Manualshelf

Managing HP Serviceguard for Linux, Seventh Edition, July 2007

ManualsBrandsHP ManualsSoftwareHP Serviceguard for Linux ProLiant Cluster
141142143144145146147148149150
Building an HA Cluster Configuration
Preparing Your Systems
Chapter 5144
Username Validation
Serviceguard relies on the identd daemon (usually started from
/etc/init.d/xinetd) to verify the username of the incoming network
connection. If the Serviceguard daemon is unable to connect to the
identd daemon, permission will be denied. For Serviceguard to recognize
a remote user as the root user on that remote node, identd must return
the username root. Because identd returns the username for the first
match on UID 0, this means the entry for the root user in /etc/passwd
on each node must come before any other entry with a UID of 0.
If You Need to Disable identd
You can configure Serviceguard not to use identd.
CAUTION This is not recommended. Consult the white paper Securing
Serviceguard at http://docs.hp.com -> High Availability ->
Serviceguard -> White Papers for more information.
If you must disable identd, do the following on each node after installing
Serviceguard but before each node re-joins the cluster (e.g. before issuing
a cmrunnode or cmruncl).
For Red Hat and SUSE:
1. Change the server_args parameter in the file
/etc/xinetd.d/hacl-cfg
from:
server_args = -c
to
server_args = -c -i
2. Change the server_args parameter in the
/etc/xinetd.d/hacl-probe file to include the -i
For SUSE this would be changed from:
server_args = -f /opt/cmom/log/cmomd.log -r /opt/cmom/run
to
server_args = -i -f /opt/cmom/log/cmomd.log -r
/opt/cmom/run
For Red Hat this would be changed from: