beautypg.com

6 verifying digital signatures (optional), 1 verifying the hp public key (optional), 2 verifying the signed rpms (optional) – HP StorageWorks Scalable File Share User Manual

Page 34

background image

enabling direct user login access to the file system server nodes. In particular, the shadow
password information should not be provided through NIS or LDAP.

IMPORTANT:

HP requires that users do not have direct login access to the file system servers.

If support for secondary user groups is not desired, or to avoid the server configuration
requirements above, the Lustre file system can be created so that it does not require user credential
information. The Lustre method for validating user credentials can be modified in two ways,
depending on whether the file system has already been created. The preferred and easier method
is to do this before the file system is created, using step 1 below.

1.

Before the file system is created, specify "mdt.group_upcall=NONE" in the file system's CSV
file, as shown in the example in

“Generating Heartbeat Configuration Files Automatically”

(page 47)

.

2.

After the file system is created, use the procedure outlined in

“Changing group_upcall

Value to Disable Group Validation” (page 61)

.

3.5.6 Verifying Digital Signatures (optional)

Verifying digital signatures is an optional procedure for customers to verify that the contents of
the ISO image are supplied by HP. This procedure is not required.

Two keys can be imported on the system. One key is the HP Public Key, which is used to verify
the complete contents of the HP SFS image. The other key is imported into the rpm database to
verify the digital key signatures of the signed rpms.

3.5.6.1 Verifying the HP Public Key (optional)

To verify the digital signature of the contents of the ISO image, the HP Public Key must be
imported to the user's gpg key ring. Use the following commands to import the HP Public Key:

# cd /signatures

# gpg --import *.pub

Use the following commands to verify the digital contents of the ISO image:

# cd /

# gpg --verify Manifest.md5.sig Manifest.md5

The following is a sample output of importing the Public key:

# mkdir -p /mnt/loop

# mount -o loop "HPSFSG3-ISO_FILENAME".iso /mnt/loop/

# cd /mnt/loop/

# gpg --import /mnt/loop/signatures/*.pub

gpg: key 2689B887: public key "Hewlett-Packard Company (HP Codesigning Service)" imported
gpg: Total number processed: 1
gpg: imported: 1

And the verification of the digital signature:

# gpg --verify Manifest.md5.sig Manifest.md5

gpg: Signature made Tue 10 Feb 2009 08:51:56 AM EST using DSA key ID 2689B887
gpg: Good signature from "Hewlett-Packard Company (HP Codesigning Service)"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: FB41 0E68 CEDF 95D0 6681 1E95 527B C53A 2689 B887

3.5.6.2 Verifying the Signed RPMs (optional)

HP recommends importing the HP Public Key to the RPM database. Use the following command
as root to import this public key to the RPM database:

# rpm --import /signatures/*.pub

34

Installing and Configuring HP SFS Software on Server Nodes

See also other documents in the category HP Storage: