Managing HP Serviceguard for Linux, Sixth Edition, August 2006
Building an HA Cluster Configuration
Preparing Your Systems
Chapter 5132
# Policy 3
USER_NAME ANY_USER
USER_HOST ANY_SERVICEGUARD_NODE
USER_ROLE MONITOR
In the above example, the configuration will fail because user john is
assigned two roles. Policy 2 is also redundant because PACKAGE_ADMIN
already includes the role MONITOR.
Policy 3 does not conflict with either policy even though ANY_USER on
ANY_SERVICEGUARD_NODE includes user john.
Plan the clusters roles and validate them as soon as possible. Depending
on the organization's security policy, it may be easiest to create group
logins. For example, you could create a MONITOR role for user operator1
from ANY_CLUSTER_NODE. Then you could give this login name and
password to everyone who will need to monitor your clusters.
Use caution when defining access to ANY_SERVICEGUARD_NODE. This will
allow access from any node on the subnet.