dfsgwd(8dfs)

Initializes the Gateway Server process for the DFS/NFS Secure Gateway

SYNOPSIS

dfsgwd [-service service_number] [-sysname sysname]

[-nodomains] [-file log_file] [-verbose] [-help]

Options

-service service_number
Specifies the port number to be used to communicate with the dfsgwd process on the Gateway Server machine. By default, the process uses port number 438, the port number defined for the Gateway Server process in the /etc/services file or Network Information Services (NIS) services map file. (See the services (4) reference page in the OSF/1 System and Network Administrator's Reference for more information.)

-sysname sysname
Specifies the system name for the Gateway Server. dfsgwd can handle NFS clients that do not recognize @sys and @host, using a system name of unknown. This name can be set by starting dfsgwd with the -sysname option. The sysname argument is a unique name derived from uname() that describes the machine architecture and OS type, such as hp700_ux905 or hp800_ux90.

-nodomains
Uses the base host name (without the domain portion) for @host.

-file log_file
Specifies the full path name of the log file in which the dfsgwd process records information about the operations it performs. By default, the dfsgwd process writes output to the log file named dcelocal/var/dfs/adm/DfsgwLog.

-verbose
Directs the process to write a message of the following form to the indicated log file each time an entry is added to the authentication table (AT):

INFO: Adding ticket for "username"

where username is the name of the user for whom the entry is added.

-help
Displays the online help for this command. All other valid options specified with this option are ignored.

Description
The dfsgwd command initializes the Gateway Server process. The dfsgwd process runs on machines configured as DFS clients to enable remote authentication via the dfs_login command. The dfsgwd process works with the dfs_login command to obtain DCE credentials for users of NFS clients. The DCE credentials provide users with authenticated access to data in DFS.

The Gateway Server process manipulates mappings for authenticated users in the authentication table on the Gateway Server machine. Each mapping records the following information for an authenticated user:

· The user's UNIX user identification number (UID)

· The network address of the NFS client from which the user has authenticated access to DFS

· The PAG that stores the user's DCE ticket-granting ticket (TGT)

The dfs_login and dfs_logout commands provide a remote mechanism for creating and deleting entries in the authentication table on a Gateway Server machine. Commands in the dfsgw command suite provide a local administrative interface to the authentication table on a machine configured as a Gateway Server.

The Gateway Server process recognizes the @sys and @host variables on the NFS client system. This allows the Gateway Server to resolve pathnames to binaries and other system-dependent files correctly, based on the user's login system name and system type.

The binary file for the dfsgwd process resides in dcelocal/bin. The process is normally run on a DFS client that is exporting a mount point for /..., the root of the DCE namespace, via NFS. The process runs as the DCE principal hosts/hostname/dfsgw-server.

The dfsgwd process is usually started and controlled by the Basic OverSeer (BOS) Server (bosserver) process. The BOS Server restarts each process it monitors whenever the system is rebooted. If the dfsgwd process is not controlled by the BOS Server, the dfsgwd process runs in the foreground by default. See Part 1 of the OSF DCE DFS Administration Guide and Reference for information about configuring the dfsgwd process on a machine to be configured as a Gateway Server.

The dfsgwd process writes output about the operations it performs to a log file. By default, it writes output to the file named dcelocal/var/dfs/adm/DfsgwLog. You can use the -file option to name a different log file. If the dfsgwd process is controlled by the BOS Server, you can use the bos getlog command to read the log file.

Privilege Required
The issuer must be logged into the local machine as root.

Files

dcelocal/var/dfs/adm/DfsgwLog
The default log file for the dfsgwd process. You can use the -file option to specify a different path name for the log file.

Related Information
Commands: dfsgw(8dfs)

bos getlog(8dfs)

bosserver(8dfs)

dfs_login(8dfs)

dfs_logout(8dfs)

Files: DfsgwLog(4dfs)