HPSS_PRIMARY_AUTHN_MECH=krb5

HPSS_PRIMARY_AUTHENTICATOR=/krb5/hpss.keytabs

Valid settings for unix authentication are:

HPSS_PRIMARY_AUTHN_MECH=unix

HPSS_PRIMARY_AUTHENTICATOR=/etc/passwd

The new authorization is performed based on the contents of /var/hpss/etc/site.conf. This file will tell HPSS to use unix authorization, or to use LDAP and how to contact the LDAP server based on the URL entered.

Invoke the mkhpss utility and select the appropriate options to support the authentication and authorization mechanisms chosen previously.

% /opt/hpss/bin/mkhpss

There are four main sections to this screen:

Configure Authentication Service

Configure Authorization Service

Enable Local Unix Passwd Files

Configure server accounts

In the "Configure Authentication Service" section, set the Authentication Service field to Kerberos or Unix by means of the drop down menu on the field. If Unix is selected, no further modification to this section is necessary. If Kerberos is selected, complete the remaining fields of the section appropriately. Be certain to unselect the "Create the KDC" subsection if your KDC already exists and you do not want mkhpss to recreate it.

In the "Configure Authorization Service" section, set the Local Site Name, Local Realm Name, and Local Realm ID. Set the Authorization Service field to "Unix and config files" or "LDAP" by means of the drop down menu on the field. If Unix is selected, no further modification to this section is necessary. If LDAP is selected, complete the remaining fields of the section appropriately.

Enable the checkbox of the "Enable Local Unix Passwd Files" section and complete all the fields if you want to use a set of password and group files for HPSS use only. If you wish to use system password and group files (such as /etc/passwd and /etc/group, for example), unselect the checkbox for this section.

Enable the checkbox for the "Configure server accounts" section to request mkhpss to create accounts for the HPSS server principals.

An example configuration for a site that desires Kerberos authentication with LDAP authorization is displayed below:

HPSS Installation Guide

July 2008

Release 6.2 (Revision 2.0)

200

Page 199 Page 201
Page 200
Image 200
IBM HPSS manual Hpss Installation Guide July Release 6.2 Revision 200
Page 199 Page 201
Top Page Image Contents