Manualshelf

Serviceguard Manager Version A.04.00 Release Notes, June 2004

ManualsBrandsHP ManualsSoftwareHP Serviceguard Manager Software
31323334353637383940
Serviceguard Manager Version A.04.00 Release Notes
Installing and Running Serviceguard Manager
Chapter 1 35
Logins, roles and security, Version A.11.15 and earlier:
If you are an experienced Serviceguard user, you may think there is a
similarity between the command-line user’s cmviewcl command and the
way Serviceguard Manager user gets information about remote clusters
with Serviceguard version A.11.15 and earlier. Using Serviceguard
Manager, certain users can also relay the most common administrative
commands to these Serviceguard clusters, and the effect seems the same
as logging into the node and issuing the command on the command line.
Please notice, however, that the permissions and access mechanisms are
not the same. In version A.11.15 and earlier, the Serviceguard Manager
user’s permissions depend on his login to the Session Server, not the
cluster node. It is the Session Server that interacts with the cluster
nodes on the user’s behalf, through the Cluster Object Manager, a
Serviceguard API.
A Serviceguard Manager user does not need to directly access target
nodes to do configuration of Serviceguard version 11.16. Users can log
into a Session Server as any user. However, before the user can configure
any object they see in the map or tree they must give a root password for
at least one of the cluster nodes.
If the target node has version A.11.15 or earlier, the Session Server node
must always use user= root to access it. The recommended access
mechanism is to include the Session Server name or IP address in the
target nodes’ cmclnodelist file. A less secure way is to include the
Session Server node in a target node’s .rhosts file. Listing in
cmclnodelist allows contact to Serviceguard alone; a listing in .rhosts
grants wider access.
If the user is logged in as root to a Session Server node with version
A.11.15 or earlier, the Session Server node will also display certain
common administrative commands in the menu. The Session Server
relays these commands to the clusters in the session for the users.
If you are updating from an earlier version, think about permissions on
your HP-UX nodes with Serviceguard Version A.11.13, A.11.14, and
A.11.15. Any person who can log in to that node as root may be able to do
administrative commands on any cluster objects on that node’s subnets.
If you do not want access, you can limit the root logins on that node, or
limit that node’s access to particular clusters on its subnets.