To configure the BOS Server (bosserver) process, perform the following steps on the machine to be configured as a Gateway Server. In all cases, hostname is the hostname of the local machine. (Note that you may need to install the bosserver binary file on the machine if it is not already present. See your vendor's installation and configuration documentation for information about installing the binary file.)
1. Authenticate to DCE as a principal who has the following ACL permissions on entries in the registry database:
· The i permission on the directory hosts/hostname.
· The m, a, u, g, and c permissions on the principal hosts/hostname/dfs-server. The principal is created during the configuration steps.
· The t and M permissions on the group subsys/dce/dfs-admin.
· The R, t, and M permissions on the organization none.
· The r permission on the registry Policy object for the DCE cell.
This requirement is most easily met by authenticating to a privileged DCE identity (for example, cell_admin or a principal who is a member of the group acct-admin).
2. Create the principal hosts/hostname/dfs-server, and create an account for the principal. Use the following dcecp commands to create the principal and account in the registry database. In the commands, password is the password of the DCE identity to which you are authenticated.
$ dcecp
dcecp> principal create hosts/hostname/dfs-serverdcecp> \
account create hosts/hostname/dfs-server -group
subsys/dce/dfs-admin \
> -org none -password password -mypwd password
3. Grant the group subsys/dce/dfs-admin the appropriate permissions on the ACL for the hosts/hostname/dfs-server principal in the registry database:
dcecp> acl mod /.:/sec/principal/hosts/hostname/dfs-server \
> -add {group subsys/dce/dfs-admin rcDnfmag}
dcecp> exit
4. Use the su command to become the local root user on the machine:
$ su
Password: root_password
5. Add a server key for the hosts/hostname/dfs-server principal to the /krb5/v5srvtab keytab file on the machine. The dced process recognizes the keytab file by the entry name self. The command creates the keytab file if the file does not already exist. In the commands, password is the password of the DCE identity to which you were authenticated when you created the principal.
# dcecp
dcecp> keytab add self -member hosts/hostname/dfs-server \
> -key password dcecp> keytab add self
-member hosts/hostname/dfs-server \
> -random -registry
dcecp> exit
6. Remove the BosConfig file and any administrative lists that may exist from a previous configuration of the BOS Server on the machine:
# rm -f dcelocal/var/dfs/BosConfig
# rm -f dcelocal/var/dfs/admin.*
7. Start the bosserver process with DFS authorization checking disabled. The process creates a new BosConfig file and a new admin.bos file, which is the administrative list for the BOS Server.
# dcelocal/bin/bosserver -noauth &
8. Add the group subsys/dce/dfs-admin to the admin.bos file:
# dcelocal/bin/bos addadmin -server /.:/hosts/hostname -adminlist admin.bos \
-group subsys/dce/dfs-admin
9. Enable DFS authorization checking by the BOS Server:
# dcelocal/bin/bos setauth -server /.:/hosts/hostname -authchecking on
10. Configure the bosserver process to start automatically when the system is rebooted by removing the two # (number signs) from the following line of the /etc/rc.dfs file (or its equivalent):
##daemonrunning $DCELOCAL/bin/bosserver
The BOS Server process is now fully configured on the machine.