hpss_ldap_import to convert DCE authorization information into LDAP.
•
Kerberos authentication and Unix authorization. In this case, the site determines on its own
how to convert DCE authentication information into Kerberos. The site will then use
hpss_unix_import to convert DCE authorization information into Unix. Depending on
environment variables, the hpss_unix_import program may import authentication information
(i.e. Create a password for the Unix user) into Unix. The site could manually reset or remove
the password from the converted Unix accounts if this is an issue after running the
hpss_unix_import program.
6.2.3.1. Authentication Mechanisms
A site may select between Unix or Kerberos authentication. Some pros and cons of each are listed
below.
Unix:
•
Cross cell authentication is not supported.
•
Can choose to use either system password or HPSS password file.
•
Can degrade performance as the number of HPSS users increases due to sequential seeking
through password file.
•
Encryption is performed using Unix encrypt function.
•
HPSS servers/processes utilize Unix keytab file.
•
Can use LDAP or Unix as authorization mechanism.
•
The hpss_dce_export and hpss_unix_import utilities are provided to convert DCE
authentication information.
Kerberos:
•
Cross cell authentication information is not converted; thus, not covered in this document.
•
Using an institutional Kerberos server can complicate conversion if UID conflicts exists
between current DCE principals or groups and existing Kerberos principals or groups.
•
Uses underlying Kerberos encryption algorithms.
•
HPSS servers/processes utilize Kerberos keytab file.
•
Requires LDAP as authorization mechanism; Unix authorization not supported.
•
No utilities are provided to convert DCE information to Kerberos. Site are required to perform
the conversion from DCE on their own.
6.2.3.2. Authorization Mechanisms
A site may select between Unix or LDAP authorization. Some pros and cons of each are listed
below.
Unix:
•
Can degrade performance as the number of HPSS users increases due to sequential seeking
through password file.
•
Easier to setup and manage than LDAP.
HPSS Installation Guide
July 2008
Release 6.2 (Revision 2.0)
183
Summary of Contents for High Performance Storage System HPSS
Page 34: ...HPSS Installation Guide July 2008 Release 6 2 Revision 2 0 34...
Page 50: ...HPSS Installation Guide July 2008 Release 6 2 Revision 2 0 50...
Page 118: ...HPSS Installation Guide July 2008 Release 6 2 Revision 2 0 118...
Page 134: ...HPSS Installation Guide July 2008 Release 6 2 Revision 2 0 134...
Page 156: ...HPSS Installation Guide July 2008 Release 6 2 Revision 2 0 156...
Page 178: ...HPSS Installation Guide July 2008 Release 6 2 Revision 2 0 178...
Page 244: ...HPSS Installation Guide July 2008 Release 6 2 Revision 2 0 244...
Page 255: ...HPSS Installation Guide July 2008 Release 6 2 Revision 2 0 255...
Page 292: ...HPSS Installation Guide July 2008 Release 6 2 Revision 2 0 292...