beautypg.com

The mover encryption key files – IBM RELEASE 7.3 User Manual

Page 105

background image

This will cause inetd to run the executable /opt/hpss/bin/hpss_mvr_tcp under the root user ID when a
connection is detected on port 5002. The Mover process uses the /var/hpss/etc/mvr_ek file to read the
encryption key that will be used to authenticate all connections made to this Mover.

After modifying the /etc/inetd.conf file, be sure to refresh the inetd daemon using the following
commands:

% ps -ef | grep inetd
root 6450 3154 0 Apr 29 - 0:02 /usr/sbin/inetd
hpss 17852 59370 2 16:50:25 pts/18 0:00 grep inetd
% kill -1 6450

For Linux systems

A file must be added to the /etc/xinetd.d directory which defines which program to run and the arguments
to use when a connection is detected. The file will be given the same name as the service name specified
for this Mover in /etc/services. For example, for the /etc/services entry added above, the corresponding
file /etc/xinetd.d/hpss_mvr1 would be created with the following contents:

service hpss_mvr1
{

disable

= no

socket_type

= stream

protocol

= tcp

wait

= no

port

= 5002

user

= root

server

= /opt/hpss/bin/hpss_mvr_tcp

server_args

= /var/hpss/etc/mvr_ek

}

The specified port will be one greater than the port listed as the TCP Listen Port in the Mover’s type
specific configuration. For example, the port value in the example corresponds to a Mover with a TCP
Listen Port value of 5001.

This will cause inetd to run the executable /opt/hpss/bin/hpss_mvr_tcp under the root user ID when a
connection is detected on port 5002. The Mover process will use the /var/hpss/etc/mvr_ek file to read the
encryption key that will be used to authenticate all connections made to this Mover.

After modifying the file in /etc/xinetd.d, be sure to refresh xinetd daemon using the following commands:

% /sbin/service xinetd --full-restart
Stopping xinetd:

[ OK ]

Starting xinetd:

[ OK ]

5.1.3.1.2. The Mover Encryption Key Files

To authenticate access to the remote Mover processes, the encryption key configured in this Mover’s
specific configuration (see Section 5.1.3: Mover Specific Configuration on page 102) is read from a file
accessible from the local file system. This file contains an ASCII representation of the encryption key.
The pathname of the file is passed to the Mover executable as specified in either the /etc/inetd.conf or

HPSS Management Guide

November 2009

Release 7.3 (Revision 1.0)

105

See also other documents in the category IBM Hardware: