The DFS/NFS Secure Gateway
Configuring Gateway Server Machines
the user. In addition, it requires the issuer to identity the user for whom
authenticated access is desired and the NFS client from which the user is to
access DFS. Also, the dfs_login command allows the issuer to request a
ticket lifetime; the dfsgw add command does not.
The dfsgw add command has the following syntax:
dfsgw add -id networkID:userID [-dceid login_name[:password]] \
> [-af address_family]
The command includes the following options:
-id networkID:userID
Specifies the network address or hostname of an NFS client and the UID of
the user who is to be authenticated to DCE from that client.
-dceid login_name[:password]
Specifies the DCE principal name and, optionally, the password of the user
who is to be authenticated to DCE. The command does not prompt for a
principal name and password if you do not specify a principal name and you
have a valid TGT; the command does not prompt for a password if you
specify your own principal name and you have a valid TGT. The command
always prompts for a password if you name a principal other than yourself.
-af address_family
Specifies the style of network address to be used to identify hosts. By
default, the command uses the only address family currently supported, inet
(Internet).
For example, the following dfsgw add command obtains DCE credentials
for the user ludwig, who has UID 7439, from the NFS client that has
network address 15.27.32.40:
$ dfsgw add -id 15.27.32.40:7439 -dceid ludwig
Enter Password: password
Mapping added successfully, PAG is 41ffffe4
where password is the DCE password of the user ludwig. The command
reports that a mapping for the user was successfully added to the
authentication table on the Gateway Server machine; the user's PAG is
41ffffe4.
160