Computer Drive User Manual
Table Of Contents
- Chapter 1. HPSS 7.1 Configuration Overview
- Chapter 2. Security and System Access
- Chapter 3. Using SSM
- 3.1. The SSM System Manager
- 3.2. Quick Startup of hpssgui
- 3.3. Configuration and Startup of hpssgui and hpssadm
- 3.4. Multiple SSM Sessions
- 3.5. SSM Window Conventions
- 3.6. Common Window Elements
- 3.7. Help Menu Overview
- 3.8. Monitor, Operations and Configure Menus Overview
- 3.9. SSM Specific Windows
- 3.10. SSM List Preferences
- Chapter 4. Global & Subsystem Configuration
- 4.1. Global Configuration Window
- 4.2. Storage Subsystems
- 4.2.1. Subsystems List Window
- 4.2.2. Creating a New Storage Subsystem
- 4.2.3. Storage Subsystem Configuration Window
- 4.2.3.1. Create Storage Subsystem Metadata
- 4.2.3.2. Create Storage Subsystem Configuration
- 4.2.3.3. Create Storage Subsystem Servers
- 4.2.3.4. Assign a Gatekeeper if Required
- 4.2.3.5. Assign Storage Resources to the Storage Subsystem
- 4.2.3.6. Create Storage Subsystem Fileset and Junction
- 4.2.3.7. Migration and Purge Policy Overrides
- 4.2.3.8. Storage Class Threshold Overrides
- 4.2.4. Modifying a Storage Subsystem
- 4.2.5. Deleting a Storage Subsystem
- Chapter 5. HPSS Servers
- 5.1. Server List
- 5.1. Server Configuration
- 5.1.1. Common Server Configuration
- 5.1.1. Core Server Specific Configuration
- 5.1.2. Gatekeeper Specific Configuration
- 5.1.3. Location Server Additional Configuration
- 5.1.4. Log Client Specific Configuration
- 5.1.1. Log Daemon Specific Configuration
- 5.1.2. Migration/Purge Server (MPS) Specific Configuration
- 5.1.3. Mover Specific Configuration
- 5.1.3.1. Mover Specific Configuration Window
- 5.1.3.1. Additional Mover Configuration
- 5.1.3.1.1. /etc/services, /etc/inetd.conf, and /etc/xinetd.d
- 5.1.3.1.2. The Mover Encryption Key Files
- 5.1.3.1.3. /var/hpss/etc Files Required for Remote Mover
- 5.1.3.1.1. System Configuration Parameters on IRIX, Solaris, and Linux
- 5.1.3.1.1. Setting Up Remote Movers with mkhpss
- 5.1.3.1.2. Mover Configuration to Support Local File Transfer
- 5.1.1. Physical Volume Repository (PVR) Specific Configuration
- 5.1.1. Deleting a Server Configuration
- 5.1. Monitoring Server Information
- 5.1.1. Basic Server Information
- 5.1.1. Specific Server Information
- 5.1.1.1. Core Server Information Window
- 5.1.1.1. Gatekeeper Information Window
- 5.1.1.1. Location Server Information Window
- 5.1.1.2. Migration/Purge Server Information Window
- 5.1.1.3. Mover Information Window
- 5.1.1.1. Physical Volume Library (PVL) Information Window
- 5.1.1.2. Physical Volume Repository (PVR) Information Windows
- 5.1. Real-Time Monitoring (RTM)
- 5.2. Starting HPSS
- 5.1. Stopping HPSS
- 5.2. Server Repair and Reinitialization
- 5.1. Forcing an SSM Connection
- Chapter 6. Storage Configuration
- 6.1. Storage Classes
- 6.2. Storage Hierarchies
- 6.3. Classes of Service
- 6.4. Migration Policies
- 6.5. Purge Policies
- 6.6. File Families
- Chapter 7. Device and Drive Management
- Chapter 8. Volume and Storage Management
- 8.1. Adding Storage Space
- 8.2. Removing Storage Space
- 8.3. Monitoring Storage Space
- 8.4. Dealing with a Space Shortage
- 8.5. Volume Management
- 8.6. Monitoring and Managing Volume Mounts
- 8.7. New Storage Technology Insertion
- Chapter 9. Logging and Status
- Chapter 10. Filesets and Junctions
- Chapter 11. Files, Directories and Objects by SOID
- Chapter 12. Tape Aggregation
- Chapter 13. User Accounts and Accounting
- Chapter 14. User Interfaces
- Chapter 15. Backup and Recovery
- Chapter 16. Management Tools
Keytabs are created for the user by the hpssuser utility when the krb5keytab or unixkeytab
authentication type is specified. Keytabs may also be created manually with the hpss_krb5_keytab or
hpss_unix_keytab utility, as described below.
3.3.2.3.1. Keytabs for Kerberos Authentication: hpss_krb5_keytab
The hpss_krb5_keytab utility may be used to generate a keytab with Kerberos authentication in the
form usable by the hpssadm program. See the hpss_krb5_keytab man page for details.
The Kerberos keytab is interpreted by the KDC of the Kerberos realm specified by the hpssadm utility
(see the -k and -u options on the hpssadm man page). This must be the same Kerberos realm as that
used by the System Manager. This means the hpss_krb5_keytab utility must be executed on a host in
the same realm as the System Manager.
This example for a user named “joe” on host "pegasus" creates a Kerberos keytab file named
“keytab.joe.pegasus”:
% /opt/hpss/bin/hpss_krb5_keytab
HPSS_ROOT is not set; using /opt/hpss
KRB5_INSTALL_PATH is not set; using /krb5
password:
Your keytab is stored at /tmp/keytab.joe.pegasus
Note that under AIX, hpss_krb5_keytab will not write to an NFS-mounted filesystem. That's why the
utility insists on writing the keytab file in /tmp. Once the keytab is generated, it can be copied and used
elsewhere, but care should be taken to keep it secure.
3.3.2.3.2. Keytabs for UNIX Authentication: hpss_unix_keytab
The hpss_unix_keytab utility may be used to generate a keytab with UNIX authentication in the form
usable by the hpssadm program. See the hpss_unix_keytab man page for details.
The UNIX keytab is interpreted on the host on which the System Manager runs, not the host on which the
hpssadm client utility runs. The encrypted password in the keytab must match the encrypted password
in the password file on the System Manager host. Therefore, the hpss_unix_keytab utility must be
executed on the host on which the System Manager runs.
The hpss_unix_keytab utility must be able to read the user's encrypted password from the password file.
If system password files are being used, this means the utility must be executed as root.
This example for a user named “joe” creates a UNIX keytab file named “joe.keytab.unix”:
% /opt/hpss/bin/hpss_unix_keytab -f joe.keytab.unix add joe
This command copies the encrypted password from the password file into the keytab.
Do not use the -r option of the hpss_unix_keytab utility; this places a random password into the keytab
file. Do not use the -p option to specify the password; this encrypts the password specified on the
command line using a different salt than what was used in the password file, so that the result will not
match.
HPSS Management Guide November 2009
Release 7.3 (Revision 1.0) 38