_unconfig_dfsfldb Database Server. SYNOPSIS tcl_dfs_unconfig_dfsfldb (celladmin celladmin_pw force) PARAMETERS celladmin The account acting as the cell administrator. celladmin_pw The cell administrator’s password. force Allow the unconfigure even if it is the last flserver. Default: 0 (no force). RETURNS TCL_OK Successfully unconfigured the local host as a DFS FLDB Server or the...
Page 129 NAME tcl_dfs_unconfig_dfsfs SYNOPSIS tcl_dfs_unconfig_dfsfs (celladmin celladmin_pw) PARAMETERS celladmin The account acting as the cell administrator. celladmin_pw The cell administrator’s password. RETURNS TCL_OK Successfully unconfigured the local host as a DFS Fileset Server or the host is not a fileset server. err_msg An error was encountered.
Page 130 TCL Functions DFS TCL Functions NAME tcl_dfs_unconfig_repserver host. SYNOPSIS tcl_dfs_unconfig_repserver (celladmin celladmin_pw) PARAMETERS celladmin The account acting as the cell administrator. celladmin_pw The cell administrator’s password. RETURNS TCL_OK Successfully unconfigured the repserver daemon. err_msg An error was encountered. - Unconfigures a repserver on the local...
Page 131: Miscellaneous Functions
Miscellaneous Functions The miscellaneous functions include the following: • tcl_dfs_add_episode_aggregate - Creates an episode aggregate • tcl_dfs_add_episode_fileset - Creates an episode fileset • tcl_dfs_add_native_fileset - Configures a native (UFS) fileset • tcl_dfs_format_episode_aggregate - Checks for an aggregate (agg_dev_name) and creates one if none yet exists TCL Functions DFS TCL Functions...
Page 132 TCL Functions DFS TCL Functions NAME tcl_dfs_add_episode_aggregate SYNOPSIS tcl_dfs_add_episode_aggregate format epi_force blksize fragsize) PARAMETERS agg_name The name of the aggregate (ex: epi1). agg_dev_name The name of the aggregate device (ex: /dev/vg00/lvol8). agg_id The aggregate ID number (ex: 1). format y or n. Format a partition as an episode aggregate. epi_force y or n.
Page 133 NAME tcl_dfs_add_episode_fileset SYNOPSIS tcl_dfs_add_episode_fileset (fileset_name agg_name) PARAMETERS fileset_name The name of the fileset (ex: root.dfs). agg_name The name of the aggregate (ex: epi1). RETURNS TCL_OK Successfully created an episode fileset. err_msg An error was encountered. TCL Functions DFS TCL Functions - Creates an episode fileset.
Page 134 TCL Functions DFS TCL Functions NAME tcl_dfs_add_native_fileset SYNOPSIS tcl_dfs_add_native_fileset (fileset_name agg_name agg_dev_name agg_id) PARAMETERS fileset_name The name of the initial fileset (ex: root.dfs). agg_name The name of the aggregate (ex: epi1). agg_dev_name The name of the aggregate device (ex: /dev/vg00/lvol8). agg_id The aggregate ID number (ex: 1).
Page 135 NAME tcl_dfs_format_episode_aggregate already exists (agg_dev_name) and creates one if not. Optionally reinitializes an existing aggregate if epi_format_force is “y”, and deletes any existing data on that aggregate. SYNOPSIS tcl_dfs_format_episode_aggregate epi_format_force blksize fragsize) PARAMETERS agg_dev_name The name of the aggregate (ex: /dev/vg00/lvol8). epi_format_force y or n.
Page 136: Examples Of Primary Dfs Functions
TCL Functions DFS TCL Functions Examples of Primary DFS Functions # For purposes of the examples, harpoon is dce server and # softtail is dce client. # If using an SCM, create that first. # Then create the first FLDB server. # Then create the first Fileset Server (ie root.dfs).
Page 137 TCL Functions DFS TCL Functions ************************************************************** # CONFIGURE A FILESET # On client (softtail) tcl_dfs_config_episode_fileset hostname celladmin celladmin_pw \ fileset_name agg_name agg_dev_name agg_id \ epi_force blksize fragsize tcl_dfs_config_episode_fileset softtail cell_admin -dce- \ mgmfs epi_agg /dev/vg01/lvol3 3 y 8192 1024 ************************************************************** ************************************************************** # CONFIGURE BAK SERVER # tcl_dfs_config_bakserver hostname celladmin celladmin_pw...
Page 138 TCL Functions DFS TCL Functions ************************************************************** # Unconfigure (and remove) a dfs System Control Machine # This must be the SCM (machine running upserver) #tcl_dfs_unconfig_dfsscm hostname celladmin celladmin_pw tcl_dfs_unconfig_dfsscm harpoon cell_admin -dce- ************************************************************** # Stop (unconfigure) an upclient # Upclient should only be running if there is a machine running an upserver # tcl_dfs_stop_upclient hostname tcl_dfs_stop_upclient softtail...
Page 139: B The Dfs/Nfs Secure Gateway
The DFS/NFS Secure Gateway This appendix describes how to use the Distributed File Service/Network File System (DFS/NFS) Secure Gateway to grant authenticated access to the DFS filespace from an NFS client.
Page 140: Overview Of The Dfs/Nfs Gateway
The DFS/NFS Secure Gateway Overview of the DFS/NFS Gateway Overview of the DFS/NFS Gateway The Distributed File Service/Network File System (DFS/NFS) Secure Gateway provides a mechanism for granting authenticated access to the DFS filespace from an NFS client. The DFS/NFS Secure Gateway allows users to access data in the DFS filespace from a machine that is configured as an NFS client but not as a DCE client.
Page 141 • Remote authentication to DCE from NFS clients is provided via the dfs_login command. With remote authentication, you allow users to issue the dfs_login command to authenticate themselves. Remote authentication requires additional configuration, but it provides a less burdensome and more secure approach to authentication. Configuration consists of installing and configuring the Gateway Server (dfsgwd) process on the Gateway Server machines, installing the dfs_login command (and the dfs_logout command) on the NFS clients, configuring Kerberos on the NFS...
Page 142 The DFS/NFS Secure Gateway Overview of the DFS/NFS Gateway A user who wants to cancel authenticated access to DFS before the credentials expire can issue either the logout command from the NFS client for which the credentials were granted or the dfsgw delete command from the Gateway Server machine.
Page 143: Configuring Gateway Server Machines
Configuring Gateway Server Machines A Gateway Server machine provides authenticated access to the DFS filespace to users on NFS clients. You can configure any machine that is configured as a DFS client and an NFS server as a Gateway Server. Following successful configuration, the machine provides authenticated access to the DFS filespace, and it exports the root of the DCE namespace, /..., via NFS.
Page 144: Configuring A Gateway Server Without Enabling Remote Authentication
The DFS/NFS Secure Gateway Configuring Gateway Server Machines Before configuring a Gateway Server machine, you must do the following: • Configure a DCE cell that includes DFS. • Configure each machine that is to become a Gateway Server as a DFS client and an NFS server.
Page 145: Configuring A Gateway Server And Enabling Remote Authentication
3 Export the DCE global root directory, /..., via NFS. This is typically accomplished via the exportfs command; the exact command and procedure depends on your vendor’s implementation of NFS. (See your vendor’s NFS documentation for more information.) The Gateway Server machine is now configured to provide DCE authentication via only the dfsgw add command.
Page 146: Configuring The Bos Server Process
The DFS/NFS Secure Gateway Configuring Gateway Server Machines Configuring the BOS Server Process To configure the BOS Server (bosserver) process, perform the following steps on the machine to be configured as a Gateway Server. In all cases, hostname is the hostname of the local machine. (Note that you may need to install the bosserver binary file on themachine if it is not already present.
Page 147 4 Use the su command to become the local root user on the machine: $ su Password: root_password 5 Add a server key for the hosts/hostname/dfs-server principal to the /krb5/v5srvtab keytab file on the machine. The dced process recognizes the keytab file by the entry name self.
Page 148: Configuring The Gateway Server Process
The DFS/NFS Secure Gateway Configuring Gateway Server Machines Configuring the Gateway Server Process To configure the Gateway Server (dfsgwd) process, perform the following steps on the machine to be configured as a Gateway Server. The steps assume that the BOS Server is already running on the machine. In all of the steps, hostname is the hostname of the local machine.
Page 149 5 Authenticate to DCE as a principal who has the following ACL permissions on entries in the registry database: • The i permission on the directory hosts/hostname. • For the first Gateway Server process, the i permission on the directory subsy/dce.
Page 150: Configuring Nfs Clients To Access Dfs
The DFS/NFS Secure Gateway Configuring Gateway Server Machines 10 Add a server key for the hosts/hostname/dfsgw-server principal to the /krb5/v5srvtab keytab file on the machine. The dced process recognizes the keytab file by the entry name self. In the commands, password is the password of the DCE identity to which you were authenticated when you created the principal.
Page 151: Configuring A Client Without Enabling Remote Authentication
Depending on how you configured your Gateway Server machines, configure each NFS client that is to provide access to DFS in one of the following ways: • If you configured your Gateway Servers so that users cannot issue the dfs_login command to authenticate to DCE, configure your NFS clients without enabling DCE authentication via the dfs_login command;...
Page 152: Configuring A Client And Enabling Remote Authentication
The DFS/NFS Secure Gateway Configuring Gateway Server Machines # mkdir /... # mount hostname:/... /... 3 Create a symbolic link from //: to the root of the DFS filespace for the host DCE cell, /.../cellname/fs. In the command, cellname is the name of the DCE cell to be accessed from the NFS client (the cell in which the machine that exports /...
Page 153 • dfs_login allows users of the NFS client to establish an authenticated session by obtaining DCE credentials on a Gateway Server machine. (See “Authenticating to DCE from an NFS Client” for information about using this command.) • dfs_logout allows users on the NFS client to end an authenticated session established with the dfs_login command.
Page 154: Accessing Dfs From An Nfs Client
The DFS/NFS Secure Gateway Configuring Gateway Server Machines The NFS client is now configured to provide access to DFS and to allow users of the client to authenticate to DCE with the dfs_login command. Repeat these steps on each NFS client to be configured in this manner. Accessing DFS from an NFS Client Once a Gateway Server machine and one or more NFS clients are configured according to the instructions in “Configuring Gateway Server Machine”...
Page 155: Authenticated Access To Dfs
• For objects in non-LFS filesets, unauthenticated users receive the permissions granted by the other mode bits of the object. • For objects in DCE LFS filesets, unauthenticated users receive the permissions granted by the any_other entry, if it exists, on the ACL of the object.
Page 156 The DFS/NFS Secure Gateway Configuring Gateway Server Machines database. (On a DCE client, the passwd_export command can be used to keep /etc/passwd files current with respect to the registry database; see the OSF DCE Administration Guide-Core Components for more information.) The dfs_login and dfsgw add commands obtain a new TGT if you already have a valid TGT in your current login context and you do not request DCE credentials for a different user.
Page 157: Authenticating To Dce From An Nfs Client
The DFS/NFS Secure Gateway Configuring Gateway Server Machines Note that if you configure multiple Gateway Server machines, each server machine houses its own authentication table. The dfs_login and dfs_logout commands affect entries only in the authentication table maintained on the Gateway Server machine they contact;...
Page 158 The DFS/NFS Secure Gateway Configuring Gateway Server Machines dce_password Provides the DCE password of the specified user. If you do not specify a password, the command prompts for a password if one of the following is true: You name a user other than yourself; you name yourself and you do not already have a valid TGT;...
Page 159: Authenticating To Dce From A Gateway Server Machine
The DFS/NFS Secure Gateway Configuring Gateway Server Machines from the authentication table or by a user who is logged into the NFS client as the local root user. The command has no effect on authenticated access the user may have from other NFS clients. The syntax of the dfs_logout command follows: dfs_logout [-h hostname] [dce_principal] The command includes the following option and argument:...
Page 160 The DFS/NFS Secure Gateway Configuring Gateway Server Machines the user. In addition, it requires the issuer to identity the user for whom authenticated access is desired and the NFS client from which the user is to access DFS. Also, the dfs_login command allows the issuer to request a ticket lifetime;...
Page 161: Determining Whether A Specific User Is Authenticated To Dce
The DFS/NFS Secure Gateway Configuring Gateway Server Machines To end a user’s authenticated session from a specified NFS client, issue the dfsgw delete command on the Gateway Server machine. The command provides the same functionality from a Gateway Server machine that the dfs_logout command provides from an NFS client.
Page 162: Displaying Information About All Users Who Are Authenticated To Dce
The DFS/NFS Secure Gateway Configuring Gateway Server Machines The command looks for an entry for the user in the authentication table on the Gateway Server machine on which it is issued. If your environment includes multiple Gateway Server machines, you must issue the command on the Gateway Server machine whose authentication table is to be examined.
Page 163 The DFS/NFS Secure Gateway Configuring Gateway Server Machines to DCE The dfsgw list command lists all users who are authenticated to DCE via the Gateway Server machine. The command lists all entries from the authentication table on the Gateway Server machine on which it is issued. If your environment includes multiple Gateway Server machines, you must issue the command on the Gateway Server machine from whose authentication table entries are to be displayed.
Page 164 The DFS/NFS Secure Gateway Configuring Gateway Server Machines...

This manual is also suitable for:

Visualize j5000 Visualize j5600 Visualize j7000 Vizualize,visualize b2000 B2600 Visualize c3600 ... Show all

HP j6750 Supplementary Manual

1 About HP DCE/9000 Enhanced DFS

2 Installing and Configuring Enhanced DFS

3 Running Dce_Config to Configure Enhanced DFS

A TCL Functions

B the DFS/NFS Secure Gateway

Quick Links

Related Manuals for HP j6750

Summary of Contents for HP j6750

This manual is also suitable for:

Table of Contents