IBM RELEASE 7.3 3.3.1. C onfiguring the System Man ager Authentication for S SM Clients, 3.3.2. C reating the SSM User Accou nts 3.3.2.1. The hpssuser Utilit y

•The proper authorization entries for the user are created in the AUTHZACL table.

3. The proper SSM configuration files are created and installed.

See Section 3.3.1: Configuring the System Manager Authentication for SSM Cli ents, Section 3.3.2:

Creating the SSM User Accounts, and Section 3.3.3: SSM Configuration File for the procedures for these

tasks.

See Section 3.3.4: SSM Help Files (Optiona on page 42, for instructions on installing the SSM help

package.

See Section 3.3.5: SSM Desktop Client Packaging on page 42, for instructions for inst alling hpssgui or

hpssadm on the user's desktop.

See Section 3.3.6: Using SSM Through a Firewall on page 44 for advice about using hpssgui or

hpssadm through a network firewall.

3.3.1. C onfiguring the System Man ager Authentication for S SM Clients

The System Manager is configured initially by mkhpss for new HPSS systems or by the conversion

utilities for upgraded HPSS systems to use the proper authentication mechanism.

If it is necessary later to modify the authentication mechanism for hpssgui or hpssadm users, or to add

an additional mechanism, bring up the Servers window, select the System Manager, and press the

Configure button. On the System Manager Configuration window, select the Interfac e Controls tab. For

the SSM Client Interface, make certain the checkbox for the desired Authentication Mechani sm, KRB5

or UNIX, is selected. Both mechanisms may be enabled if desired.

Next, select the Security Controls tab. If Kerberos authentication is desir ed, make certain one of the

Authentication Service Configurations is set to use a Mechanism of KRB5, an Authentica tor Type of

Keytab, and a valid keytab file name for Authenticator (default is /var/hpss/etc/hpss. keytab). If UNIX

authentication is desired, make certain one of the Authentication Service Configurat ions is set to use a

Mechanism of UNIX, an Authenticator Type of None, and no Authenticator.

To remove an authentication mechanism from the System Manager, so that no SSM user may be

authenticated using that mechanism, reverse the above process. Unselect the mechanism to be removed

from the SSM Client Interface on the Interface Controls tab. On the Security Controls tab, change the

Mechanism and Authenticator Type fields of the mechanism to be removed to Not Configured, and

change its Authenticator to blank.

See Section 5.1.1.2: Interface Controls on page 92, and Section 5.1.1.1: Security Control s on page 92, for

more information.

3.3.2. C reating the SSM User Accou nts3.3.2.1. The hpssuser Utilit y

The hpssuser utility is the preferred method for creating, modifying or deleting SSM users. It creat es the

necessary UNIX or Kerberos accounts. It creates an entry in the AUTHZACL table for the user with the

proper authorization.

The following is an example of using the hpssuser utility to provide administrative access to SSM to

user 'john'. In this example, the user already has either a UNIX or Kerberos account.

HPSS Management Guide November 2009

Release 7.3 (Revision 1.0) 35