hpss_ldap_import to convert DCE authorization information into LDAP.
Kerberos authentication and Unix authorization. In this case, the site determines on its own
•
how to convert DCE authentication information into Kerberos. The site will then use
hpss_unix_import to convert DCE authorization information into Unix. Depending on
environment variables, the hpss_unix_import program may import authentication information
(i.e. Create a password for the Unix user) into Unix. The site could manually reset or remove
the password from the converted Unix accounts if this is an issue after running the
hpss_unix_import program.
6.2.3.1. Authentication Mechanisms
A site may select between Unix or Kerberos authentication. Some pros and cons of each are listed
below.
Unix:
Cross cell authentication is not supported.
•
Can choose to use either system password or HPSS password file.
•
Can degrade performance as the number of HPSS users increases due to sequential seeking
•
through password file.
Encryption is performed using Unix encrypt function.
•
HPSS servers/processes utilize Unix keytab file.
•
Can use LDAP or Unix as authorization mechanism.
•
The hpss_dce_export and hpss_unix_import utilities are provided to convert DCE
•
authentication information.
Kerberos:
Cross cell authentication information is not converted; thus, not covered in this document.
•
Using an institutional Kerberos server can complicate conversion if UID conflicts exists
•
between current DCE principals or groups and existing Kerberos principals or groups.
Uses underlying Kerberos encryption algorithms.
•
HPSS servers/processes utilize Kerberos keytab file.
•
Requires LDAP as authorization mechanism; Unix authorization not supported.
•
No utilities are provided to convert DCE information to Kerberos. Site are required to perform
•
the conversion from DCE on their own.
6.2.3.2. Authorization Mechanisms
A site may select between Unix or LDAP authorization. Some pros and cons of each are listed
below.
Unix:
Can degrade performance as the number of HPSS users increases due to sequential seeking
•
through password file.
Easier to setup and manage than LDAP.
•
HPSS Installation Guide
Release 6.2 (Revision 2.0)
July 2008
183
Need help?
Do you have a question about the High Performance Storage System HPSS and is the answer not in the manual?