HP StorageWorks Clustered File System 3.6.1 Windows Storage Server Edition administration guide (AG515 - 96007, August 2008)
Chapter 4: Cluster Administration 24
•If a .matrixrc file exists, the user credentials specified in the file for the
selected server are used.
• If there is not a .matrixrc file or the file does not include user
credentials, the credentials provided by single sign-on semantics are
used.
• If single sign-on fails, the user is prompted for a user name and
password.
Authentication Considerations
You should be aware of the following recommendations and guidelines:
• We recommend that single sign-on be used to authenticate users.
When users connect to the HP Management Console, they can use the
“As User” feature to log in as another user if necessary. On the
command line, the Windows runas command can be used to become a
administrative user before running the HP Management Console or
cluster commands.
• By default, the machine local Administrators group has full cluster
rights and can perform all cluster operations. You can use the Role-
Based Security feature to create administrative roles that allow or
deny other users and groups the ability to perform specific cluster
operations.
• If the Management Console or cluster commands will be run from a
machine that is not in the domain (or trusted domain), single sign-on
cannot be used to authenticate the users of that machine. Instead, you
will need to create a .matrixrc file containing the authentication
information. You can use the HP Management Console bookmarks
feature, described later, to do this.
• Including user names and passwords manually in the .matrixrc file can
be a security issue if the passwords are in clear text. HP Clustered File
System provides a utility (the mxgenpass command) that can be used
to generate encrypted passwords. When the HP Management Console
bookmarks feature is used to generate the .matrixrc file, password are
automatically encrypted, or can optionally be omitted from the file.