Cancels a user's authenticated access to DFS via the DFS/NFS Secure Gateway
Synopsis
dfs_logout [-h hostname] [dce_principal]
Options
-h hostname
Specifies the hostname of the Gateway Server machine (a machine that is running the dfsgwd process) from which the user's entry in the
authentication table (AT) is to be removed. By default, the command removes the entry from the authentication table on the Gateway Server machine that exports the root of the DCE namespace,
/..., to the NFS client. Use this option to name a different Gateway Server machine.
Arguments
dce_principal
Provides the DCE principal name of the user whose entry in the authentication table is to be removed. By default, the command removes the entry of the user who
issues the command.
Description
The dfs_logout command cancels a user's authenticated access to DFS from an NFS client. The command ends the authenticated session of the user named with
the dce_principal argument. If no user is specified, the command ends the session of the user who issues the command. Once the command completes, the user no longer has authenticated
access to DFS from the NFS client.
The dfs_logout command removes the user's entry from the authentication table on the specified Gateway Server machine. The command removes the user's entry for the NFS client from which the command is issued. The command has no effect on entries the user may have in the authentication table for other NFS clients. It also has no effect on entries the user may have in authentication tables on other Gateway Server machines.
The dfs_logout command provides the same functionality as the dfsgw delete command. To acquire DCE credentials for authenticated access to DFS from an NFS client and create an entry in the authentication table, users issue the dfs_login command (or the dfsgw add command). Both the dfs_logout and dfs_login commands require a working Kerberos 5 environment on the NFS client from which they are issued. See Part 1 of the OSF DCE DFS Administration Guide and Reference for information about configuring an NFS client for use with the DFS/NFS Secure Gateway.
Privilege Required
The issuer must be either the user whose entry is to be removed from the authentication table or a user who is logged into the local machine as root.
Output
If it succeeds, the dfs_logout command returns no messages.
Files
/krb5/krb.conf
A Kerberos configuration file. The dfs_logout command reads this file to determine the name of a DCE Security Server.
/krb5/krb.realms
A Kerberos configuration file. The Kerberos runtime uses the information in this file to translate Internet domains to the corresponding Kerberos realms.
Variables
DFSGWSERVICE
An environment variable that can be set to specify the name of the DFS/NFS Secure Gateway service if the name of the service is changed to something other than
dfsgw. The named service provides the login facility for the DFS/NFS Secure Gateway. The dfs_logout command uses the service to look up the port on the Gateway Server machine at
which the dfsgwd process is listening.
Notes
The dfs_logout command uses the syntax conventions of all DCE commands, but it does not provide the shortcuts and help available with other DFS commands. When
specifying options, you must enter the name of each option in full (you cannot abbreviate the names of options), and each option must precede an argument specified for it (you cannot omit options).
Also, the command does not include a -help option.
Examples
The following command cancels authenticated access to DFS for the user who issues it:
$ dfs_logout
Exit Values
The dfs_logout command returns an exit value of 0 (zero) if it removes the entry for the specified user from the authentication table. Otherwise,
it returns a non-zero exit value.
Related Information
Commands: dfsgw add(8dfs)