obtained from the foreign site's administrator. An example would be:
"ldap://theirldapserver.foreign.com/cn=FOREIGNREALM.FOREIGN.COM"
• Deleting a trusted foreign realm
To delete an entry for a trusted foreign realm, use the following hpss_ldap_admin command:
trealm delete [-id <realmID>] [-name <realmName>]
Any of the arguments listed can be supplied to select the trusted realm entry that will be deleted.
2.2. HPSS Server Security ACLs
Beginning with release 6.2, HPSS uses a table of access control information stored in the DB2
configuration database to control access to HPSS servers. This is the AUTHZACL table. HPSS
software uses the configured authentication mechanism (e.g. Kerberos) to determine a caller's identity via
credentials provided by the caller, then uses the configured authorization mechanism to retrieve the
details of the caller that determine the access granted. Once the identity and authorization information
have been obtained, each HPSS server grants or denies the caller's request based on the access control list
information stored in the database.
The default ACLs for each type of server are as follows:
Core Server:
r—-c--- user ${HPSS_PRINCIPAL_FTPD}
rw—c--- user ${HPSS_PRINCIPAL_DMG}
rw-c-dt user ${HPSS_PRINCIPAL_MPS}
r--c--- user ${HPSS_PRINCIPAL_NFSD}
rw-c-d- user ${HPSS_PRINCIPAL_SSM}
r--c--- user ${HPSS_PRINCIPAL_FS}
------t any_other
Gatekeeper:
rw----- user ${HPSS_PRINCIPAL_CORE}
rw-c--- user ${HPSS_PRINCIPAL_SSM}
r-----t any_other
Location Server:
r--c--t user ${HPSS_PRINCIPAL_SSM}
r-----t any_other
Mover:
rw-c--t user ${HPSS_PRINCIPAL_SSM}
r-----t any_other
PVL:
rw---dt user ${HPSS_PRINCIPAL_CORE}
HPSS Management Guide November 2009
Release 7.3 (Revision 1.0) 25