Table of Contents
Advertisement
Chapter 5
HPSS Infrastructure Configuration
For each entry in /krb5/hpssclient.keytab do:
% dcecp -c keytab add \
where <entry_name> refers to an entry in the keytab file; e.g., hpss_ssm, and
$HPSS_CDS_HOST refers to the CDS machine host name; e.g., hydra.
3. See the discussion immediately following this step! Propagate the resulting keytab files to
every HPSS server machine. Note that the most secure mechanism for performing this is
"footnet". If FTP is used, be sure to specify the "bin" option. The keytab files on every
HPSS system should have the following ownership and permissions set:
/krb5/hpss.keytabs
/krb5/hpssclient.keytab
It is strongly recommended that both keytab files be generated on a single HPSS server machine
and securely propagated to every other HPSS server machine; however, a customer may prefer to
create appropriate keytab files which contain only the entries required for a specific HPSS server
machine. This, however, is strongly discouraged because it can create a "Catch 22" condition in
which the encryption keys on one or more HPSS systems cannot be set to match the keys stored in
the DCE Registry!
If a customized keytab file is used on every different HPSS server system, steps 1 and 2 above must
be performed on each system.
If the key for a server on one machine is changed, do not change the key on another machine since
this will de-synchronize the entry on the first system changed!
248
-random \
-registry
/.:/hosts/$HPSS-CDS_HOST/config/keytab/hpssclient.keytab \
-member <entry_name> \
-random \
-registry
September 2002
hpss hpss
rw- rw- ---
hpss hpss
rw- rw- ---
HPSS Installation Guide
Release 4.5, Revision 2
Advertisement
Table of Contents
