o /opt/hpss/lib/libhpssunixauth.so
o /opt/hpss/lib/libhpssldapauthz.so
• If the code is installed in a non-standard location (not /opt/hpss), update the paths in auth.conf and
authz.conf to use the correct location.
If using kerberos authentication, modify the /etc/krb5.conf file on the client machine to list both Core
Server in the 'realms' and 'domain_realm' sections.
Example:
default = FILE:/var/hpss/log/krb5libs.log
kdc = FILE:/var/hpss/log/krb5kdc.log
admin_server = FILE:/var/hpss/log/kadmind.log
[libdefaults]
ticket_lifetime = 24000
default_realm = <all caps - fully qualified hostname>
default_keytab_name = /etc/v5srvtab
default_tkt_enctypes = des-cbc-crc
default_tgs_enctypes = des-cbc-crc
[realms]
<all caps - fully qualified hostname> = {
kdc = <fully qualified hostname>:88
admin_server = abilene.clearlake.ibm.com:749
}
[domain_realm]
<fully qualified hostname> = <all caps – fully qualified
hostname>
There must be a user named 'hpssfs' on the client machine and hpssfs's ‘uid’ and ‘gid’ must match the
hpssfs's ‘uid’ and ‘gid’ on the Core Server machine.
Lastly, verify the client API functions properly by checking operations using an API based tool/program.
14.3.3.5. Other System Configuration Details
Check for time clock skew between the client and server machines. Sites should use the Network Time
Protocol tool or equivalent utility to keep the HPSS server and client machines time synced. A time skew
of 2 minutes or more will cause HPSS to refuse IO requests.
If necessary, update /etc/hosts so that the IP address of the client machine is mapped to the client
hostname
127.0.0.1 localhost.localdomain localhost
<X.X.X.X> <fully qualified hostname> <short hostname>
HPSS Management Guide November 2009
Release 7.3 (Revision 1.0) 350