Configuring a Gateway Server Without Enabling Remote Authentication

Perform the steps in this section to enable DCE authentication from a Gateway Server machine without enabling it from NFS clients that contact the Gateway Server. Users can authenticate only by issuing the dfsgw add command on the Gateway Server machine (or by having a system administrator issue the command for them, if administrators control authentication to the DCE cell).

To allow users of NFS clients to authenticate to DCE from the Gateway Server machine but not from NFS clients that contact the Gateway Server, perform the following steps on the machine to be configured as a Gateway Server:

1. Log in as the local root user on the machine.

2. Install the binary file for the dfsgw command suite in the directory dcelocal/bin on the machine. The dfsgw command suite provides a local interface to the authentication table maintained on the Gateway Server machine. Commands in the dfsgw suite can be used to add, delete, and view mappings in the authentication table. (See Authenticating to DCE from a Gateway Server Machine, Determining Whether a Specific User is Authenticated to DCE , and Displaying Information About All Users Who are Authenticated to DCE for information about using these commands.)

3. Export the DCE global root directory, /..., via NFS. This is typically accomplished via the exportfs command; the exact command and procedure depends on your vendor's implementation of NFS. (See your vendor's NFS documentation for more information.)

The Gateway Server machine is now configured to provide DCE authentication via only the dfsgw add command. Repeat these steps on each DFS client that is to be configured as a Gateway Server in this manner. Should you later decide to allow users to authenticate to DCE from NFS clients that contact the Gateway Server, simply perform the steps in Configuring a Gateway Server and Enabling Remote Authentication on the Gateway Server machine.