Introduction to the dfsgw command suite used with the DFS/NFS Secure Gateway
Options
The following options are used with many dfsgw commands. They are also described with the commands that use them.
-id networkID:userID
Identifies an NFS client and the user whose DCE authentication from that client is to be manipulated. You can specify the network address or
hostname of the NFS client; you must specify the UNIX user identification number (UID) of the user.
-dceid login_name[:password]
Specifies the DCE principal name and password of the user for whom an entry in the authentication table (AT) is to be created.
-af address_family
Specifies the style of network address to be used to identify hosts. By default, the command uses the only address family currently supported,
inet (Internet).
-help
Displays the online help for this command. All other valid options specified with this option are ignored.
Description
The dfsgw command suite provides commands to manipulate entries in the local authentication table on a Gateway Server machine. The table contains an entry
for each user who has DCE credentials on the Gateway Server machine. Each entry is a mapping that pairs the UID of the user and the network address of the NFS client for which the user has DCE
credentials with the user's Process Activation Group (PAG).
The dfsgw command suite includes the following commands:
dfsgw add
Obtains DCE credentials to provide a user with authenticated access to DFS from a specified NFS client. The command adds an entry to the authentication table to
provide the user with authenticated access from the client. The command provides the same basic functionality from a Gateway Server machine that the dfs_login command provides from an NFS
client.
dfsgw delete
Cancels a user's authenticated access to DFS from a specified NFS client. The command removes the user's entry for the client from the authentication table. The
command provides the same basic functionality from a Gateway Server machine that the dfs_logout command provides from an NFS client.
dfsgw list
Displays information about all users who are authenticated to DCE via the Gateway Server machine. The command lists all entries in the authentication table.
dfsgw query
Determines whether a specific user is authenticated to DCE via the Gateway Server machine. The command determines whether the user has an entry in the
authentication table.
Commands in the dfsgw command suite provide a local administrative interface to the authentication table on a machine configured as a Gateway Server. Because each Gateway Server machine maintains its own authentication table, you must issue dfsgw commands on the Gateway Server machine whose authentication table you want to manipulate. The dfs_login and dfs_logout commands provide a remote mechanism for creating and deleting entries in the table.
Receiving Help
There are several different ways to receive help about DFS commands. The following examples summarize the syntax for the different help options:
$ man dfsgw
Displays the reference page for the command suite.
$ man dfsgw_command
Displays the reference page for an individual command. You must use an _ (underscore) to connect the command suite to the command name.
Do not use the underscore when issuing the command.
$ dfsgw help
Displays a list of commands in a command suite.
$ dfsgw help command
Displays the syntax for a single command.
$ dfsgw command -help
Displays the syntax for a single command.
$ dfsgw apropos -topic string
Displays a short description of commands that match the specified string.
Consult the dfs_intro(8dfs) reference page for complete information about the DFS help facilities.
Privilege Required
To use the add, delete, or query command, the issuer must be logged into the Gateway Server machine either as the user whose
credentials are to be manipulated or as local root. To use the list command, no privileges are required.
Exit Values
All dfsgw commands return an exit value of 0 (zero) upon successful completion. Otherwise, they return a non-zero exit value.
Related Information
Commands: dfsgw add(8dfs)