IBM RELEASE 7.3 Computer Drive User Manual


 
· When you have decided on the hpssgui command line that is best for your installation, it will
probably be useful to put the command in a shell script for the convenience of all SSM
Administrators and Operators. For example, create a file called “gui” and put the following
in it:
/opt/hpss/bin/hpssgui.pl \
-m /my_directory/my_ssm.conf \
-d \
-S /tmp/hpssguiSessionLog.$(whoami)
Please refer to the hpssgui man page for an extensive list of command line options. For
example, some sites prefer to set the date format to a USA military format using the -D
“kk:mm:ss dd-MMM-yyyy” option. Additionally, Section 3.3.3: SSM Configuration File below
provides a table of variables you can set in the SSM configuration file instead of using command
line options; this section also covers all the various files that the hpssgui script uses.
3.3. Configuration and Startup of hpssgui and hpssadm
This section describes in detail the procedures for configuring SSM and creating an SSM user account
with the proper permissions to start up an hpssgui or hpssadm session. It also explains how to install
the SSM client on the user's desktop (the recommended configuration for hpssgui) and how to deal with
special situations such as firewalls.
In the discussion that follows, authentication ensures that a user is who they claim to be relative to the
system. Authorization defines the user's rights and permissions within the system.
Like other components of HPSS, SSM authenticates its users by using either Kerberos or UNIX. Users
of the hpssgui and hpssadm utilities are authenticated to SSM by either a Kerberos principal and a
password or by a UNIX username and a password. The System Manager must be configured to use the
appropriate authentication and a Kerberos principal or UNIX user account must be created for each SSM
user.
Unlike other components of HPSS, SSM does not use LDAP or UNIX to authorize its users. SSM users
are authenticated based on their entries in the HPSS DB2 AUTHZACL table. Through this table, SSM
supports two levels of SSM client authorization:
admin This security level is normally assigned to an HPSS administrator. The admin
user can view all SSM windows and perform all control functions provided by
SSM.
operator This security level is normally assigned to an HPSS operator. The operator user
can view most SSM windows and perform all SSM control functions except for
changing the HPSS configuration.
Configuration of an SSM user requires that:
1. The System Manager is configured to accept the desired authentication mechanism.
2. The proper user accounts are created:
UNIX or Kerberos accounts are created for the user authentication.
HPSS Management Guide November 2009
Release 7.3 (Revision 1.0) 34