1 creating authorizations, 2 deleting authorizations, 1 creating authorizations -22 – HP StorageWorks Scalable File Share User Manual

Operating the system

3–22

3.12.1 Creating authorizations

Authorizations allow users to access the HP SFS system remotely without a password. To create an

authorization in the system database, you must have (or have access to) the public key file (i

d_rsa.pub

or id_dsa.pub

) for the user on the remote system.

You can create an authorization in one of the following ways:

•

Copy over the public key file for the user on the remote system to the HP SFS system, as shown in the

following example:

[root@south1 lscli]# scp [email protected]:.ssh/id_rsa.pub /tmp/
[email protected]’s password:
id_rsa.pub 100% |*****************************| 237 00:00

When the file has been copied, create the authorization by entering the command shown in the

following example, where an authorization named

fred@ms

is created:

[root@south1 lscli]# sfsmgr
.

.

.

sfs> create authorization fred@ms file=/tmp/id_rsa.pub

Authorization for fred@ms added to the database.
This authorization does not take effect until you run the configure
server command.

sfs>

•

Alternatively, you can log in to the remote system from the SFS CLI and access the key when creating

the authorization, as shown in the following example:

sfs> create authorization root_10@ms [email protected] type=rsa
password (for [email protected]):
Authorization for root_10@ms added to the database.
This authorization does not take effect until you run the configure
server command.

sfs>

If you do not specify the

type=

option, the default is

rsa

.

The authorization does not come into effect on a server in the HP SFS system until the

configure server

server_name

command is run for the server. For example, to bring the authorization into effect on the

administration server and MDS server, enter the command shown in the following example:

sfs> configure server south[1-2]

3.12.2 Deleting authorizations

To delete a remote access authorization from the system database, enter the command shown in the

following example, where the

fred@ms

authorization is deleted:

sfs> delete authorization fred@ms
Authorization for dmc deleted from the database.
The old authorization remains in effect until you run the configure
server command.

Note that if the authorization was in effect on a server, it remains in effect (even though it has been deleted

from the database) until you run the

configure server server_name

command for that server.