Introduction

The IBM® Distributed File System (DFS) requires Distribute Computing Environment (DCE) as a prerequisite. The Network File System (NFS), a distributed file system for storing files on a network, lets you access files and directories located on remote systems and treat those files and directories as if they were local. NFS Version 4 (NFS V4) is the latest defined client-to-server protocol for NFS. NFS V4, a significant upgrade from NFS V3, was defined under the IETF framework, and it introduces changes to the way NFS is implemented and used, including stronger security, wide area network sharing, and broader platform adaptability. NFS V4 uses Kerberos implementation and IBM Network Authentication Service (NAS) for security.

This article provides guidance and configuration steps for you to access both DFS and NFS V4 directories simultaneously. This is useful when you migrate from DFS to NFS V4. This article also answers some frequently asked questions, such as:

• Can the DCE authentication server be used as a Kerberos server for NFS V4 with a Kerberos client?
• Do I need to configure another Kerberos or NAS Server?
• Can I make use of DCE credentials?

This article assumes the following:

• DCE and DFS configuration already exists. For completeness, purpose commands to set up the DCE cell are provided.
• NFS V4 comes with IBM AIX® 5.3.0.0 by default. IBM NAS and NFS V4 filesets are available on the AIX 5.3 Expansion Pack.

The security layer used by NFS and the DCE security server follow the Kerberos protocol (Version 5). So the DCE security server can be used as key distribution center (KDC) for Kerberos client authentication. The encryption type that the DCE security server supports is DES only, so the same restriction applies to the Kerberos client. Because DCE does not support the kadmind server (typically required and provided by IBM NAS), you cannot use the kadmin interface for NAS administration. DCE services need to be used for administration purpose.

Back to top

Setting up DCE

Install and configure the DCE server using the config.dce script on AIX. For additional information, see the IBM Distributed Computing Environment Version 3.2 for AIX and Solaris Administration Guide: Introduction (see Resources).

The following example configures DCE on an AIX system whose hostname is aixdce17.in.ibm.com. For this scenario and configuration, the cell_admin password is test.

#config.dce -cell_name migrate_test -cell_admin cell_admin 
-dce_hostname aixdce17.in.ibm.com sec_srv cds_srv 
#show.cfg
Gathering component state information...

                 Component Summary for Host: aixdce17.in.ibm.com
           Component		Configuration State	Running State
Security Master server                Configured           Running
Security client                       Configured           Running
RPC                                   Configured           Running
Initial Directory server              Configured           Running
Directory client                      Configured           Running

The component summary is complete.

$cat /etc/krb5.conf
[libdefaults]
        default_realm = migrate_test
        default_keytab_name = /krb5/v5srvtab
        default_tkt_enctypes = des-cbc-crc
        default_tgs_enctypes = des-cbc-crc

[realms]
        migrate_test = {
                kdc = aixdce17.in.ibm.com:88
        }

[domain_realm]
        aixdce17.in.ibm.com = migrate_test
      

Back to top

Setting up the NAS client for NFS Server

The following command configures a NAS client to a DCE server on the host aixdce17.in.ibm.com. The example IBM NAS client is configured on aixdce3.in.ibm.com.

#config.krb5 -C -r migrate_test -d in.ibm.com -c aixdce17.in.ibm.com 
-s aixdce17.in.ibm.com

After configuration, check the /etc/krb5/krb5.conf file. The example contents of /etc/krb5.conf on aixdce3.in.ibm.com are:

# cat /etc/krb5/krb5.conf
[libdefaults]
        default_realm = migrate_test
        default_keytab_name = FILE:/etc/krb5/krb5.keytab
        default_tkt_enctypes = des3-cbc-sha1 arcfour-hmac aes256-cts des-cbc-md5
 des-cbc-crc
        default_tgs_enctypes = des3-cbc-sha1 arcfour-hmac aes256-cts des-cbc-md5
 des-cbc-crc

[realms]
        migrate_test = {
                kdc = aixdce17.in.ibm.com:88
                admin_server = aixdce17.in.ibm.com:749
                default_domain = in.ibm.com
        }

[domain_realm]
        .in.ibm.com = migrate_test
        aixdce17.in.ibm.com = migrate_test

[logging]
        kdc = FILE:/var/krb5/log/krb5kdc.log
        admin_server = FILE:/var/krb5/log/kadmin.log
        default = FILE:/var/krb5/log/krb5lib.log
      

Back to top

Modifying the NAS client configuration

Check the difference between the krb5.conf file that DCE created and the one NAS created. You see the difference in the encryption types between DCE and the NAS client. Modify the NAS client krb5.conf file so that it uses the DCE provided encryption types, and remove the admin_server details, because you are configuring the NAS client with DCE. So, the admin_server stanza is not needed in the NAS krb5.conf file. The example shows the modified NAS client krb5.conf file on aixdce3.in.ibm.

[libdefaults]
        default_realm = migrate_test
        default_keytab_name = FILE:/etc/krb5/krb5.keytab
        default_tkt_enctypes = des-cbc-crc
        default_tgs_enctypes = des-cbc-crc
[realms]
        migrate_test = {
                kdc = aixdce17.in.ibm.com:88
                default_domain = in.ibm.com
        }

[domain_realm]
        .in.ibm.com = migrate_test
        aixdce17.in.ibm.com = migrate_test

[logging]
        kdc = FILE:/var/krb5/log/krb5kdc.log
        admin_server = FILE:/var/krb5/log/kadmin.log
        default = FILE:/var/krb5/log/krb5lib.log

When trying to get the credentials using the kinit command on aixdce3.in.ibm.com (using the principal cell_admin with the password test, the following error message is displayed:

# kinit cell_admin
Unable to obtain initial credentials.
        Status 0x96c73a26 - Incorrect net address.

If you enable syslog logging on DCE for the KDC component, you will find that the NAS client sent a request to KDC without the net address. KDC responds with an incorrect net address message back to the NAS client. The following syslog message shows the dialog between the NAS client and the DCE KDC server

g 10 00:51:55 aixdce17 secd[17538]: AS_REQ 9.182.192.103(88): NO ADDRESS: cell_admin
@migrate_test for krbtgt/migrate_test@migrate_test, Incorrect net address (dce / krb)

To resolve this, modify the NAS client krb5.conf file to add a stanza noaddresses = false below the encryption types specification. The example NAS client krb5.conf file follows:

[libdefaults]
        default_realm = migrate_test
        default_keytab_name = FILE:/etc/krb5/krb5.keytab
        default_tkt_enctypes = des-cbc-crc
        default_tgs_enctypes = des-cbc-crc
        noaddresses = false
[realms]
        migrate_test = {
                kdc = aixdce17.in.ibm.com:88
                default_domain = in.ibm.com
        }

[domain_realm]
        .in.ibm.com = migrate_test
        aixdce17.in.ibm.com = migrate_test

[logging]
        kdc = FILE:/var/krb5/log/krb5kdc.log
        admin_server = FILE:/var/krb5/log/kadmin.log
        default = FILE:/var/krb5/log/krb5lib.log

Note: Enter the following command to synch the clock on the NAS client aixdce3.in.ibm.com with the clock on the DCE servers aixdce17.in.ibm.com:

#setclock aixdce3.in.ibm.com
Tue Aug 14 05:25:56 2007

Enter the following command to get the credentials from the DCE KDC from the NAS client on aixdce3.in.ibm.com:

# which kinit
/usr/krb5/bin/kinit 

# kinit cell_admin
Password for cell_admin@migrate_test:
# klist
Ticket cache:  FILE:/var/krb5/security/creds/krb5cc_0
Default principal:  cell_admin@migrate_test

Valid starting     Expires            Service principal
08/14/07 05:27:33  08/15/07 05:27:32  krbtgt/migrate_test@migrate_test
      

You can get the TGT on the NAS client from the DCE server. Now, you can proceed and complete the settings required to configure the NFS V4 server on aixdce3.in.ibm.com. Export a local directory from aixdce3.in.ibm.com, and try to mount it locally.

Next, set up NFS V4 with a NAS client that is configured to DCE servers as KDC.

Back to top

Setting the NFS server

1. Enter the following to check for the presence of the NFS V4 fileset:

   # lslpp -l | grep nfs bos.net.nfs.client 5.3.0.50 COMMITTED Network File System Client bos.net.nfs.client 5.3.0.50 COMMITTED Network File System Client

   
   
2. Enter the following command to check the base Operating System Runtime version.

   # lslpp -Lqc bos.rte bos:bos.rte:5.3.0.50: : :C: :Base Operating System Runtime: : : : : : :1:0:

   
   
3. Check the version of AIX:

   #cat /usr/lpp/bos/aix_release.level 5.3.0.0

   
   
4. Check for the presence of a cryptographic library. This fileset is required to configure NFS V4 with Kerberos:

   #lslpp -l | grep modcrypt modcrypt.base.includes 5.3.0.75 COMMITTED Cryptographic Library Include modcrypt.base.lib 5.3.0.75 COMMITTED Cryptographic Library (libmodcrypt.a)

   
   
5. Check to ensure that all subsystems of NFS group are running:

   #lssrc -g nfs Subsystem Group PID Status biod nfs 9390 active nfsd nfs 15854 active rpc.mountd nfs 10928 active nfsrgyd nfs 12254 active gssd nfs 18170 active rpc.lockd nfs 18770 active rpc.statd nfs 10352 active

   
   

Setting up an NFS domain

1. Check the current settings of the NFS domain:

   # chnfsdom Currnet local domain: N/A

   
   
2. Change it to the desired domain name:

   # chnfsdom in.ibm.com Currnet local domain: in.ibm.com

   
   

   The domain name on all the clients should also be the same one.

Creating NFS server principal on a DCE server acting as a KDC server

1. Create the NFS server principal on aixdce17.in.ibm.com where the DCE server is configured.
2. Get the cell_admin credentials.

   #dce_login cell_admin -test-

   
   
3. Create the NFS server principal:

   #dcecp>user create nfs/aixdce3.in.ibm.com -password nfstest -org none -group none -mypwd -test-

   
   
4. Get the default keytab file:

   #dcecp> keytab cat /.../migrate_test/hosts/aixdce17.in.ibm.com/config/keytab/self

   
   
5. Add the NFS principal to the keytab file on aixdce17.in.ibm.com.

   #dcecp>keytab add /.../migrate_test/hosts/aixdce17.in.ibm.com/config/keytab/self -member nfs/aixdce3.in.ibm.com -key nfstest

   
   

   The keytab file, v5srvtab, is in the /opt/dcelocal/krb5 directory.

6. Enter he following command to check whether the NFS principal is added in the keytab file:

   #dcecp> keytab list /.../migrate_test/hosts/aixdce17.in.ibm.com/config/keytab/self /.../migrate_test/hosts/aixdce17.in.ibm.com/self /.../migrate_test/host/aixdce17.in.ibm.com /.../migrate_test/host/aixdce17.in.ibm.com /.../migrate_test/ftp/aixdce17.in.ibm.com /.../migrate_test/ftp/aixdce17.in.ibm.com /.../migrate_test/hosts/aixdce17.in.ibm.com/cds-server /.../migrate_test/hosts/aixdce17.in.ibm.com/cds-server /.../migrate_test/hosts/aixdce17.in.ibm.com/self /.../migrate_test/nfs/aixdce3.in.ibm.com

   
   
7. Copy this file onto the NAS client at /etc/krb5 and rename it to krb5.keytab. Now the keytab file on the NAS client (aixdce3.in.ibm.com) is the same as the one on the DCE server (aixdce17.in.ibm.com).

   To verify that you have the correct keytab file on the NAS client, enter the following:

   # /usr/krb5/sbin/ktutil ktutil: read_kt /etc/krb5/krb5.keytab ktutil: l slot KVNO Principal ------ ------ ------------------------------------------------------ 1 1 hosts/aixdce17.in.ibm.com/self@migrate_test 2 1 host/aixdce17.in.ibm.com@migrate_test 3 2 host/aixdce17.in.ibm.com@migrate_test 4 1 ftp/aixdce17.in.ibm.com@migrate_test 5 2 ftp/aixdce17.in.ibm.com@migrate_test 6 1 hosts/aixdce17.in.ibm.com/cds-server@migrate_test 7 2 hosts/aixdce17.in.ibm.com/cds-server@migrate_test 8 2 hosts/aixdce17.in.ibm.com/self@migrate_test 9 1 nfs/aixdce3.in.ibm.com@migrate_test ktutil: q

   
   
8. To check that you are getting the credentials using the keytab file on NAS client (aixdce3.in.ibm.com), enter the following:

   # kinit -kt /etc/krb5/krb5.keytab nfs/aixdce3.in.ibm.com # klist Ticket cache: FILE:/var/krb5/security/creds/krb5cc_0 Default principal: nfs/aixdce3.in.ibm.com@migrate_test Valid starting Expires Service principal 08/14/07 06:51:58 08/15/07 06:51:56 krbtgt/migrate_test@migrate_test

   
   

Setting up the gssd daemon on the NFS V4 server

1. To enable NFS V4 using RPSEC-GSS, you have to create the map file between the keytab file on the server and the NFS server principal. This is done using the nfshostkey command, as shown below:

   # nfshostkey -p nfs/aixdce3.in.ibm.com -f /etc/krb5/krb5.keytab # nfshostkey -l nfs/aixdce3.in.ibm.com /etc/krb5/krb5.keytab

   
   
2. Use the chnfsrtd command to establish a mapping:

   # chnfsrtd -a migrate_test in.ibm.com

   
   
3. To export the directory to NFS V4 on the NFS Server (aixdce3.in.ibm.com), edit the file /etc/exports. If the file is not present, create the file and the directory that needs to be exported.

   #vi /etc/exports /umesh -vers=4,sec=krb5 :wq # cat /etc/exports /umesh -vers=4,sec=krb5 #exportfs -va

   
   
4. Restart the nfs group daemons.

   #stopsrc -g nfs; startsrc -g nfs

   
   
5. Get the credentials for the NFS server principal, and mount the exported filesystem under /mnt/nfstest.

   #kinit -kt /v5srvtab nfs/aixdce3.in.ibm.com #klist #mount -o vers=4,sec=krb5 aixdce3.in.ibm.com:/umesh /mnt/nfstest

   
   
6. Go to the path where the filesystem is mounted, and check the credentials. You should receive the service ticket for NFS principal.

   #cd /mnt/nfstest # ls -l total 40 -rw-r--r-- 1 root sys 279 Dec 06 2006 C539INA.upd drwxrwx--- 2 root system 512 Dec 06 2006 lost+found drwxr-sr-x 2 root sys 2048 Dec 13 2006 ptf11 drwxr-sr-x 6 root sys 512 Dec 06 2006 rational drwxr-sr-x 3 root sys 512 Mar 11 22:42 svt # klist Ticket cache: FILE:/var/krb5/security/creds/krb5cc_0 Default principal: nfs/aixdce3.in.ibm.com@migrate_test Valid starting Expires Service principal 08/14/07 06:51:58 08/15/07 06:51:56 krbtgt/migrate_test@migrate_test 08/14/07 07:17:56 08/15/07 06:51:56 nfs/aixdce3.in.ibm.com@migrate_test

   
   

Back to top

Setting the DFS and NFS clients

Mount the exported filesystem on the NFS V4 client machine where the DCE client (aixdce25.in.ibm.com) is configured to the DCE server (aixdce17.in.ibm.com). The prerequisite on DCE client NAS needs to be present, but it should not be configured. The DCE client needs to be present and configured.

1. Check to see if NAS is installed on aixdce25.in.ibm.com.

   # lslpp -l | grep krb5 krb5.client.rte 1.4.0.7 COMMITTED Network Authentication Service krb5.client.samples 1.4.0.7 COMMITTED Network Authentication Service krb5.doc.Ja_JP.html 1.4.0.7 COMMITTED Network Auth Service HTML krb5.doc.Ja_JP.pdf 1.4.0.7 COMMITTED Network Auth Service PDF krb5.doc.en_US.html 1.4.0.7 COMMITTED Network Auth Service HTML krb5.doc.en_US.pdf 1.4.0.7 COMMITTED Network Auth Service PDF krb5.doc.ko_KR.html 1.4.0.7 COMMITTED Network Auth Service HTML krb5.doc.ko_KR.pdf 1.4.0.7 COMMITTED Network Auth Service PDF krb5.doc.zh_CN.html 1.4.0.7 COMMITTED Network Auth Service HTML krb5.doc.zh_CN.pdf 1.4.0.7 COMMITTED Network Auth Service PDF krb5.lic 1.4.0.7 COMMITTED Network Authentication Service krb5.msg.en_US.client.rte 1.4.0.7 COMMITTED Network Auth Service Client krb5.server.rte 1.4.0.7 COMMITTED Network Authentication Service krb5.toolkit.adt 1.4.0.7 COMMITTED Network Authentication Service krb5.client.rte 1.4.0.7 COMMITTED Network Authentication Service krb5.server.rte 1.4.0.7 COMMITTED Network Authentication Service

   
   
2. Check to see if the DCE client is installed on aixdce25.in.ibm.com.

   $lslpp -l | grep dce csm.gui.dcem 1.4.1.10 COMMITTED Distributed Command Execution dce.client.rte 3.2.0.10 COMMITTED DCE Client Services dce.client.rte.admin 3.2.0.10 COMMITTED DCE Client Administrative dce.client.rte.cds 3.2.0.9 COMMITTED DCE Client CDS Tools dce.client.rte.config 3.2.0.6 COMMITTED DCE Client Configuration Tools dce.client.rte.pthreads 3.2.0.0 COMMITTED DCE Threads Compatibility dce.client.rte.rpc 3.2.0.4 COMMITTED DCE Client RPC Tools dce.client.rte.security 3.2.0.9 COMMITTED DCE Client Security Tools dce.client.rte.time 3.2.0.4 COMMITTED DCE Client Time Tools dce.client.rte.zones 3.2.0.0 COMMITTED DCE Client Time Zones dce.client.rte 3.2.0.10 COMMITTED DCE Client Services dce.client.rte.admin 3.2.0.10 COMMITTED DCE Client Administrative dce.client.rte.cds 3.2.0.9 COMMITTED DCE Client CDS Tools dce.client.rte.config 3.2.0.6 COMMITTED DCE Client Configuration Tools dce.client.rte.pthreads 3.2.0.0 COMMITTED DCE Threads Compatibility dce.client.rte.rpc 3.2.0.4 COMMITTED DCE Client RPC Tools dce.client.rte.security 3.2.0.9 COMMITTED DCE Client Security Tools dce.client.rte.time 3.2.0.0 COMMITTED DCE Client Time Tools dce.client.rte.zones 3.2.0.0 COMMITTED DCE Client Time Zones

   
   
3. Configure the DCE client to the DCE server.

   # config.dce -cell_name migrate_test -dce_hostname aixdce25.in.ibm.com -sec_master aixdce17.in.ibm.com -cds_server aixdce17.in.ibm.com

   
   
4. Check the configuration on the DCE client.

   #show.cfg Gathering component state information... Component Summary for Host: aixdce25.in.ibm.com Component Configuration State Running State Security client Configured Running RPC Configured Running Directory client Configured Running DTS client Configured Running The component summary is complete.

   
   
5. Check the contents of the /etc/krb5.conf file. Use the information under Modification in NAS Client configuration to edit this file.

   # cat /etc/krb5.conf [libdefaults] default_realm = migrate_test default_keytab_name = FILE:/etc/krb5/krb5.keytab default_tkt_enctypes = des-cbc-crc default_tgs_enctypes = des-cbc-crc noaddresses = false [realms] migrate_test = { kdc = aixdce17.in.ibm.com:88 default_domain = in.ibm.com } [domain_realm] .in.ibm.com = migrate_test aixdce17.in.ibm.com = migrate_test

   
   
6. Check that kinit points to kinit of the NAS binary directory.

   # which kinit /usr/krb5/bin/kinit

   
   
7. Check to ensure that a link is created from /etc/krb5.conf to /etc/krb5/krb5.conf.

   # cd /etc/krb5 # ln -s /etc/krb5.conf krb5.conf # ls -l total 32 lrwxrwxrwx 1 root system 14 Aug 14 01:29 krb5.conf -> /etc/krb5.conf

   
   
8. Copy the keytab file from the DCE server (aixdce17.in.ibm.com) to the DCE client (aixdce25.in.ibm.com) in /etc/krb5 as krb5.keytab.
9. Check getting credentials using the keytab file.

   # kinit -kt /etc/krb5/krb5.keytab nfs/aixdce3.in.ibm.com # klist Ticket cache: FILE:/opt/dcelocal/var/security/creds/dcecred_80e8e000 Default principal: nfs/aixdce3.in.ibm.com@migrate_test Valid starting Expires Service principal 08/14/07 08:14:12 08/15/07 08:14:12 krbtgt/migrate_test@migrate_test

   
   
10. Using the dce_login command, get the DCE cell_admin credentials and copy them under the /var/krb5/security/creds directory as krb5cc_0.

    #dce_login cell_admin Enter Password: Password must be changed! DCE LOGIN SUCCESSFUL Warning: This account has been marked by an administrator, recommending that the password be changed. Do you wish to change now [y/n]? (y) n # klist Ticket cache: FILE:/opt/dcelocal/var/security/creds/dcecred_80f8aa00 Default principal: cell_admin@migrate_test Valid starting Expires Service principal 08/14/07 08:18:52 08/14/07 18:18:52 krbtgt/migrate_test@migrate_test 08/14/07 08:18:52 08/14/07 18:18:52 dce-rgy@migrate_test 08/14/07 08:18:53 08/14/07 10:18:53 dce-ptgt@migrate_test 08/14/07 08:18:53 08/14/07 10:18:53 krbtgt/migrate_test@migrate_test for client dce-ptgt@migrate_test 08/14/07 08:18:53 08/14/07 10:18:53 dce-rgy@migrate_test for client dce-ptgt@migrate_test # # cp /opt/dcelocal/var/security/creds/dcecred_80f8aa00 /var/krb5/security/creds/krb5cc_0

    
    
11. Mount the NFS V4 exported directory exported by aixdce3.in.ibm.com onto aixdce25.in.ibm.com.

    # mount -overs=4,sec=krb5 aixdce3.in.ibm.com:/umesh /home/nfstest # pwd /home # cd nfstest # ls -l total 40 -rw-r--r-- 1 root sys 279 Dec 06 2006 C539INA.upd drwxrwx--- 2 root system 512 Dec 06 2006 lost+found drwxr-sr-x 2 root sys 2048 Dec 13 2006 ptf11 drwxr-sr-x 6 root sys 512 Dec 06 2006 rational drwxr-sr-x 3 root sys 512 Mar 11 22:42 svt # klist Ticket cache: FILE:/opt/dcelocal/var/security/creds/dcecred_80f8aa00 Default principal: cell_admin@migrate_test Valid starting Expires Service principal 08/14/07 08:18:52 08/14/07 18:18:52 krbtgt/migrate_test@migrate_test 08/14/07 08:18:52 08/14/07 18:18:52 dce-rgy@migrate_test 08/14/07 08:18:53 08/14/07 10:18:53 dce-ptgt@migrate_test 08/14/07 08:18:53 08/14/07 10:18:53 krbtgt/migrate_test@migrate_test for client dce-ptgt@migrate_test 08/14/07 08:18:53 08/14/07 10:18:53 dce-rgy@migrate_test for client dce-ptgt@migrate_test

    
    

Back to top

Conclusion

In this article you learned how DCE KDC service can be used as a Kerberos server to an NAS client. This article offered help in using DCE and DFS setup, as well as NFS V4 with a single KDC that is DCE KDC.

Resources

Learn

• DCE replacement strategies Redbook® recommends strategies that you can use to replace the Distributed Computing Environment (DCE) dependencies in your environment and move to new technologies.
  
  
• IBM DCE documentation library provides additional information on DCE.
  
  
• Guide to IBM DCE Administration PDF file provides concepts and procedures that enable you to manage the AIX and Solaris versions of the DCE.
  
  
• Secure communication with Kerberized OpenSSH on AIX Version 5.3 using Windows® Kerberos service (developerWorks, June 2006) describes how to configure the Kerberized Open Secure Shell.
  
  
• IBM NFS/DFS Authentication Gateway (developerWorks, Jan 2006) describes the various strategies for migrating from the DCE and DFS infrastructures to NFS Version 4 on AIX and Linux™.
  
  
• AIX and UNIX: The AIX and UNIX developerWorks zone provides a wealth of information relating to all aspects of AIX systems administration and expanding your UNIX skills.
  
  
• New to AIX and UNIX?: Visit the New to AIX and UNIX page to learn more about AIX and UNIX.
  
  
• Popular content: See what AIX and UNIX content your peers find interesting.
  
  
• AIX Wiki: Discover a collaborative environment for technical information related to AIX.
  
  
• Search the AIX and UNIX library by topic:
  • System administration
  • Application development
  • Performance
  • Porting
  • Security
  • Tips
  • Tools and utilities
  • Java™ technology
  • Linux®
  • Open source
  
  
• Safari bookstore: Visit this e-reference library to find specific technical resources.
  
  
• developerWorks technical events and webcasts: Stay current with developerWorks technical events and webcasts.
  
  
• Podcasts: Tune in and catch up with IBM technical experts.
  
  

Get products and technologies

• IBM trial software: Build your next development project with software for download directly from developerWorks.
  
  

Discuss

• Participate in the discussion forum.
  
  
• developerWorks blogs: Get involved in the developerWorks community.
  
  
• Participate in the AIX and UNIX forums:
  • AIX—technical forum
  • AIX 6 Open Beta
  • AIX for Developers Forum
  • Cluster Systems Management
  • IBM Support Assistant
  • Performance Tools—technical
  • Virtualization—technical
  • More AIX and UNIX forums
  
  

About the authors

Umesh Prabhakar Gaikwad is a Staff Software Engineer for IBM India Software Labs. He has worked for IBM for the past three years, focusing on distributed computing Environment (DCE) on AIX, Windows, and Solaris. He is currently involved in Level 3 activities for IBM DCE products. Umesh holds a bachelor's degree in computer science and engineering from the University of Pune, India.

Sachin Punadikar is a Principal Software Engineer for IBM India Software Labs. He has worked for IBM for the past seven years. He has experience in file systems (DFS), transaction processing monitors (TXSeries Encina), and security products such as Network Authentication Service (NAS). He is currently developing new features for the IBM Network Authentication Service, along with its product support. Sachin holds a bachelor's degree in computer science and engineering from Shivaji University, Kolhapur, India. You can contact him at psachin@in.ibm.com.

Comments (Undergoing maintenance)

Back to top

Trademarks  |  My developerWorks terms and conditions

Table of contents

• Introduction
• Setting up DCE
• Setting up the NAS client for NFS Server
• Modifying the NAS client configuration
• Setting the NFS server
• Setting the DFS and NFS clients
• Conclusion
• Resources
• About the authors
• Comments

Local resources

• IBM Innovation Center - Austin, TX
• IBM Innovation Center - Chicago, IL
• IBM Innovation Center - Dallas, TX
• IBM Innovation Center - San Mateo, CA
• IBM Innovation Center - Waltham, MA
• Technical Briefings in North America

My developerWorks community

Dig deeper into AIX and UNIX on developerWorks

Calling all developers

Download no charge Lotus Domino Designer

Special offers