This volume contains the RS/6000 SP Commands A - P. See Volume 2 for RS/6000 SP Commands R - W, RS/6000 SP Files and Other Technical Information, and RS/6000 SP Subroutines.
To access the RS/6000 SP online manual pages, set the MANPATH environment variable as follows:
for ksh
export MANPATH=$MANPATH:/usr/lpp/ssp/man
for csh
setenv MANPATH $MANPATH\:/usr/lpp/ssp/man
When you partition your system, you create one or more system partitions which, for most tasks, function as separate and distinct logical RS/6000 SP systems. Most commands function within the boundary of the system partition in which they are executed. A number of commands, however, continue to treat the RS/6000 SP as a single entity and do not respect system partition boundaries. That is, in their normal function they may affect a node or other entity outside of the current system partition. In addition, some commands which normally function only within the current system partition have been given a new parameter which, when used, allows the scope of that command to exceed the boundaries of the current system partition.
On the control workstation, the administrator is in an environment for one system partition at a time. The SP_NAME environment variable identifies the system partition to subsystems. (If this environment variable is not set, the system partition is defined by the primary: stanza in the /etc/SDR_dest_info file.) Most tasks performed on the control workstation that get information from the System Data Repository (SDR) will get the information for that particular system partition.
In managing multiple system partitions, it is helpful to open a window for each system partition. You can set and export the SP_NAME environment variable in each window and set up the window title bar or shell prompt with the system partition name. The following script is an example:
sysparenv:
# !/bin/ksh
for i in 'splst_syspars'
do
syspar='host $i | cut -f 1 -d"."'
echo "Opening the $syspar partition environment"
sleep 2
export SP_NAME=$syspar
aixterm -T "Work Environment for CWS 'hostname -s' - View: $syspar" -ls -sb &
done
exit
.profile addition:
# Added for syspar environment setup
if [ "'env | grep SP_NAME | cut -d= -f1'" = SP_NAME ]
then
PS1="[`hostname -s`<p>$SP_NAME] ["'$PWD]> '
else
PS1="[`hostname -s`]["'$PWD]> '
fi
export ENV
As a user, you can check what system partition you're in with the command:
spget_syspar -n
The following table summarizes those commands which can exceed the boundary
of the current system partition. Unless otherwise stated, commands not
listed in this table have as their scope the current system partition.
| Command | Effect |
|---|---|
| arp | Can reference any node (by its host name) in any system partition. |
| Automounter commands | Host names need not be in the current system partition. |
| chauthpar -p | The -p flag allows specification of a system partition other than the current system partition. |
| chauthpts -p | The -p flag specifies the partition for which the active authentication methods are set. |
| config_spsec -p | The -p flag configures SP Services into the DCE database for servers in the specified partition only. |
| create keyfiles -p | The -p flag creates keyfiles for principals in the specified partition only. |
| crunacct | Merges accounting data from all nodes regardless of system partition boundaries. |
| cshutdown -G | The -G flag allows specification of target nodes outside of the current system partition. |
| cstartup -G | The -G flag allows specification of target nodes outside of the current system partition. |
|
dsh
| Hosts added to the working collective by host name need not be in the current system partition. |
| dsh -aG | The -G flag modifies the -a flag (all nodes in the current system partition) by expanding the scope to all nodes in the entire physical SP system. |
| Eclock | There is a single switch clock for the SP regardless of the number of system partitions. |
| Efence -G | The -G flag allows specification of nodes outside of the current system partition. |
| emonctrl -c | The system partition-sensitive control script for the emon subsystem supports the -c option, which crosses system partitions. |
| Eunfence -G | The -G flag allows specification of nodes outside of the current system partition. |
|
haemctrl -c
| The system partition-sensitive control script for the haem subsystem supports the -c and -u options, which cross system partitions. |
| haemd_SP syspar_IPaddr | Specifies the IP address of the system partition in which the haemd daemon is to execute. |
| haemqvar | If the SP_NAME environment variable is not set, the default system partition is used. |
|
hagsctrl -c hagsctrl -u | The system partition-sensitive control script for the hags subsystem supports the -c and -u options, which cross system partitions. |
|
hagsns hagsvote | On the control workstation, users specify which system partition the command should reference. On the nodes, the command works only on the system partition where the node resides. |
|
hatsctrl -c hatsctrl -u | The system partition-sensitive control script for the hats subsystem supports the -c and -u options, which cross system partitions. |
| hmcmds -G | The -G flag allows the hmcmds commands to be sent to any hardware on the SP system. |
| hmmon -G | The -G flag allows for the specification of hardware outside of the current system partition. |
|
hostlist hostlist -f filename hostlist -w hostname | Host names need not be in the current system partition. |
| hostlist -aG | -nG | -sG | The -G flag modifies the -a, -n, or -s flag by expanding the scope to the entire physical SP system. |
| hrctrl -c | The system partition-sensitive control script for the hr subsystem supports the -c option, which crosses system partitions. |
| hsdatalst -G | The -G flag causes the display of HSD information to be for all system partitions. |
| lppdiff -aG | The -G flag modifies the -a flag (all nodes in the current system partition) by expanding the scope to all nodes in the entire physical SP system. |
| lsauthpar -p | The -p flag allows specification of a system partition other than the current system partition. |
| lsauthpts -p | The -p flag specifies the partition for which the active authentication methods are to be listed. |
| nlssrc | On the control workstation, the user specifies which system partition the command should reference. On the nodes, the command works only on the system partition where the node resides. |
| nodecond -G | The -G flag allows specification of a node outside of the current system partition. |
| psyslrpt -w hostnames | The host names supplied with the -w flag can be in any system partition (the -a flag will select all nodes in the current system partition). |
| psyslclr -w hostnames | The host names supplied with the -w flag can be in any system partition (the -a flag will select all nodes in the current system partition). |
| penotify -w hostnames | The host names supplied with the -w flag can be in any system partition (the -a flag will select all nodes in the current system partition). |
| pmanctrl -c | The system partition-sensitive control script for the pman subsystem supports the -c option, which crosses system partitions. |
Parallel commands:
| Parallel commands can take the following options and will behave
accordingly:
|
| rm_spsec | The -p flag removes configuration from DCE service principals and keyfiles for the specified partition. |
|
SDRArchive,
| Archives/restores the SDR representing the entire SP. |
| SDRGetObjects -G | The -G flag allows for retrieval of partitioned class objects from partitions other than the current system partition. Without the -G, objects which are in a partitioned class are retrieved from the current system partition only. |
| SDRMoveObjects | Moves objects from one system partition to another. |
| SDRScan | Scans SDR database files. |
| SDRValidateString | Checks a character string for valid SDR input. |
| Other SDR commands | SDR commands that create, change or delete values work within the system partition. Note though that System classes (Frame, for example) are shared among all system partitions. Changes to system classes will affect other system partitions. |
Security commands:
| The function of these security commands is unchanged under system partitioning. That is, if they previously affected the entire SP, they continue to do so even if the system has been partitioned. If they previously had the ability to affect a remote node that function is unchanged in a system partitioned environment. |
| sp_configdctrl -c | The system partition-sensitive control script for the sp_configd subsystem supports the -c option, which crosses system partitions. |
| spapply_config | Applies a system partition configuration to the entire SP. |
| spacl -G | Manages ACLs for object instances outside the current partition. |
| spbootins | If a boot server outside of the current system partition is specified, that node is prepared appropriately. |
| spbootlist | The command targets nodes in any system partition. |
| spchvgobj | The command targets nodes in any system partition. |
| spdelhmcid | This command will work with a Hardware Management Console (HMC) in any system partition. |
| spframe | Configures data for one or more frames across the entire SP. |
| sphardware | Global system partition can be selected from within the Perspective. |
| sphmcid | This command will work with a Hardware Management Console (HMC) in any system partition. |
| splm | The target nodes defined in the input table can include nodes from any system partition. |
| splst_versions -G | The -G flag allows for retrieval of PSSP version information from nodes outside the current system partition. |
| splstdata -G | The -G flag allows display of information on nodes and adapters outside of the current system partition. |
| splstadapters -G | The -G flag lists information about target adapters outside of the current system partition. |
| splstnodes -G | The -G flag lists information about target nodes outside of the current system partition. |
| spmirrorvg | The command targets nodes in any system partition. |
| spmkvgobj | The command targets nodes in any system partition. |
| spmon -G | The -G flag allows specification of nodes outside of the current system partition. The -G flag is required when performing operations on any frame or switch. |
| sprestore_config | Restores the entire SP SDR from a previously made archive. |
| sprmvgobj | The command targets nodes in any system partition. |
| spsitenv | Site environment variables are specified for the SP system as a whole. The specification of acct_master= can be any node in the SP regardless of system partition. The specification of install_image= may cause boot server nodes outside of the current system partition to refresh the default installation image they will serve to their nodes. |
| spsyspar | Command is always in global mode. |
| spunmirrorvg | The command targets nodes in any system partition. |
| spverify_config | Verifies the configuration of all system partitions in the SP system. |
| st_clean_table | Can specify a node name which is outside the current partition. |
| st_status | Can specify a node which is outside the current partition. |
| supper | File collections are implemented and managed without respect to system partition boundaries. |
| sysctl | The Sysctl client can send requests to any node in the SP. |
| syspar_ctrl -c -G | The -c and -G flags allow for the crossing of system partitions in providing a single interface to the control scripts for the system partition-sensitive subsystems. |
| s1term -G | The -G flag allows specification of a node outside of the current system partition. |
| vsdatalst -G | The -G flag causes the display of IBM Virtual Shared Disk information to be for all system partitions. |
| vsdsklst -G | The -G flag specifies the display of information for disks outside the current system partition. |
Purpose
add_principal - Creates principals in the Kerberos Version 4 authentication database.
Syntax
add_principal [-r realm_name] [ -v] file_name
Flags
Operands
Description
This command provides an interface to the Kerberos Version 4 authentication database to add an entry for a user or service instance, supplying the password used to generate the encrypted private key. The add_principal command is suitable for mass addition of users or multiple instances of servers (for example, SP nodes).
This command operates noninteractively if you have a valid ticket-granting-ticket (TGT) for your admin instance in the applicable realm. A TGT can be obtained using the k4init command. If you do not have a TGT for the admin instance for the realm in which you are adding principals, or if the add_principal command cannot obtain a service ticket for changing passwords using the admin TGT, the user is prompted for the password for the user's admin instance.
Administrators use the add_principal command to register new users and services instances to the authentication database. An administrator must have a principal ID with an instance of admin. Also, user_name.admin must appear in the admin_acl.add Access Control List (ACL).
The add_principal program communicates over the network with the kadmind program, which runs on the machine housing the primary authentication database. The kadmind program creates new entries in the database using data provided by this command.
When using the add_principal command, the principal's expiration date and maximum ticket lifetime are set to the default values. To override the defaults, the root user must use the kdb_edit command to modify those attributes.
Input to the program is read from the file specified by the file_name argument. It contains one line of information for each principal to be added, in the following format:
name[.instance][@realm] password
For user entries with a NULL instance, this format matches that of the log file created by the spmkuser command. Any form of white space can surround the two fields. Blank lines are ignored. Any line containing a # as the first nonwhite space character, is treated as a comment.
Since the input file contains principal identifiers and their passwords, ensure that access to the file is controlled. You should remove the input file containing the unencrypted passwords after using it, or delete the passwords from it.
The add_principal command does not add principals to an AFS authentication database. If authentication services are provided through AFS, use the AFS kas command to add principals to the database. Refer to the chapter on security in PSSP: Administration Guide for an overview.
Files
Exit Values
Security
You must be logged in (using k4init) as a Kerberos Version 4 database administrator who is authorized to add users. Your Kerberos Version 4 principal must be your-AIX-username.admin and be listed in the file /var/kerberos/database/admin_acl.add.
Location
/usr/lpp/ssp/kerberos/bin/add_principal
Related Information
Commands: kadmin, k4init, kpasswd, ksrvutil
Refer to the "RS/6000 SP files and other technical information" section of PSSP: Command and Technical Reference for additional Kerberos information.
Purpose
allnimres - Allocates Network Installation Management (NIM) resources from a NIM master to a NIM client.
Syntax
allnimres -h | -l node_list
Flags
Operands
None.
Description
Use this command to allocate all necessary NIM resources to a client based on the client's bootp_response in the System Data Repository (SDR). This includes executing the bos_inst command for allocation of the boot resource and nimscript resource. At the end of this command, nodes are ready to netboot to run installation, diagnostics, or maintenance. If the node's bootp_response is "disk", all NIM resources are deallocated from the node.
|Environment Variables
|PSSP 3.4 provides the ability to run commands using secure remote |command and secure remote copy methods.
|To determine whether you are using either AIX rsh or rcp |or the secure remote command and copy method, the following environment |variables are used. |If no environment variables are set, the defaults are |/bin/rsh and /bin/rcp.
|You must be careful to keep these environment variables consistent. |If setting the variables, all three should be set. The DSH_REMOTE_CMD |and REMOTE_COPY_CMD executables should be kept consistent with the choice of |the remote command method in RCMD_PGM: |
|For example, if you want to run allnimres using a secure remote |method, enter:
|export RCMD_PGM=secrshell |export DSH_REMOTE_CMD=/bin/ssh |export REMOTE_COPY_CMD=/bin/scp
Standard Error
This command writes error messages (as necessary) to standard error.
Exit Values
Security
You must have root privilege to run this command.
Implementation Specifics
This command is part of the IBM Parallel System Support Programs (PSSP) Licensed Program (LP).
Location
/usr/lpp/ssp/bin/allnimres
Related Information
Commands: setup_server, unallnimres
Examples
To allocate boot/installation resources to boot/install client nodes 1, 3, and 5 from their respective boot/install servers, enter:
allnimres -l 1,3,5
Purpose
/usr/lpp/ssp/css/arp - Displays and modifies address resolution.
Syntax
Flags
type host_name adapter_address [route] [temp] [pub]
type host_name adapter_address [route] [temp] [pub]
where:
Description
The arp command has been modified to add support for the switch. This command is valid only on an SP system.
The arp command displays and modifies the Internet-to-adapter address translation tables used by ARP. The arp command displays the current ARP entry for the host specified by the host_name variable. The host can be specified by name or number, using Internet dotted decimal notation.
Related Information
PSSP commands: ifconfig
AIX commands: crash, netstat
AIX daemon: inetd
Refer to PSSP: Administration Guide for additional information on the SP Switch.
Refer to "TCP/IP Protocols" in AIX System Management Guide: Communications and Networks.
Examples
arp -s switch host2 1
arp -d host1
Purpose
cfghsd - Configures a hashed shared disk.
Syntax
cfghsd {-a | hsd_name ...}
Flags
Operands
Description
This command configures the already defined hashed shared disks and makes them available. The command extracts information from the System Data Repository (SDR).
Security
You must be in the AIX bin group to run this command.
Restrictions
If you have the IBM Recoverable Virtual Shared Disk software installed and operational, do not use this command. The results may be unpredictable.
See PSSP: Managing Shared Disks.
Prerequisite Information
PSSP: Managing Shared Disks
Location
/usr/lpp/csd/bin/cfghsd
Related Information
Commands: defhsd, hsdatalst, lshsd, ucfghsd
Examples
To make the hashed shared disk hsd1 available, enter:
cfghsd hsd1
Purpose
cfghsdvsd - Configures a hashed shared disk and the underlying virtual shared disks that comprise it and starts the virtual shared disks.
Syntax
cfghsdvsd -a | {hsd_name...}
Flags
Operands
Description
Use this command to configure already-defined hashed shared disks and their underlying virtual shared disks and make them available. Note all of the virtual shared disks go to the active state, making them available to the node on which this command is run.
You can use the System Management Interface Tool (SMIT) to run this command. To use SMIT, enter:
smit hsd_mgmt
and select the Configure a hashed shared disk and its underlying virtual shared disks option.
Security
You must have access to the virtual shared disk subsystem via the sysctl service to run this command.
Prerequisite Information
PSSP: Managing Shared Disks
Location
/usr/lpp/csd/bin/cfghsdvsd
Related Information
Commands: cfghsd, cfgvsd, ucfghsdvsd
Examples
To configure the hashed shared disk hsd1 and the virtual shared disks that comprise it, enter:
cfghsdvsd hsd1
Purpose
cfgvsd - Configures a virtual shared disk.
Syntax
cfgvsd {-a | vsd_name ...}
Flags
Operands
Description
Use this command to configure the already defined virtual shared disks and bring them to the stopped state. It does not make the virtual shared disk available. The command extracts information from the System Data Repository (SDR).
You can use the System Management Interface Tool (SMIT) to run the cfgvsd command. To use SMIT, enter:
smit vsd_mgmt
and select the Configure a virtual shared disk option.
Security
You must be in the AIX bin group to run this command.
Restrictions
If you have the IBM Recoverable Virtual Shared Disk software installed and operational, do not use this command. The results may be unpredictable.
See PSSP: Managing Shared Disks.
Prerequisite Information
PSSP: Managing Shared Disks
Location
/usr/lpp/csd/bin/cfgvsd
Related Information
Commands: ctlvsd, lsvsd, preparevsd, resumevsd, startvsd, stopvsd, suspendvsd, ucfgvsd
Examples
To bring the virtual shared disk vsd1vg1n1 from the defined state to the stopped state, enter:
cfgvsd vsd1vg1n1
Purpose
chauthpar - Enables the active remote command authentication methods for a system partition.
Syntax
chauthpar {-h | [-c | -f] [-p partition] [-v] method...}
Flags
Operands
You must specify at least one of the following authentication methods that are used by the remote commands.
Description
The chauthpar command enables the specified authentication methods for the designated system partition. All methods not included are set inactive (not in use).
You can limit operation of the command to the control workstation by specifying the -c option. Conversely, the -f option allows you to force the setting to be propagated to all accessible nodes in the partition, regardless of whether it was changed. Normal command execution, with neither option, propagates any changed setting to the nodes.
This command should be the sole vehicle for managing the authentication methods settings on the SP. Should the settings become damaged due to system problems or inappropriate use of SDR interfaces, this command will detect erroneous settings and inform the user of them. When a system partition is found with an incorrect setting for the remote command authentication methods, it will be reset using the following rules:
These automatic corrections to other partitions are made only in the SDR and are not propagated to any nodes. If this occurs, you should examine the changed settings and reissue this command against each of the affected partitions to complete the repair. If the change made to the SDR when the error was detected is correct, reissue the command with the -f option to insure that all nodes have the new setting. If the reset value is not correct for the partition, reissue the command without -f to change it as required.
|When propagating settings on running nodes using dsh via |the AIX rsh command to run chauthent, the control |workstation and the nodes must have at least one common remote command |authentication method active in order for propagation to succeed. When |this is not the case, propagation can only be completed by the local root user |running chauthent or spauthconfig on each node or by a |reboot. The same applies to nodes that are not running or are otherwise |inaccessible when this command is executed.
|The chauthpar command can also be run by dsh using |the secure remote command routine by setting the RCMD_PGM environment variable |to use "secrshell." See PSSP: Installation and |Migration Guide for more information on setting up the secure remote |command environment.
To activate the Kerberos 5 authentication method in a partition, you must have configured the control workstation and the partition for DCE using the commands or SMIT panels. To activate the Kerberos Version 4 authentication method, you must have configured the control workstation and the partition for k4, using the commands or SMIT panels. You must activate the Kerberos Version 4 authentication method if any node in the partition is running a level of PSSP earlier than Version 3.2.
Consequences of Error
A problem executing the chauthent command remotely on some or all nodes in the partition does not result in unsuccessful execution of the command. Error messages from the dsh and rsh commands should be noted to determine the reason for each problem. For example, when the -c flag is not specified but no nodes in the partition are running, the dsh command will be unsuccessful and return the message:
dsh: 5025-511 No hosts in working collective
Establishing the correct settings on inaccessible nodes will require the root user to run chauthent or spauthconfig on those nodes (or reboot them).
Environment Variables
The SP_NAME variable can be used to designate the applicable partition.
|PSSP 3.4 provides the ability to run commands using secure |remote command and secure remote copy methods.
|To determine whether you are using either AIX rsh or |rcp or the secure remote command and copy method, the following |environment variables are used. |If no environment variables are set, the defaults are |/bin/rsh and /bin/rcp.
|You must be careful to keep these environment variables |consistent. If setting the variables, all three should be set. |The DSH_REMOTE_CMD and REMOTE_COPY_CMD executables should be kept consistent |with the choice of the remote command method in RCMD_PGM: |
|For example, if you want to run chauthpar using a secure |remote |method, enter:
|export RCMD_PGM=secrshell |export DSH_REMOTE_CMD=/bin/ssh |export REMOTE_COPY_CMD=/bin/scp
Standard Output
Output consists of informational messages, when the -v option is specified.
Standard Error
Output consists of error messages when the command cannot complete successfully. Even when the command returns 0, error messages will be output if defective SDR attributes were repaired for another partition or propagation to one or more nodes was unsuccessful.
Exit Values
Security
You must have root privilege to run this command.
Restrictions
The chauthpar command may be executed only on the control workstation.
Implementation Specifics
This command is part of the IBM Parallel System Support Programs (PSSP) Licensed Program (LP) (file set ssp.clients).
Prerequisite Information
The chapters on security in the PSSP: Administration Guide.
Location
/usr/lpp/ssp/bin/chauthpar
Related Information
Commands: lsauthpar
Examples
chauthpar -p sp3b k5 k4 std
chauthpar k4 std
chauthpar -v -p 9.10.11.12 k5 k4 std The remote command authentication methods for this host are currently k4:std The authentication methods by partition are currently abcsp1 k4:std abcsp2 k4:std abcsp3 k4:std The partition to be modified is abcsp3 The auth_methods attribute of the partition has been set to k5:k4:std The remote command authentication methods for this host are now set to k5:k4:std The chauthent command was executed successfully on node s1n15.abc.org The chauthent command was executed successfully on node s1n16.abc.org The chauthent command was executed successfully on node s1n18.abc.org The chauthent command was executed successfully on node s1n19.abc.org
Purpose
chauthpts - Enables the active trusted services authentication methods for a system partition.
Syntax
chauthpts {-h | [-c | -f] [ -p partition] [-v] [method ...]}
Flags
Operands
Description
The chauthpts command enables authentication methods for the designated system partition. All methods not included are set inactive (not in use).
You can limit operation of the command to the control workstation by specifying the -c option. The -f option forces the setting to be propagated to all accessible nodes in the partition, whether it was changed or not. Using chauthpts with neither flag propagates any changed setting to the nodes.
This command should be the sole vehicle for managing the trusted services authentication methods settings on the SP.
Should the settings become corrupted due to system problems or inappropriate use of SDR interfaces, this command will detect erroneous settings and inform the user of them. When a system partition is found with a setting that is not valid for the trusted services authentication methods, it will be reset using the following rules:
These automatic corrections (to other partitions) are made only in the SDR and are not propagated to any nodes. If this occurs, you should examine the changed settings and reissue this command against each of the affected partitions to complete the repair. If the change made to the SDR when the error was detected is correct, reissue the command with the -f option to ensure that all nodes have the new setting. If the reset value is not correct for the partition, reissue the command without -f to change it as required.
|When propagating settings on running nodes using dsh via |the AIX rsh command to run chauthts, the control workstation |and the nodes must have at least one common remote command authentication |method active for propagation to succeed. When this is not the case, |propagation can only be completed by the local root user running |chauthts or spauthconfig on each node or by a reboot. |The same applies to nodes that are not running or are otherwise inaccessible |when this command is executed.
|The chauthpts command can also be run by dsh using |the secure remote command routine by setting the RCMD_PGM environment variable |to use "secrshell." See PSSP: Installation and |Migration Guide for more information on setting up the secure remote |command environment.
To activate DCE, you must configure DCE.
To activate the Compatibility authentication method, you must have configured the control workstation and the partition for Kerberos Version 5 using the commands or SMIT panels. You must activate the Compatibility authentication method if any node in the partition is running a level of PSSP earlier than 3.2.
Environment Variables
The SP_NAME variable can be used to designate the applicable partition.
|PSSP 3.4 provides the ability to run commands using secure |remote command and secure remote copy methods.
|To determine whether you are using either AIX rsh or |rcp or the secure remote command and copy method, the following |environment variables are used. |If no environment variables are set, the defaults are |/bin/rsh and /bin/rcp.
|You must be careful to keep these environment variables |consistent. If setting the variables, all three should be set. |The DSH_REMOTE_CMD and REMOTE_COPY_CMD executables should be kept consistent |with the choice of the remote command method in RCMD_PGM: |
|For example, if you want to run chauthpts using a secure |remote |method, enter:
|export RCMD_PGM=secrshell |export DSH_REMOTE_CMD=/bin/ssh |export REMOTE_COPY_CMD=/bin/scp
Standard Output
Output consists of informational messages when the -v option is specified.
Standard Error
Output consists of error messages, when the command cannot complete successfully. Even when the command returns 0, error messages will be output if a defective SDR attribute was repaired for another partition or propagation to one or more nodes failed.
Unsuccessful remote execution of the chauthts command on some or all nodes in the partition does not result in complete command error. Error messages from the dsh and rsh commands should be noted to determine the reason for each error. For example, when the -c flag is not specified but no nodes in the partition are running, the dsh command is unsuccessful and returns the message:
dsh: 5025-511 No hosts in working collective
Establishing the correct settings on inaccessible nodes will require the root user to run chauthts or spauthconfig on those nodes (or re-boot them).
Exit Values
Security
You must have root privilege to run this command.
Restrictions
The chauthpts command may be executed only on the control workstation.
Implementation Specifics
This command is part of the IBM Parallel System Support Programs (PSSP) Licensed Program (LP) (file set ssp.clients).
Prerequisite Information
The chapters on security in the PSSP: Administration Guide.
Location
/usr/lpp/ssp/bin/chauthpts
Related Information
Commands: lsauthpts
Examples
chauthpts -p sp3b dce compat
chauthpts -c -p 9.10.11.12 dce
Purpose
chauthts - Enables the active authentication methods for trusted services on a host.
Syntax
chauthts {-h | [method ...]}
Flags
Operands
You may choose any combination of the following authentication methods. These authentication methods are used by various trusted services.
To activate the DCE authentication method, you must have configured the system for DCE. To activate the Compatibility authentication method, you must have configured the system for K4.
Description
The chauthts command enables the authentication methods used by trusted services on the local host. Trusted services that support multiple methods will attempt to authenticate and authorize client requests using the methods in the order shown. Use this command to set the authentication methods on the control workstation at initial installation and on independent workstations. Use chauthpts instead to set the authentication methods for SP nodes (or the control workstation after initial installation).
Standard Output
The local settings are stored in /spdata/sys1/spsec/auth_methods.
Standard Error
Output consists of error messages, when the command cannot complete successfully.
If the command is unable to write the new settings into the file, it will attempt to remove the file to avoid the use of spurious information that might compromise security. This will disable all trusted services authentication methods on the local system.
Exit Values
Security
You must have root privilege to run this command.
Implementation Specifics
This command is part of the IBM Parallel System Support Programs (PSSP) Licensed Program (LP) (file set ssp.clients).
Prerequisite Information
The chapters on security in the PSSP: Administration Guide.
Location
/usr/lpp/ssp/bin/chauthts
Related Information
Commands: lsauthts
Examples
To set all available authentication methods active, enter:
chauthts dce compat
Purpose
|chgcss - Applies configuration changes to a Scalable |POWERparallel Switch Communications Adapter for the SP Switch or SP |Switch2.
Syntax
Flags
| Implementation Specifics |
|---|
|
Device memory attribute sizes can be specified in decimal or hexadecimal by preceding the value with "0x". SP Switch configuration changes to the spoolsize and rpoolsize attributes are later applied to the device when it is configured at system reboot. |
where:
client is the application for which windows should be reserved, released, or queried. Use a case-sensitive string to specify the client application. The literal string AVAIL is used to indicate an unreserved window.
client_type is reserved for future use. You must specify user_client for client_type.
requested_count is the requested number of windows to reserve for the specified application.
| Implementation Specifics |
|---|
|
If you have already reserved windows for an application, you cannot reserve additional windows. The release command of the chgcss window attribute releases ALL windows for the specified client. |
Operands
None.
Description
|Use this command to change the device memory or window resource |allocations for the Communications Adapter for the SP Switch or SP |Switch2.
The SP Switch adapter multiplexes between independent data streams, where a data stream is represented by an adapter "window." A subset of adapter windows are for system use only (the IP window, for example), while others can be reserved for long-running subsystems such as VSD. Windows that are neither held for system use nor otherwise reserved may be allocated dynamically for large-scale parallel applications.
Files
Standard Output
A space-separated list of window numbers or client ID strings is written to standard output upon successful execution of chgcss to reserve, release, or query windows. The command also writes informational messages to standard output whenever a device memory attribute is changed.
Standard Error
This command writes error messages to standard error.
Security
You must have root privilege to run this command.
Prerequisite Information
For additional information on values for the device memory attributes, refer to the tuning information at:
http://www.rs6000.ibm.com/support/sp
Location
/usr/lpp/ssp/css/chgcss
Related Information
AIX commands: lsattr
Examples
chgcss -l css0 -a win_maxsize=0x100000 chgcss: attribute win_poolsize value = 5242880. chgcss: attribute win_maxsize value = 1048576. chgcss: attribute win_minsize value = 1048576.
win_poolsize, win_minsize and win_maxsize are inter-dependent attributes; all are displayed whenever one or more is changed.
chgcss -l css0 -a rpoolsize=1048576 -a spoolsize=1048576 chgcss: attribute rpoolsize value = 1048576. chgcss: attribute spoolsize value = 1048576.
The new values for the rpoolsize and spoolsize attributes are displayed.
chgcss -l css0 -a window=cmd:reserve/id:GPFS/type:user_client/count:1 1 chgcss -l css0 -a window=cmd:QUERY/id:GPFS 1
In this example, window 1 has been reserved for GPFS.
chgcss -l css0 -a window=cmd:query VSD GPFS AVAIL AVAIL AVAIL
In this example, window 0 is reserved for VSD, window 1 is reserved for GPFS, and windows 2, 3 and 4 are unreserved.
chgcss -l css0 -a window=cmd:QUERY/id:AVAIL 2 3 4
or enter:
chgcss -l css0 -a window=cmd:QUERY/id: 2 3 4
In this example, windows 2, 3 and 4 are unreserved.
chgcss -l css0 -a window=cmd:RELEASE/id:GPFS VSD AVAIL AVAIL AVAIL AVAIL
In this example, window 0 is the only remaining reserved window after the GPFS window is released.
Purpose
chkp - Changes Kerberos Version 4 principals.
Syntax
chkp -h
chkp [-e expiration] [-l lifetime] name[.instance] ...
Flags
lifetime operand - Approximate duration
141 1 day
151 2 days
170 1 week
180 2 weeks
191 1 month
At least one flag must be specified.
Operands
Description
Use this command to change principals in the local Kerberos database. It allows the current expiration date and maximum ticket lifetime to be redefined. It cannot be used to change the principal's password. To do that, the administrator must use the kpasswd , kadmin, or kdb_edit commands. The chkp command should normally be run only on the primary server. If there are secondary authentication servers, the push-kprop command is invoked to propagate the change to the other servers. The command can be used to update a secondary server's database, but the changes may be negated by a subsequent update from the primary.
Files
Exit Values
Security
The chkp command can be run by the root user logged in on a Kerberos server host. It can be invoked indirectly as a Sysctl procedure by a Kerberos database administrator who has a valid ticket and is listed in the admin_acl.mod file.
Location
/usr/kerberos/etc/chkp
Related Information
Commands: kadmin, kdb_edit , lskp, mkkp, rmkp , sysctl
Examples
chkp -l 171 default
chkp -l 181 -e 2003-06-30 franklin jtjones root.admin susan