Managing Systems and Workgroups: A Guide for HP-UX System Administrators

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1.6 Technical Computing (TCOE) LTU

811

812

813

814

815

816

817

818

819

820

Administering a System: Managing System Security

Conﬁguring NFS Diskless Clusters for Trusted Systems

Chapter 8 813

Converting Trusted Standalone System to Trusted Cluster

These instructions must be followed for each client that is added to the

cluster. All of these instructions except for booting the client are to be

performed on the cluster server. These instructions also assume the

standalone system has already been converted to a Trusted System.

1. Use the Cluster Configuration area of SAM to add a client. If this

is the ﬁrst client to be added, specify “shared” for the password

policy before adding the client. Do not boot the client until told to do

so at the end of these instructions.

2. Add the following line to the /etc/exports ﬁle on the server:

/tcb/files/auth -root=CL_NAME.FULLY.QUALIFIED

If you are adding a second or later client, modify the existing line to

add the new client:

/tcb/files/auth -root=CL_NAME1.FULLY.QUALIFIED:CL_NAME2.FULLY.QUALIFIED

3. After modifying the exports ﬁle, execute the following command:

exportfs -a

4. Add the following line to the client’s fstab ﬁle. The path name of this

ﬁle on the server is /export/private_roots/CL_NAME/etc/fstab.

SV_NAME.FULLY.QUALIFIED:/tcb/files/auth /tcb/files/auth nfs rw,hard 0 0

5. Execute the following command sequence:

mkdir /export/private_roots/CL_NAME/.secure

chgrp sys /export/private_roots/CL_NAME/.secure

chmod 500 /export/private_roots/CL_NAME/.secure

mkdir /export/private_roots/CL_NAME/.secure/etc

chgrp sys /export/private_roots/CL_NAME/.secure/etc

chmod 500 /export/private_roots/CL_NAME/.secure/etc

mkdir /export/private_roots/CL_NAME/tcb

chgrp sys /export/private_roots/CL_NAME/tcb

chmod 555 /export/private_roots/CL_NAME/tcb

mkdir /export/private_roots/CL_NAME/tcb/files|chgrp sys

/export/private_roots/CL_NAME/tcb/files

chmod 771 /export/private_roots/CL_NAME/tcb/files

mkdir /export/private_roots/CL_NAME/tcb/files/auth

chgrp sys /export/private_roots/CL_NAME/tcb/files/auth

chmod 771 /export/private_roots/CL_NAME/tcb/files/auth

cp /usr/newconfig/tcb/files/ttys \

/export/private_roots/CL_NAME/tcb/files/ttys

chgrp sys /export/private_roots/CL_NAME/tcb/files/ttys