Support User Manuals

IBM HPSS Network Card User Manual

Open as PDF

of 311

• Acquire Kerberos or LDAP software, as needed. See Section 6.2.3: New Authentication and

Authorization Mechanisms on page 182 for a list of valid authentication and authorization

combinations. See Section 5.2: Install Prerequisite Software on page 137 for more

information on obtaining MIT or IBM Kerberos and LDAP.

• Acquire DB2 UDB

• Acquire software to upgrade AIX, if necessary

• Acquire Java software

• Acquire HPSS Release 6.2 distribution images

6.3.3. Install Authentication and Authorization Mechanisms

Select the desired authentication and authorization mechanisms to replace DCE. See Section 6.2.3:

New Authentication and Authorization Mechanisms on page 182 to aid in choosing a mechanism.

See Section 5.2: Install Prerequisite Software on page 137 for more information on installing MIT or

IBM Kerberos or LDAP.

Unix Authentication and Authorization

If Unix is selected for the authentication and authorization method, no special instructions are

required for this step.

Install and Configure Kerberos

•

Kerberos must be installed in order to successfully compile and use the PFTP client with

HPSS 6.2.

•

This step can be performed while the HPSS 4.5 or 5.1 system is running.

Configuration of Kerberos will not be covered in this document, as converting principals and groups

from DCE into Kerberos is handled outside of the conversion process. If Kerberos authentication is

selected, the site is responsible for ensuring that DCE account information (principal, group,

password) is transferred into Kerberos by their own means.

Install and Configure LDAP

The steps in this section can be performed while the HPSS 4.5 or 5.1 system is running.

LDAP requires 400MB free space in /opt/IBM/ldap/V6.0. To install LDAP, untar the LDAP release

file (e.g. itds60-aix-ppc-native.tar). After the LDAP code is extracted, use smitty or the software

installation tool of choice to install the code/packages. The steps described below will assist a site

with setting up LDAP with simple authentication rather than with Kerberos authentication.

5. Ensure the ldap user and ldap group exist. Create the hpssldap user and add to the HPSS DB2

INSTANCE_OWNER group (e.g. hpssdb). Ensure root is in the instance owner group as

well. Perform a login command after creating the hpssldap user to initialize the password for

the new user.

6. Add the db2profile lines to the new LDAP instance owner’s .profile or .cshrc. See the HPSS

instance owner’s .profile for an example. Ensure the db2profile is sourced for the LDAP

HPSS Installation Guide July 2008

Release 6.2 (Revision 2.0) 191

previous next