Configuring The System Manager Authentication For Ssm Clients; Creating The Ssm User Accounts; The Hpssuser Utility - IBM RELEASE 7.3 Management Manual

The proper authorization entries for the user are created in the AUTHZACL table.
•
3. The proper SSM configuration files are created and installed.
See Section 3.3.1: Configuring the System Manager Authentication for SSM Clients, Section 3.3.2:
Creating the SSM User Accounts, and Section 3.3.3: SSM Configuration File for the procedures for these
tasks.
See Section 3.3.4: SSM Help Files (Optiona on page 42, for instructions on installing the SSM help
package.
See Section 3.3.5: SSM Desktop Client Packaging on page 42, for instructions for installing hpssgui or
hpssadm on the user's desktop.
See Section 3.3.6: Using SSM Through a Firewall on page 44 for advice about using hpssgui or
hpssadm through a network firewall.

3.3.1. Configuring the System Manager Authentication for SSM Clients

The System Manager is configured initially by mkhpss for new HPSS systems or by the conversion
utilities for upgraded HPSS systems to use the proper authentication mechanism.
If it is necessary later to modify the authentication mechanism for hpssgui or hpssadm users, or to add
an additional mechanism, bring up the Servers window, select the System Manager, and press the
Configure button. On the System Manager Configuration window, select the Interface Controls tab. For
the SSM Client Interface, make certain the checkbox for the desired Authentication Mechanism, KRB5
or UNIX, is selected. Both mechanisms may be enabled if desired.
Next, select the Security Controls tab. If Kerberos authentication is desired, make certain one of the
Authentication Service Configurations is set to use a Mechanism of KRB5, an Authenticator Type of
Keytab, and a valid keytab file name for Authenticator (default is /var/hpss/etc/hpss.keytab). If UNIX
authentication is desired, make certain one of the Authentication Service Configurations is set to use a
Mechanism of UNIX, an Authenticator Type of None, and no Authenticator.
To remove an authentication mechanism from the System Manager, so that no SSM user may be
authenticated using that mechanism, reverse the above process. Unselect the mechanism to be removed
from the SSM Client Interface on the Interface Controls tab. On the Security Controls tab, change the
Mechanism and Authenticator Type fields of the mechanism to be removed to Not Configured, and
change its Authenticator to blank.
See Section 5.1.1.2: Interface Controls on page 92, and Section 5.1.1.1: Security Controls on page 92, for
more information.

3.3.2. Creating the SSM User Accounts

3.3.2.1. The hpssuser Utility

The hpssuser utility is the preferred method for creating, modifying or deleting SSM users. It creates the
necessary UNIX or Kerberos accounts. It creates an entry in the AUTHZACL table for the user with the
proper authorization.
The following is an example of using the hpssuser utility to provide administrative access to SSM to
user 'john'. In this example, the user already has either a UNIX or Kerberos account.
HPSS Management Guide November 2009
Release 7.3 (Revision 1.0) 35