out of the hpssGECOS field, it does not exist in UNIX. It only exists in LDAP.
The metadata for each file and directory in an HPSS system contains an Account field, which
determines how the storage will be charged. Each user has at least one default account index, which
is put into the Account field of all new files and directories .
When using UNIX-style accounting, the account index is the user's UID. When the user's UID is
combined with the user's Realm Id, a unique Account is created.
When using Site-style accounting, each user may have more than one account index, and may switch
among them at runtime.
Each site must decide whether it wishes to validate Accounts. However, when using UNIX-style
accounting no authorization checking need be done since the account is always the user's UID.
If Account Validation is enabled, additional authorization checks are performed when the following
events occur: when files and directories are created, when their ownership is changed, when their
account index is changed, or when a user attempts to use an account index other than their default. If
the authorization check fails, the operation fails with a permission error.
Using Account Validation is highly recommended for sites that will be accessing remote HPSS
systems. The use of Account Validation will help keep account indexes consistent. If remote sites
are not being accessed, Account Validation is still recommended as a mechanism to keep consistent
accounting information.
If UNIX-style accounting is used, at least one Gatekeeper must be configured .
For Site-style accounting, an Account Validation metadata file must be created, populated and
maintained with valid user account indexes. See the Account Validation Editor (hpss_avaledit)
manual page for details on the use of the Account Validation Editor.
If the Require Default Account field is enabled when using Site-style accounting and Account
Validation, users are required to have valid default account indexes before performing almost any
client API action. If the Require Default Account field is disabled (which is the default behavior)
users will only be required to have a valid account set when performing an operation which requires
an account to be validated such as a create, an account change operation, or an ownership change
operation.
When using Site-style accounting with Account Validation, if the Account Inheritance field is
enabled, newly created files and directories will automatically inherit their account index from their
parent directory. The account indexes can then be changed explicitly by users. This is useful when
individual users have not had default accounts set up for them or if entire directory trees need to be
charged to the same account. When Account Inheritance is disabled (which is the default) newly
created files and directories will obtain their account from the user's current session account, which is
initially set to the user's default account index. This default account index may be changed by the
user during the session.
A site may decide to customize the way they do accounting. In most cases these sites should enable
Account Validation with Site-style accounting and then implement their own site policy module
which will be linked with the Gatekeeper. See Section 3.7.3: Gatekeeper on page 84 as well as the
appropriate sections of the HPSS Programmers Reference for more information.
By default Account Validation is disabled (bypassed). If it is disabled, the style of accounting is
determined by looking up each user's hpssGECOS account information in the authorization registry.
The following instructions describe how to set up users in this case.
If a users have their default account index encoded in a string of the form AA=<default-acct-idx> in
HPSS Installation Guide July 2008
Release 6.2 (Revision 2.0) 97