Hitachi

JP1 Version 12 JP1/Base User's Guide


8.3.1 Specifying the authentication servers to use

Specify the host running JP1/Base that will be used as the authentication server. The authentication server must be specified on the following hosts:

A host specified as an authentication server manages JP1 users and the operating permissions for JP1 resource groups. If you want to use just one user authentication block for a system that contains two or more products that utilize JP1/Base user authentication, for example JP1/IM and JP1/AJS, specify the same authentication server on each host.

Note that if the communication encryption function (SSL communication) is enabled on an authentication server host, SSL communication must also be enabled on each host that connects to that authentication server. If hosts that do not use SSL communication must be authenticated, you need to install an authentication server that does not use SSL communication to separate the user authentication block. Also note that to use SSL communication, the version of JP1/Base on the authentication server host and the hosts connecting to the authentication server host must be 11-00 or later.

Organization of this subsection

(1) Setting the authentication servers

Execute the following command:

jbssetusrsrv primary-authentication-server [secondary-authentication-server]

For details on the jbssetusrsrv command, see jbssetusrsrv (UNIX only) in 15. Commands.

Notes
  • Before you start JP1/Base, in the hosts file or on the DNS server, enter the host name(s) set as the authentication server (or primary and secondary authentication servers). You can set the authentication servers (execute the jbssetusrsrv command) first, or enter the information in the hosts file or on the DNS server first. The order of these tasks does not matter, provided the system can resolve the IP address from the host name at JP1/Base startup.

  • Specify the host names on both the primary and secondary authentication servers. You cannot specify an IP address.

(2) Checking the specified authentication servers

Execute the following command:

jbslistsrv [-h logical-host-name]

For details on the jbslistsrv command, see jbslistsrv in 15. Commands.

(3) Disabling startup of the authentication server on the local host

When you install JP1/Base for the first time, the local host is set as the authentication server and this authentication server starts automatically. Even if you change the authentication server setting to a remote host, the authentication process on the local host will still be activated.

To disable the authentication process and prevent startup of the authentication server on the local host:

  1. Make sure that disabling the local-host authentication server will not affect operations.

  2. Execute the following commands:

    cd /etc/opt/jp1base/conf
    cp -p jp1bs_spmd.conf.model jp1bs_spmd.conf 
  3. Restart JP1/Base.

If you want to again specify the local host as an authentication server (primary or secondary) after disabling startup as above, take the following steps to enable startup:

  1. Execute the following commands:

    cd /etc/opt/jp1base/conf
    cp -p jp1bs_spmd.conf.session.model jp1bs_spmd.conf 
  2. Restart JP1/Base.