Manualshelf

HP-UX AAA Server A.08.02.10 Administrator's Guide HP-UX 11i v3 (T1428-90093, November 2013)

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software
41424344454647484950
NOTE: Before starting and stopping the Remote Method Invocation (RMI) server, the
JAVA_HOME environment variable must be set to appropriate path. For example, to use
Java7, export JAVA_HOME to the /opt/java7 path. If the JAVA_HOME environment variable
is not set or set incorrectly, the default value /opt/java6 is used to start and stop the RMI
Server.
3. Use the following command to start the RMI objects as the aaa user:
$ su - aaa -c /opt/aaa/remotecontrol/rmistart.sh
4. Use the following command to start Tomcat as the www user:
$ su - www -c "export JAVA_HOME=/opt/java6; /opt/hpws22/tomcat/bin/startup.sh"
5. Point your web browser to:
http://<hostname>:8081/aaa
NOTE: Any log files created when the HP-UX AAA server was running as the root user will not
be accessible after performing this procedure. To view these logfiles, change the ownership to
match the UID of when the log files were created. For more information, see the chown manpage
for more information.
Setting Up the HP-UX AAA Server to Start as Non-Root User After Reboot
Complete the following steps to set up the HP-UX AAA Server to start as non-root user after reboot:
1. Set the RADIUSD variable to 1 in the /etc/rc.config.d/radiusd.conf file.
2. Open the /sbin/init.d/radiusd.rc file and look for the following entry:
DAEMONNM=radiusd
CONFFILE=$AAAPATH/clients
DAEMONEXE=/opt/aaa/bin/${DAEMONNM}
3. Change the DAEMONEXE line to set radiusd to start as the aaa user after reboot:
Change:
DAEMONEXE=/opt/aaa/bin/${DAEMONNM}
To:
DAEMONEXE=/usr/bin/su - aaa -c /opt/aaa/bin/${DAEMONNM}
4. Look for the following entry:
echo "$DAEMONNM started with <$retval>"
if [[ -x /opt/aaa/remotecontrol/rmistart.sh ]];
then
/usr/bin/nohup /opt/aaa/remotecontrol/rmistart.sh >/dev/null 2>&1
fi
5. Change the then statement to start the RMI objects as the aaa user after reboot:
Change:
if [[ -x /opt/aaa/remotecontrol/rmistart.sh ]];
then
/usr/bin/nohup /opt/aaa/remotecontrol/rmistart.sh
>/dev/null 2>&1
fi
To:
if [[ -x /opt/aaa/remotecontrol/rmistart.sh ]];
then
/usr/bin/nohup /usr/bin/su - aaa -c
/opt/aaa/remotecontrol/rmistart.sh >/dev/null 2>&1
fi
6. Look for the following entry:
Securing the HP-UX AAA Server 47