IBM HPSS Install Authentication and Authorization Mechanisms, Install and Configure Kerberos

•Acquire Kerberos or LDAP software, as needed. See Section 6.2.3: New Authentication and Authorization Mechanisms on page 182 for a list of valid authentication and authorization combinations. See Section 5.2: Install Prerequisite Software on page 137 for more information on obtaining MIT or IBM Kerberos and LDAP.

•Acquire DB2 UDB

•Acquire software to upgrade AIX, if necessary

•Acquire Java software

•Acquire HPSS Release 6.2 distribution images

6.3.3. Install Authentication and Authorization Mechanisms

Select the desired authentication and authorization mechanisms to replace DCE. See Section 6.2.3: New Authentication and Authorization Mechanisms on page 182 to aid in choosing a mechanism. See Section 5.2: Install Prerequisite Software on page 137 for more information on installing MIT or IBM Kerberos or LDAP.

Unix Authentication and Authorization

If Unix is selected for the authentication and authorization method, no special instructions are required for this step.

Install and Configure Kerberos

•Kerberos must be installed in order to successfully compile and use the PFTP client with HPSS 6.2.

•This step can be performed while the HPSS 4.5 or 5.1 system is running.

Configuration of Kerberos will not be covered in this document, as converting principals and groups from DCE into Kerberos is handled outside of the conversion process. If Kerberos authentication is selected, the site is responsible for ensuring that DCE account information (principal, group, password) is transferred into Kerberos by their own means.

Install and Configure LDAP

The steps in this section can be performed while the HPSS 4.5 or 5.1 system is running.

LDAP requires 400MB free space in /opt/IBM/ldap/V6.0. To install LDAP, untar the LDAP release file (e.g. itds60-aix-ppc-native.tar). After the LDAP code is extracted, use smitty or the software installation tool of choice to install the code/packages. The steps described below will assist a site with setting up LDAP with simple authentication rather than with Kerberos authentication.

5.Ensure the ldap user and ldap group exist. Create the hpssldap user and add to the HPSS DB2 INSTANCE_OWNER group (e.g. hpssdb). Ensure root is in the instance owner group as well. Perform a login command after creating the hpssldap user to initialize the password for the new user.

6.Add the db2profile lines to the new LDAP instance owner’s .profile or .cshrc. See the HPSS instance owner’s .profile for an example. Ensure the db2profile is sourced for the LDAP