Manualshelf

Managing Systems and Workgroups: A Guide for HP-UX System Administrators

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1.6 Technical Computing (TCOE) LTU
811812813814815816817818819820
Administering a System: Managing System Security
Configuring NFS Diskless Clusters for Trusted Systems
Chapter 8 811
Converting a Trusted Standalone System to Trusted Cluster
You create the cluster using the Cluster Configuration area of SAM.
When you add the first client, specify “private” for the password policy.
SAM will add the client as a nontrusted system. You can then boot the
client and convert the client to trusted status using the same procedure
as in the previous case.
Choice 2: Clusters with Shared Password Databases
In this configuration, user security features (such as passwords, login
restriction times, and password expiration parameters) are shared
across the entire cluster. Terminal restrictions are private to each
member of the cluster. A cluster with shared password databases must
consist of all Trusted Systems or all nontrusted systems. No mixing of
the two is allowed. Administration of user security features can be done
from any node in the cluster. The change will then be visible to all nodes
in the cluster. Administration of terminal restrictions must be done on
the cluster node where the change is desired.
As in the private password database case, there are two possible routes
that may be taken in creating a trusted cluster.
In the steps that follow, the following names are defined for the example:
CL_NAME The name of the client being added.
CL_NAME.FULLY.QUALIFIED The fully qualified name of the client.
SV_NAME The server’s name.
SV_NAME.FULLY.QUALIFIED The fully qualified name of the server.
Converting Nontrusted Cluster to Trusted Cluster
During the conversion process, all clients should be logged off and
shutdown. All the steps are performed from the server, except for booting
the clients at the end.
1. Create new directories on each client by executing the following
command sequence:
mkdir /export/private_roots/CL_NAME/.secure
chgrp sys /export/private_roots/CL_NAME/.secure
chmod 500 /export/private_roots/CL_NAME/.secure
mkdir /export/private_roots/CL_NAME/.secure/etc
chgrp sys /export/private_roots/CL_NAME/.secure/etc