10-09-2008 06:51 AM
Hi All,
How do I check if the VCS cluster is running in secure mode?
Is the ${HOME}/.vcspwd file still used for non-root user in secure cluster?
I am using VCS Solaris 5.0.
Thanks in advance!
11-24-2008 12:46 AM
Hi Michelle,
Type the following command:
# /opt/VRTSvcs/bin/haclus -value SecureClus
A value of one (1) indicates the cluster is running in secure mode.
Thanks,
Tejas
11-24-2008 09:49 AM
Thank you, Tejas.
However haclus can not be executed by users who are not logged into VCS. Any more common methods applyable to any non-root users?
Thanks,
Michelle
11-24-2008 07:13 PM
VCS has 2 ways it can be installed in regards to Authentication. One is by using VCS username/passwords that are stored in the main.cf file (passwords encrypted, of course).
The other way is VCS using the Symantec Product Authentication Service (abbreviated SPAS; now that's good marketing), which was previously known as VxSS (Veritas Security Services). This allows for VCS to use authentication that's integrated to some form of LDAP or other security model (AD, NIS, NIS+, passwd files, etc) In other words: single-sign on. You are already logged into the system, so you can already run VCS commands because you've done the Authentication part (VCS still handles the Authorization: i.e. what you are allowed to do).
If you are interested in this, there is a bunch of documentation on this, including some Symantec Yellow Books on the topic of Authentication and Authorization. I think most of the examples target NetBackup, but the concept is still similar (and NBU is more complicated than VCS in this regards anyways). Check here: http://www.symantec.com/business/theme.jsp?themeid=yellowbooks
Note that this second method is definitely a bit of an investment in time, and adds some amount of complexity to the environment.