Adds an entry to the authentication table on the Gateway Server machine
Synopsis
dfsgw add -id networkID:userID [-dceid login_name[:password]] [-sysname sysname] [-remotehost remotehost][-af
address_family]
[-help]
Options
-id networkID:userID
Identifies an NFS client and the user who is to be authenticated to DCE from that client. You can specify the network address or the hostname of
the NFS client; you must specify the UNIX user identification number (UID) of the user. The command creates an entry for the user in the local authentication table (AT) to provide the user with
authenticated access to DFS from the specified NFS client.
-dceid login_name[:password]
Specifies the DCE principal name and, optionally, the password of the user for whom an entry is to be added to the authentication table.
If you do not specify a principal name and password, the command prompts for them only if you do not already have a valid ticket-granting ticket (TGT) in the current login context. Similarly, if you
specify your own principal name but omit your password, the command prompts for your password only if you do not already have a valid TGT in the current login context. The command always prompts for
a password if you name a principal other than yourself. The command's interactive prompt provides for secure entry of the password.
-sysname sysname
Specifies the system name for networkID. This option defaults to the system name of the Gateway Server machine. The sysname
argument is a unique name derived from uname() that describes the machine architecture and OS type, such as hp700_ux905 orho800_ux90.
-remotehost name
Specifies the name of the remotehost. The default is the host name of network ID.
-af address_family
Specifies the style of network address to be used to identify hosts. By default, the command uses the only address family currently supported,
inet (Internet).
-help
Displays the online help for this command. All other valid options specified with this option are ignored.
Description
The dfsgw add command authenticates a user to DCE. The command contacts the DCE Security Service to obtain a TGT for the user. To obtain a TGT, a user
must have a valid account in the registry database of the DCE cell. The TGT is used to create a valid login context for the user. The login context includes a Process Activation Group (PAG), which
DFS stores in the kernel of the Gateway Server machine to identify the user's TGT. The TGT serves as the user's DCE credentials to provide authenticated access to files and directories in the DFS
filespace from the specified NFS client.
The dfsgw add command adds an entry for the user to the authentication table on the local Gateway Server machine. The entry is a mapping that pairs the user's UID and the network address of the NFS client for which the user has DCE credentials with the user's PAG. Because each Gateway Server machine maintains its own authentication table, you must issue the command on the Gateway Server machine on which an entry is to be added to the authentication table.
DCE credentials obtained with the command are valid for the default ticket lifetime in effect in the registry database of the DCE cell. Once they expire, the credentials can no longer be used for authenticated access to DFS. You can obtain new credentials by issuing the dfsgw add command on the Gateway Server machine or by issuing the dfs_login command on the NFS client from which you want authenticated access. The two commands provide essentially the same functionality, with the exception that the dfs_login command lets you request a specific ticket lifetime.
The dfsgw add command does not obtain a new TGT if you do not name a principal other than yourself on the command line and you already have a valid TGT in the current login context. If you do not already have an entry in the authentication table for the specified NFS client, the command uses your existing PAG to create a new entry for you. If you already have an entry in the authentication table for the NFS client, the command has no effect. In either case, the command does not affect existing entries in the authentication table, and it does not affect the remaining ticket lifetime of your existing TGT.
Use the dfsgw delete command or the dfs_logout command to end an authenticated session by removing an entry from the authentication table.
Privilege Required
The issuer must be logged into the Gateway Server machine either as the user for whom credentials are to be created or as local root.
Output
The dfsgw add command displays the following prompts to request a DCE principal and password:
Enter Principal Name: principal
Enter Password: password
where principal is the name of the user to be authenticated to DCE, and password is the password of the named user; you supply both of these values. The command prompts for the principal name only if you do not specify a principal name with the -dceid option and you do not already have a valid TGT. The command prompts for the password only if you do not specify a password with the -dceid option and you either
· Name a user other than yourself with the -dceid option.
· Do not name a user other than yourself with the -dceid option and do not already have a valid TGT.
If it succeeds in creating the entry in the authentication table, the command displays the following line of output:
Mapping added successfully, PAG is PAG
where PAG identifies the PAG created with the command.
Examples
The following command creates an entry in the authentication table to grant authenticated access to DFS to the user named ludwig. The user, who has UID
7439, is requesting access from the NFS client that has network address 15.27.32.40. The user provides the principal name with the -dceid option but omits the password;
the command prompts for the user's password, which the user specifies as beethoven in the example.
dfsgw add -id 15.27.32.40:7439 -dceid ludwig
Enter Password: Beethoven
Mapping added successfully, PAG is 41ffffe4
Exit Values
The dfsgw add command returns an exit value of 0 (zero) if it adds an entry for the user to the authentication table. Otherwise, it returns a
non-zero exit value.
Related Information
Commands: dfsgw delete(8dfs)