hpss_ldap_import to convert DCE authorization information into LDAP.
•Kerberos authentication and Unix authorization. In this case, the site determines on its own how to convert DCE authentication information into Kerberos. The site will then use hpss_unix_import to convert DCE authorization information into Unix. Depending on environment variables, the hpss_unix_import program may import authentication information (i.e. Create a password for the Unix user) into Unix. The site could manually reset or remove the password from the converted Unix accounts if this is an issue after running the hpss_unix_import program.
6.2.3.1. Authentication Mechanisms
A site may select between Unix or Kerberos authentication. Some pros and cons of each are listed below.
Unix:
•Cross cell authentication is not supported.
•Can choose to use either system password or HPSS password file.
•Can degrade performance as the number of HPSS users increases due to sequential seeking through password file.
•Encryption is performed using Unix encrypt function.
•HPSS servers/processes utilize Unix keytab file.
•Can use LDAP or Unix as authorization mechanism.
•The hpss_dce_export and hpss_unix_import utilities are provided to convert DCE authentication information.
Kerberos:
•Cross cell authentication information is not converted; thus, not covered in this document.
•Using an institutional Kerberos server can complicate conversion if UID conflicts exists between current DCE principals or groups and existing Kerberos principals or groups.
•Uses underlying Kerberos encryption algorithms.
•HPSS servers/processes utilize Kerberos keytab file.
•Requires LDAP as authorization mechanism; Unix authorization not supported.
•No utilities are provided to convert DCE information to Kerberos. Site are required to perform the conversion from DCE on their own.
6.2.3.2. Authorization Mechanisms
A site may select between Unix or LDAP authorization. Some pros and cons of each are listed below.
Unix:
•Can degrade performance as the number of HPSS users increases due to sequential seeking through password file.
•Easier to setup and manage than LDAP.
HPSS Installation Guide | July 2008 |
Release 6.2 (Revision 2.0) | 183 |