The dfsgw add command authenticates a user to DCE from a Gateway Server machine. Users can use the dfsgw add command if the dfs_login command is not installed on the NFS client from which they desire access to DFS. System administrators can use the command to administer authenticated access to DFS from a Gateway Server machine. Note that for NFS clients not configured to enable DCE authentication, the dfsgw add command represents the only avenue to DCE authentication.
The dfsgw add command provides essentially the same functionality as the dfs_login command. However, unlike the dfs_login command, the dfsgw add command does not communicate with the Gateway Server (dfsgwd) process; it creates the login context and entry in the authentication table for the user. In addition, it requires the issuer to identity the user for whom authenticated access is desired and the NFS client from which the user is to access DFS. Also, the dfs_login command allows the issuer to request a ticket lifetime; the dfsgw add command does not.
The dfsgw add command has the following syntax:
dfsgw add -id networkID:userID [-dceid login_name[:password]] [-af address_family]
The command includes the following options:
-id networkID:userID
Specifies the network address or hostname of an NFS client and the UID of the user who is to be authenticated to DCE from that client.
-dceid login_name[:password]
Specifies the DCE principal name and, optionally, the password of the user who is to be authenticated to DCE. The command does not
prompt for a principal name and password if you do not specify a principal name and you have a valid TGT; the command does not prompt for a password if you specify your own principal name and you
have a valid TGT. The command always prompts for a password if you name a principal other than yourself.
-af address_family
Specifies the style of network address to be used to identify hosts. By default, the command uses the only address family currently supported,
inet (Internet).
For example, the following dfsgw add command obtains DCE credentials for the user ludwig, who has UID 7439, from the NFS client that has network address 15.27.32.40:
$ dfsgw add -id 15.27.32.40:7439 -dceid ludwig
Enter Password: password
Mapping added successfully, PAG is 41ffffe4
where password is the DCE password of the user ludwig. The command reports that a mapping for the user was successfully added to the authentication table on the Gateway Server machine; the user's PAG is 41ffffe4.
To end a user's authenticated session from a specified NFS client, issue the dfsgw delete command on the Gateway Server machine. The command provides the same functionality from a Gateway Server machine that the dfs_logout command provides from an NFS client. The dfsgw delete command can be issued either by the user whose entry is to be removed from the authentication table or by a user who is logged into the Gateway Server machine as the local root user. The command has no effect on authenticated sessions the user may have for other NFS clients.
The syntax of the dfsgw delete command follows:
dfsgw delete -id networkID:userID [-af address_family]
The command includes the following options:
-id networkID:userID
Specifies the network address or hostname of an NFS client and the UID of the user whose authenticated access from that client is to be canceled.
-af address_family
Specifies the style of network address to be used to identify hosts. By default, the command uses the only address family currently supported,
inet (Internet).
For example, the following dfsgw delete command ends the authenticated session for the user ludwig from the NFS client that has network address 15.27.32.40. The command is issued by the local root user on the Gateway Server machine.
# dfsgw delete -id 15.27.32.40:7439
See the reference pages for the dfsgw add and dfsgw delete commands for detailed information about the use and syntax of the commands.