*

HPSS_AUTHZ_TYPES

- Supported authorization types

*

HPSS_SITE_LOCATION

- Site Location

*

KRB5_INSTALL_PATH

- Kerberos installation path

*

KRB5_KDC_DIR

no default - platform dependent

*

- Kerberos directory containing local

config

 

files for KDC

*

KRB5_KDC_HOST

*

- Host for Kerberos KDC (just used by

mkhpss)

 

 

*HPSS_LDAP_URL

*If set and non-empty, specifies the URL of the LDAP server that

*the hpss ldap admin tool should connect to by default.

*HPSS_LDAP_SSL_KEYDB

*If set and non-empty, specifies the path to the SSL key db

*to use for SSL and indicates that SSL should be used to

*communicate with LDAP servers. If this is used, it is

*assumed that that a corresponding password stash file

*exists as well. This is the SSL stash (.sth) file, not

*the HPSS stash file used for SIMPLE LDAP binding.

*

*Do not set a default value; unset means something.

*HPSS_LDAP_BIND_TYPE

*Specifies the type of binding that should be done with LDAP

servers.

*This is independent of whether SSL is used in the connection to

*the LDAP server. You can still have encrypted communication if

you

*use GSSAPI, for example:

*- NONE - no bind is done; unauthenticated access

*- SIMPLE - simple (i.e. dn/password binding) determined by the

*

- if

settings of the

following:

*

HPSS_LDAP_BIND_ARG

is set, it specifies the path to a

*

stash file containing

the dn and password to use; see

*

ldap_stash.template for

an example.

*

if

not set, an error

is

generated.

*- GSSAPI - Kerberos binding via SASL.

*- (other) - an error is generated

*

*Do not set a default value; unset means something.

*HPSS_LDAP_BIND_ARG

*Specifies further data necessary to complete a bind.

*Interpretation is based on the setting of

*HPSS_LDAP_BIND_TYPE (which see).

*

*Do not set a default value; unset means something.

**************************************************************************

*

 

 

*/

"%L",

NULL},

{ "HPSS_SEC_REALM_NAME",

{ "HPSS_SITE_NAME",

"%H",

NULL},

{ "HPSS_SEC_REALM_ADMIN",

"admin/admin",

NULL},

{ "HPSS_KRB5_AUTHN_MECH",

"krb5",

NULL},

{ "HPSS_KRB5_KEYTAB_FILE",

"${HPSS_PATH_ETC}/hpss.keytab",

NULL},

"unix",

NULL},

{ "HPSS_UNIX_AUTHN_MECH",

{ "HPSS_UNIX_KEYTAB_FILE",

"$

 

{HPSS_PATH_ETC}/hpss.unix.keytab",

 

 

NULL},

"${HPSS_KRB5_AUTHN_MECH}",

{ "HPSS_PRIMARY_AUTHN_MECH",

HPSS Installation Guide

July 2008

Release 6.2 (Revision 2.0)

306

Page 306
Image 306
IBM HPSS manual Hpss Installation Guide July Release 6.2 Revision 306, Hpssldapurl