IBM RELEASE 7.3 3.3. Configuration and Startup of hpssgui and hp ssadm

·When you have decided on the hpssgui command line that is best for your installation, it will

probably be useful to put the command in a shell script for the convenience of all SSM

Administrators and Operators. For example, create a file called “gui” and put the f ollowing

in it:

/opt/hpss/bin/hpssgui.pl \

-m /my_directory/my_ssm.conf \

-d \

-S /tmp/hpssguiSessionLog.$(whoami)

Please refer to the hpssgui man page for an extensive list of command line options. For

example, some sites prefer to set the date format to a USA military format using the -D

“kk:mm:ss dd-MMM-yyyy” option. Additionally, Section 3.3.3: SSM Configurati on File below

provides a table of variables you can set in the SSM configuration file instead of using command

line options; this section also covers all the various files that t he hpssgui script uses.

3.3. Configuration and Startup of hpssgui and hp ssadm

This section describes in detail the procedures for configuring SSM and c reating an SSM user account

with the proper permissions to start up an hpssgui or hpssadm session. It also explains how to install

the SSM client on the user's desktop (the recommended configuration for hpssgui) and how to deal with

special situations such as firewalls.

In the discussion that follows, authentication ensures that a user is who they claim to be relative to the

system. Authorization defines the user's rights and permissions within the system.

Like other components of HPSS, SSM authenticates its users by using either Kerberos or UNIX. Users

of the hpssgui and hpssadm utilities are authenticated to SSM by either a Kerberos principal and a

password or by a UNIX username and a password. The System Manager must be configured to use the

appropriate authentication and a Kerberos principal or UNIX user account must be created for each SSM

user.

Unlike other components of HPSS, SSM does not use LDAP or UNIX to authorize its users. SSM users

are authenticated based on their entries in the HPSS DB2 AUTHZACL table. Through this table, SSM

supports two levels of SSM client authorization:

admin This security level is normally assigned to an HPSS administrator. The admin

user can view all SSM windows and perform all control functions provided by

SSM.

operator This security level is normally assigned to an HPSS operator. The operator user

can view most SSM windows and perform all SSM control functions except for

changing the HPSS configuration.

Configuration of an SSM user requires that:

1. The System Manager is configured to accept the desired authentication mechanism.

2. The proper user accounts are created:

•UNIX or Kerberos accounts are created for the user authentication.

HPSS Management Guide November 2009

Release 7.3 (Revision 1.0) 34