Manuals / IBM / Computer Equipment / Laptop

IBM SG24-5131-00 manual Kerberos Security

Models: SG24-5131-00

1 240

Download 240 pages 48.89 Kb

Page 205

After that, identify the HACWS event scripts to HACMP by executing the

/usr/sbin/hacws/spcw_addevents

command, and verify the configuration with the

/usr/sbin/hacws/hacws_verify

command. You should also check the cabling from the backup cws with the

/usr/sbin/hacws/spcw_verify_cabling

command. Then reboot the primary and the backup cws, one after the other, and start cluster services on the primary cws with smit clstart. After cluster services is up and running, check that control workstation services, such as SDRGetObjects, are working as expected. If everything is fine, start up cluster services on the backup cws as well. Check for the completion of the cluster services startup with the following command:

grep "SPCW_APPS COMPLETE" /tmp/hacmp.out

Now you can cause a failover by stopping cluster services on the primary cws and see whether cws services are still available afterwards.

9.2 Kerberos Security

To understand security, we have to clarify some definitions first.

Identification is the process by which an entity tells another who it is.

Authentication is the process by which the other entity verifies this identity.

Authorization is the process performed by an entity to check if an agent, whose identity has previously been authenticated, has or does not have the necessary privileges to carry out some action.

Additionally, if information is transferred over an insecure network, as any TCP/IP network basically is, there is always a chance that someone is listening, so some sort of encryption is required.

These issues are solved with kerberos.

Special RS/6000 SP Topics 187

Image 205

IBM SG24-5131-00 manual Kerberos Security

Contents

AIX Hacmp Page AIX Hacmp Take Note Contents Iv IBM Certification Study Guide AIX Hacmp Page Vi IBM Certification Study Guide AIX Hacmp Vii Appendix A. Special NoticesViii IBM Certification Study Guide AIX Hacmp Figures IBM Certification Study Guide AIX Hacmp Tables Xii IBM Certification Study Guide AIX Hacmp Xiii PrefaceTeam That Wrote This Redbook Your comments are important to us Comments WelcomeXvi IBM Certification Study Guide AIX Hacmp IBM Certified Specialist AIX Hacmp Certification OverviewCertification Requirement two Tests Recommended PrerequisitesCertification Exam Objectives PreinstallationHacmp Implementation System Management Certification Education Courses Following table outlines information about the next course IBM Certification Study Guide AIX Hacmp Cluster Nodes Cluster PlanningCPU Options Cluster Node Considerations Cluster Planning Switch adapter is onboard and does not need an extra slot 1 TCP/IP Networks Cluster NetworksSupported TCP/IP Network Types Special Network Considerations Slip SoccCluster Planning Supported Non-TCP/IP Network Types Non-TCPIP NetworksSerial RS232 Special ConsiderationsSSA Disks Cluster DisksTarget-mode Scsi Target-mode SSAHost Specification 1.2 Supported and Non-Supported Adapters Disk CapacitiesRules for SSA Loops Cluster Planning RAID Level RAID vs. Non-RAID RAID TechnologyRAID Levels 2 RAID on the 7133 Disk Subsystem Advantages Disks Scsi DisksSubsystems Advantages Disadvantages Resource Group Options Resource PlanningCluster Planning Shared LVM Components Hot-Standby ConfigurationHot-Standby Configuration Rotating Standby ConfigurationMutual Takeover Configuration Mutual Takeover ConfigurationThird-Party Takeover Configuration Third-Party Takeover ConfigurationIP Address Takeover Concurrent Disk Access ConfigurationsSingle Network Network TopologyPoint-to-Point Connection Dual NetworkNetwork Name NetworksNetwork Attribute Adapter Label Network AdaptersAdapter Function Cluster Planning Defining Hardware Addresses Application Planning NFS Exports and NFS MountsApplication Startup and Shutdown Routines Performance RequirementsCoexistence with other Applications Licensing MethodsCritical/Non-Critical Prioritizations Event Customization Customization PlanningSpecial Application Requirements Event NotificationPredictive Event Error Correction Error NotificationSample Screen for Add a Notification Method Application Failure NotificationCluster User and Group IDs User ID PlanningHome Directories on Shared Volumes Cluster PasswordsUser Home Directory Planning NFS-Mounted Home DirectoriesNFS-Mounted Home Directories on Shared Volumes Adapter Slot Placement Cluster Node SetupCluster Hardware and Software Preparation Rootvg MirroringIBM Certification Study Guide AIX Hacmp Procedure This is so that the Quorum OFF functionality takes effect Necessary Apar Fixes AIX Prerequisite LPPs4.1 I/O Pacing AIX Parameter SettingsChecking Network Option Settings Cron and NIS Considerations Editing the /.rhosts File Cabling Considerations Network Connection and TestingIP Addresses and Subnets Connecting Networks to a HubTesting Non TCP/IP Networks Configuring Target Mode Scsi Configuring RS232Testing RS232 and Target Mode Networks Configuring Target Mode SSA1 SSA Cluster Disk SetupCabling Adapter Router AIX ConfigurationDisk Definitions Adapter Definitions#lsdev -Cc disk grep SSA DiagnosticsMicrocode Loading Upgrade InstructionsCluster Hardware and Software Preparation Scsi Configuring a RAID on SSA DisksScsi Adapters Connecting RAID SubsystemsRAID Enclosures 110 RAIDiant Arrays Connected on Two Shared 8-Bit Scsi Buses Cluster Hardware and Software Preparation #2416 Adapter Scsi ID and Termination change Termination F1=Help F2=Refresh # chdev -l scsi1 -a id=6 -P Change/Show Characteristics of a Scsi Adapter Shared LVM Component ConfigurationCreating Shared VGs Creating VGs for Concurrent AccessCreating Non-Concurrent VGs Physical Volume Names Creating Shared LVs and File Systems Renaming a jfslog and Logical Volumes on the Source NodeAdding Copies to Logical Volume on the Source Node Mirroring Strategies Testing a File SystemImporting to Other Nodes Changing a Volume Group’s Startup Status Quorum at Vary On QuorumQuorum Disabled Quorum EnabledQuorum after Vary On Disabling and Enabling QuorumQuorum in Concurrent Access Configurations Quorum in Non-Concurrent Access ConfigurationsAlternate Method TaskGuide Forcing a VaryonStarting the TaskGuide IBM Certification Study Guide AIX Hacmp Installing Hacmp Hacmp Installation and Cluster DefinitionFirst Time Installs Cluster.base.server.utils Cluster.hc Rebooting Servers Install Server NodesUpgrading From a Previous Version Upgrade AIX on One Node Check Upgraded Configuration Install Hacmp 4.3 for AIX on Node aClient-only Migration Defining Cluster Topology Defining Nodes Defining the ClusterDefining Adapters Hacmp Installation and Cluster Definition Node Name Adding or Changing Adapters after the Initial Configuration Configuring Network ModulesSynchronizing the Cluster Definition Across Nodes Ignore Cluster Defining Resources Configuring Resource GroupsService IP Label Configuring Resources for Resource GroupsDefining Application Servers Configuring Run-Time ParametersClverify Initial TestingSynchronizing Cluster Resources Takeover and Reintegration Initial StartupCluster Snapshot Applying a Cluster Snapshot Hacmp Installation and Cluster Definition IBM Certification Study Guide AIX Hacmp Predefined Cluster Events Cluster CustomizationAcquiretakeoveraddr AcquireserviceaddrGetdiskvgfs NodeupremoteSequence of nodedown Events ReleaseserviceaddrNodedownlocal NodedownremoteNetwork Events Networkdown StartserverNetworkup NetworkupcompleteReconfigtopologystart ConfigtoolongNetwork Adapter Events SwapadapterConfiguration Resources Cluster Events Change/Show Cluster Event Recovery and RetryPre- and Post-Event Processing Event NotificationEvent Emulator Network Modules/Topology Services and Group Services NFS considerations Creating Shared Volume GroupsNFS Mounting Exporting NFS File SystemsCascading Takeover with Cross Mounted NFS File Systems Creating NFS Mount Points on ClientsNFS Cross Mounts Caveats about Node Names and NFSCross Mounted NFS File Systems and the Network Lock Manager SLEEP=2 Done Node Verification Cluster TestingDevice State 131Process State System ParametersNetwork State Cluster State LVM StateAdapter Failure Simulate ErrorsEthernet or Token Ring Interface Failure Ethernet or Token Ring Adapter or Cable Failure Switch Adapter FailureRe-attach the cables Failure of a 7133 AdapterAIX Crash Node Failure / ReintegrationCPU Failure 2.3 TCP/IP Subsystem Failure Network FailureMirrored rootvg Disk hdisk0 Failure Disk FailureMirrored 7133 Disk Failure 4.2 7135 Disk FailureApplication Failure IBM Certification Study Guide AIX Hacmp Cluster Log Files Cluster Troubleshooting143 Daemons ConfigtoolongDeadman Switch Extending the syncd Frequency Tuning the System Using I/O PacingIncrease Amount of Memory for Communications Subsystem Node Isolation and Partitioned Clusters Changing the Failure Detection RateDgsp Message Troubleshooting Strategy User ID ProblemsIBM Certification Study Guide AIX Hacmp Monitoring the Cluster Cluster Management and Administration151 Monitoring Clusters using HAView Clstat Command3.1 /var/adm/cluster.log System Error Log3.2 /tmp/hacmp.out 3.3 /usr/sbin/cluster/history/cluster.mmddStarting and Stopping Hacmp on a Node or a Client Cluster Manager daemon clstrmgr Hacmp DaemonsCluster Smux Peer daemon clsmuxpd Cluster Lock Manager daemon cllockdCluster Topology Services daemon topsvcsd Starting Cluster Services on a NodeCluster Group Services daemon grpsvcsd Cluster Information Program daemon clinfoAutomatically Restarting Cluster Services Stopping Cluster Services on a NodeTypes of Cluster Stops When to Stop Cluster servicesGraceful ForcedMaintaining Cluster Information Services on Clients Starting and Stopping Cluster Services on ClientsNodes Replacing Failed ComponentsAdapters Disks 3.1 SSA/SCSI Disk Replacement RAIDSync the volume group smit clsyncvg Changing Shared LVM Components Manual UpdateLazy Update Spoc IBM Certification Study Guide AIX Hacmp Changing Cluster Resources TaskGuideTaskGuide Requirements Synchronize Cluster Resources 1 Add/Change/Remove Cluster ResourcesDare Resource Migration Utility Sticky Resource Migration Resource Migration TypesNon-Sticky Resource Migration Locations Default LocationNode Name Stop Location Using the cldare Command to Migrate ResourcesStopping Resource Groups Using the clfindres CommandApplying Software Maintenance to an Hacmp Cluster Fallover System a Rejoins Cluster Split-Mirror Backups Backup StrategiesHow to do a split-mirror backup User Management Using Events to Schedule a BackupAdding User Accounts on all Cluster Nodes Listing Users On All Cluster NodesRemoving Users from a Cluster Changing Attributes of Users in a ClusterSpoc Log Managing Group AccountsIBM Certification Study Guide AIX Hacmp High Availability Control Workstation Hacws Special RS/6000 SP TopicsHardware Requirements 183Software Requirements Configuring the Backup CWSHacws Configuration Install High Availability SoftwareSetup and Test Hacws Kerberos Security Ambrose Bierce, The Enlarged Devil’s Dictionary Configuring Kerberos Security with Hacmp Version Virtual Shared Disk VSDs VSDs RVSDsSpecial RS/6000 SP Topics Undefined D e Z Recoverable Virtual Shared DiskRsvd Daemons Switch Basics Within Hacmp SP Switch as an Hacmp NetworkEprimary Management Switch FailuresSpecial RS/6000 SP Topics IBM Certification Study Guide AIX Hacmp Hacmp for AIX Classic Hacmp Classic vs. HACMP/ES vs. HanfsHacmp for AIX / Enhanced Scalability 199IBM Risc System Cluster Technology Rsct High Availability for Network File System for AIX Enhanced Cluster SecurityDecision Criteria Similarities and DifferencesHacmp Classic vs. HACMP/ES vs. Hanfs IBM Certification Study Guide AIX Hacmp 205 Appendix A. Special NoticesSP1 Special Notices IBM Certification Study Guide AIX Hacmp International Technical Support Organization Publications Appendix B. Related PublicationsRedbooks on CD-ROMs 209Other Publications How IBM Employees Can Get Itso Redbooks How to Get Itso Redbooks211 Ibmmail How Customers Can Get Itso Redbooks213 IBM Redbook Order FormIBM Certification Study Guide AIX Hacmp 215 List of AbbreviationsNetbios 217 Index SymbolsHACMP/ES NIS 219Vgda Vgsa 221 Itso Redbook EvaluationIBM Certification Study Guide AIX Hacmp SG24-5131-00