jimzah/openafs
1
0
Fork 0
mirror of https://git.openafs.org/openafs.git synced 2025-01-21 00:10:15 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
17dfbd5be4
openafs/doc/html/AdminReference/auarf201.htm

179 lines
9.5 KiB
HTML
Raw Normal View History

initial-html-documentation-20010606 pull in all documentation from IBM
2001-06-06 20:09:07 +01:00
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 4//EN">
<HTML><HEAD>
<TITLE>Administration Reference</TITLE>
<!-- Begin Header Records ========================================== -->
<!-- /tmp/idwt3672/auarf000.scr converted by idb2h R4.2 (359) ID -->
<!-- Workbench Version (AIX) on 3 Oct 2000 at 16:18:30 -->
<META HTTP-EQUIV="updated" CONTENT="Tue, 03 Oct 2000 16:18:29">
<META HTTP-EQUIV="review" CONTENT="Wed, 03 Oct 2001 16:18:29">
<META HTTP-EQUIV="expires" CONTENT="Thu, 03 Oct 2002 16:18:29">
</HEAD><BODY>
<!-- (C) IBM Corporation 2000. All Rights Reserved -->
<BODY bgcolor="ffffff">
<!-- End Header Records ============================================ -->
<A NAME="Top_Of_Page"></A>
<H1>Administration Reference</H1>
<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf200.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf202.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
<P>
<H2><A NAME="HDRKNFS" HREF="auarf002.htm#ToC_215">knfs</A></H2>
<A NAME="IDX5183"></A>
<A NAME="IDX5184"></A>
<A NAME="IDX5185"></A>
<A NAME="IDX5186"></A>
<P><STRONG>Purpose</STRONG>
<P>Establishes basis for authenticated access to AFS from a non-supported NFS
client using the NFS/AFS Translator
<P><STRONG>Synopsis</STRONG>
<PRE><B>knfs -host</B> &lt;<VAR>host&nbsp;name</VAR>> [<B>-id</B> &lt;<VAR>user&nbsp;ID&nbsp;(decimal)</VAR>>]
[<B>-sysname</B> &lt;<VAR>host's&nbsp;'@sys'&nbsp;value</VAR>>] [<B>-unlog</B>] [<B>-tokens</B>] [<B>-help</B>]
<B>knfs -ho</B> &lt;<VAR>host&nbsp;name</VAR>> [<B>-i</B> &lt;<VAR>user&nbsp;ID (decimal)</VAR>>]
[<B>-s</B> &lt;<VAR>host's&nbsp;'@sys'&nbsp;value</VAR>>] [<B>-u</B>] [<B>-t</B>] [<B>-he</B>]
</PRE>
<P><STRONG>Description</STRONG>
<P>The <B>knfs</B> command creates an AFS credential structure on the
local machine, identifying it by a process authentication group (PAG) number
associated with the NFS client machine named by the <B>-hostname</B>
argument and by default with a local UID on the NFS client machine that
matches the issuer's local UID on the local machine. It places in
the credential structure the AFS tokens that the issuer has previously
obtained (by logging onto the local machine if an AFS-modified login utility
is installed, by issuing the <B>klog</B> command, or both). To
associate the credential structure with an NFS UID that does not match the
issuer's local UID, use the <B>-id</B> argument.
<P>Issue this command only on the NFS<SUP>(R)</SUP>/AFS translator machine that is
serving the NFS client machine, after obtaining AFS tokens on the translator
machine for every cell to which authenticated access is required. The
Cache Manager on the translator machine uses the tokens to obtain
authenticated AFS access for the designated user working on the NFS client
machine. This command is not effective if issued on an NFS client
machine.
<P>To enable the user on the NFS client machine to issue AFS commands, use the
<B>-sysname</B> argument to specify the NFS client machine's system
type, which can differ from the translator machine's. The NFS
client machine must be a system type for which AFS is supported.
<P>The <B>-unlog</B> flag discards the tokens in the credential structure,
but does not destroy the credential structure itself. The Cache Manager
on the translator machine retains the credential structure until the next
reboot, and uses it each time the issuer accesses AFS through the translator
machine. The credential structure only has tokens in it if the user
reissues the <B>knfs</B> command on the translator machine each time the
user logs into the NFS client machine.
<P>To display the tokens associated with the designated user on the NFS client
machine, include the <B>-tokens</B> flag.
<P>Users working on NFS client machines of system types for which AFS binaries
are available (and for which the cell has purchased a license) can use the
<B>klog</B> command rather than the <B>knfs</B> command.
<P><STRONG>Cautions</STRONG>
<P>If the translator machine's administrator has enabled UID checking by
issuing the <B>fs exportafs</B> command with the <B>-uidcheck on</B>
argument, it is not possible to use the <B>-id</B> argument to assign the
tokens to an NFS UID that differs from the issuer's local UID. In
this case, there is no point in including the <B>-id</B> argument, because
the only acceptable value (the issuer's local UID) is the value used when
the <B>-id</B> argument is omitted. Requiring matching UIDs is
effective only when users have the same local UID on the translator machine as
on NFS client machines. In that case, it guarantees that users assign
their tokens only to their own NFS sessions.
<P>This command does not make it possible for users working on non-supported
system types to issue AFS commands. This is possible only on NFS
clients of a system type for which AFS is available.
<P><STRONG>Options</STRONG>
<DL>
<P><DT><B>-host
</B><DD>Names the NFS client machine on which the issuer is to work.
Providing a fully-qualified hostname is best, but abbreviated forms are
possibly acceptable depending on the state of the cell's name server at
the time the command is issued.
<P><DT><B>-id
</B><DD>Specifies the local UID on the NFS client to which to assign the
tokens. The NFS client identifies file requests by the NFS UID, so
creating the association enables the Cache Manager on the translator machine
to use the appropriate tokens when filling the requests. If this
argument is omitted, the command interpreter uses an NFS UID that matches the
issuer's local UID on the translator machine (as returned by the
<B>getuid</B> function).
<P><DT><B>-sysname
</B><DD>Specifies the value that the local (translator) machine's remote
executor daemon substitutes for the <B>@sys</B> variable in pathnames when
executing AFS commands issued on the NFS client machine (which must be a
supported system type). If the NFS user's PATH environment
variable uses the <B>@sys</B> variable in the pathnames for directories
that house AFS binaries (as recommended), then setting this argument enables
NFS users to issue AFS commands by leading the remote executor daemon to
access the AFS binaries appropriate to the NFS client machine even if its
system type differs from the translator machine's.
<P><DT><B>-unlog
</B><DD>Discards the tokens stored in the credential structure identified by the
PAG associated with the <B>-host</B> argument and, optionally, the
<B>-id</B> argument.
<P><DT><B>-tokens
</B><DD>Displays the AFS tokens assigned to the designated user on the indicated
NFS client machine.
<P><DT><B>-help
</B><DD>Prints the online help for this command. All other valid options
are ignored.
</DL>
<P><STRONG>Output</STRONG>
<P>The following error message indicates that UID checking is enabled on the
translator machine and that the value provided for the <B>-id</B> argument
differs from the issuer's local UID.
<PRE>
knfs: Translator in 'passwd sync' mode; remote uid must be the same as local uid
</PRE>
<P><STRONG>Examples</STRONG>
<P>The following example illustrates a typical use of this command. The
issuer <B>smith</B> is working on the machine
<B>nfscli1.abc.com</B> and has user ID <B>1020</B> on
that machine. The translator machine
<B>tx4.abc.com</B> uses an AFS-modified login utility, so
<B>smith</B> obtains tokens for the ABC Corporation cell automatically
upon login via the <B>telnet</B> program. She then issues the
<B>klog</B> command to obtain tokens as <B>admin</B> in the ABC
Corporation's test cell, <B>test.abc.com</B>, and the
<B>knfs</B> command to associate both tokens with the credential structure
identified by machine name <B>nfs-cli1</B> and user ID
<B>1020</B>. She breaks the connection to <B>tx4</B> and works
on <B>nfscli1</B>.
<PRE> % <B>telnet tx4.abc.com</B>
. . .
login: <B>smith</B>
Password:
AFS(R) login
% <B>klog admin -cell test.abc.com</B>
Password:
% <B>knfs nfscli1.abc.com 1020</B>
% <B>exit</B>
</PRE>
<P>The following example shows user <B>smith</B> again connecting to the
machine <B>tx4</B> via the <B>telnet</B> program and discarding the
tokens.
<PRE> % <B>telnet translator4.abc.com</B>
. . .
login: <B>smith</B>
Password:
AFS(R) login
% <B>knfs nfscli1.abc.com 1020 -unlog</B>
% <B>exit</B>
</PRE>
<P><STRONG>Privilege Required</STRONG>
<P>None
<P><STRONG>Related Information</STRONG>
<P><A HREF="auarf200.htm#HDRKLOG">klog</A>
<P><A HREF="auarf208.htm#HDRPAGSH">pagsh</A>
<P>
<HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf200.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Top_Of_Page"><IMG SRC="../top.gif" BORDER="0" ALT="[Top of Topic]"></A> <A HREF="auarf202.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P>
<!-- Begin Footer Records ========================================== -->
<P><HR><B>
<br>&#169; <A HREF="http://www.ibm.com/">IBM Corporation 2000.</A> All Rights Reserved
</B>
<!-- End Footer Records ============================================ -->
<A NAME="Bot_Of_Page"></A>
</BODY></HTML>
Reference in New Issue Copy Permalink