beautypg.com

Configuring dce nodes to use authenticated rpcs – HP UX B6941-90001 User Manual

Page 439

background image

Chapter 10

439

Tuning, Troubleshooting, Security, and Maintenance

ITO Security

Configuring DCE Nodes to use Authenticated RPCs

The DCE names and accounts, required by ITO to use authenticated
RPCs, are set up by using

opc_sec_register_svr.sh

and

opc_sec_register.sh

. You need to run

opc_sec_register_svr.sh

once on the ITO management server and

opc_sec_register.sh

for

each managed node which requires the ITO accounts, and only after you
have configured the node (using

dce_config

) as part of a wider DCE

environment. The final step in the configuration process involves using
the ITO GUI to set the security level for the management server and
individual managed nodes.

NOTE

opc_sec_register_svr.sh

and

opc_sec_register.sh

require a

DCE login context to complete successfully. Before running

opc_sec_register_svr.sh

or

opc_sec_register.sh

you must log

into DCE as cell_admin, using the command

dce_login

. It is also

important to switch to UNIX user root before logging into DCE. This
applies to both the management server and the managed node.

To configure the ITO management server and managed nodes to use
authenticated RPCs, perform the following steps:

1. Ensure that each managed node and the management server are

members of a DCE cell as well as a DCE server system itself. To add a
node to a DCE cell, run the DCE utility

dce_config

locally on each

of the nodes to be added.

2. As UNIX user root, log in as the DCE user cell_admin, and execute

the following command:

dce_login cell_admin <

cell_admin password

>

This opens a new shell with a DCE login context:

3. Execute the following script as UNIX user root once on the

management server:

/opt/OV/bin/OpC/install/opc_sec_register_svr.sh -s

4. Subsequently, you have to run the script as user root and with a valid

DCE login context on each of the managed nodes that requires the
DCE authentication of RPCs. This may be done remotely from the
management server only if automatic password generation has been
disabled for the managed node:

/opt/OV/bin/OpC/install/opc_sec_register.sh <

node1

>\

<

node2

> ...

See also other documents in the category HP Computers: