IBM Books

Command and Technical Reference, Volume 1

lppdiff

Purpose

lppdiff - Queries installed Licensed Program (LPs) on a group of hosts.

Syntax

lppdiff
[-Gvacn] [-l login] [-w collective] [ -f fanout]
 
[fileset [fileset ...] | all]

lppdiff
[-h]

Flags

-G
Expands the scope of the -a flag to include all nodes in the SP system. The -G flag is meaningful only if used in conjunction with the -a flag.

-v
Verifies hosts before adding to the working collective. If this flag is set, each host to be added to the working collective is checked before being added.

-a
Specifies that the System Data Repository (SDR) initial_hostname field for all nodes in the current system partition be added to the working collective. If -G is also specified, all nodes in the SP system are included.

-c
Displays information as a list separated by colons. Note: Error messages displayed may contain a colon.

-n
Displays the count of the number of nodes with a fileset in a given state. (This is the default.)

-l
Specifies a remote user name under which to execute the query. If -l is not used, the remote user name is the same as your local user name.

-w
Specifies a list of host names, separated by commas, to include in the working collective. Both this flag and the -a flag can be included on the same command line. Duplicate host names are included only once in the working collective.

-f
Specifies a fanout value. The default value is 64. This indicates the maximum number on concurrent rsh's to execute. Sequential execution can be specified by indicating a fanout value of 1. The fanout value is taken from the FANOUT environment variable if the -f flag is not specified, otherwise the default is used.

-h
Displays usage information.

Operands

fileset
Specifies the LP to query. Using all for this operand will query all LPs installed on the host.

Description

Use this command to query the status of installed LPs on a group of hosts. The output from each host is collected and identical results are compressed to show the names and a count of the hosts that had identical results.

The dsh command is used to execute the queries on the remote hosts. The lslpp command is used to get the status of the installed LPs on the remote hosts. The lslpp command is called on each host with the -l, -a, -c, and -q flags.

Output from the lppdiff command consists of one entry for each unique LP listing information about that LP. Each LP's entry is followed by a list of all hosts that have that LP installed. An LP is considered unique if any one of the components in its description differ from that of another. For example, consider two hosts that both have ssp.basic installed. On host 1, it is in the APPLY state and on host 2, it is in the COMMITTED state. These LPs are considered unique and, therefore, each will get its own set of output from lppdiff.

The flags for lppdiff are used to direct the dsh command to certain hosts and to control its behavior. See the dsh command for details on these flags and how to use them.

The fileset operand to lppdiff can be one of two things. It can either be all which queries and displays information about all LPs installed on the specified hosts, or it can be the name of a file set to query on the specified hosts. The "*" character can be used to specify multiple file sets. For example, lppdiff -Ga ssp.* queries any file sets starting with "ssp." on all hosts in the system.

|Environment Variables

|PSSP 3.4 provides the ability to run commands using secure remote |command and secure remote copy methods.

|To determine whether you are using either AIX rsh or rcp |or the secure remote command and copy method, the following environment |variables are used. If no environment variables are set, the defaults |are /bin/rsh and /bin/rcp.

|You must be careful to keep these environment variables consistent. |If setting the variables, all three should be set. The DSH_REMOTE_CMD |and REMOTE_COPY_CMD executables should be kept consistent with the choice of |the remote command method in RCMD_PGM: |

|For example, if you want to run lppdiff using a secure remote |method, enter:

|export RCMD_PGM=secrshell
|export DSH_REMOTE_CMD=/bin/ssh
|export REMOTE_COPY_CMD=/bin/scp

Security

|You must have access to the AIX remote commands or the secure remote |commands to run this command.

|When restricted root access (RRA) is enabled, this command can only |be run from the control workstation.

Location

/usr/lpp/ssp/bin/lppdiff

Examples

  1. |To query LP information for ssp.basic on all nodes in the current |system partition, enter:
    |[c180s] [/]> lppdiff -a ssp.basic

    |You should receive output similar to the following:

    |----------------------------------------------------------------------
    |      Name       Path               Level    PTF   State   Type Num
    |----------------------------------------------------------------------
    |LPP:  ssp.basic  /etc/objrepos      3.4.0.0        COMMITTED  I   4
    |From: c180n01.ppd.pok.ibm.com c180n05.ppd.pok.ibm.com
    |      c180n09.ppd.pok.ibm.com c180n10.ppd.pok.ibm.com
    |----------------------------------------------------------------------
    |LPP:  ssp.basic  /usr/lib/objrepos  3.4.0.0        COMMITTED  I   4
    |From: c180n01.ppd.pok.ibm.com c180n05.ppd.pok.ibm.com
    |      c180n09.ppd.pok.ibm.com c180n10.ppd.pok.ibm.com

    |

  2. |To query LP information for all options starting with X11.base on a |specific node, enter:
    |[c180s] [/]> lppdiff -w c180n01 X11.base*
    | 
    |--------------------------------------------------------------------
    |      Name         Path              Level    PTF  State    Type Num
    |--------------------------------------------------------------------
    |LPP:  X11.base.rte /etc/objrepos     4.3.3.25      COMMITTED  I   1
    |From: c180n01
    |--------------------------------------------------------------------
    |LPP:  X11.base.smt /etc/objrepos     4.3.3.0       COMMITTED  I   1
    |From: c180n01
    |--------------------------------------------------------------------
    |LPP:  X11.base.com /usr/lib/objrepos 4.3.3.0       COMMITTED  I   1
    |      common
    |From: c180n01
    |--------------------------------------------------------------------
    |LPP:  X11.base.lib /usr/lib/objrepos 4.3.3.25      COMMITTED  I   1
    |From: c180n01
    |--------------------------------------------------------------------
    |LPP:  X11.base.rte /usr/lib/objrepos 4.3.3.25      COMMITTED  I   1
    |From: c180n01
    |--------------------------------------------------------------------
    |LPP:  X11.base.smt /usr/lib/objrepos 4.3.3.0       COMMITTED  I   1
    |From: c180n01
  3. |To query LP information for ssp.clients and ssp.bogus (a |nonexistent file set) on all nodes in the system, enter:
    |[c180s] [/]> lppdiff -Ga ssp.clients ssp.bogus
    | 
    |----------------------------------------------------------------------
    |       Name         Path             Level   PTF State    Type   Num
    |----------------------------------------------------------------------
    |LPP:   ssp.clients  /etc/objrepos    3.4.0.0     COMMITTED  I     4
    |From:  c180n01.ppd.pok.ibm.com c180n05.ppd.pok.ibm.com
    |       c180n09.ppd.pok.ibm.com c180n10.ppd.pok.ibm.com
    |----------------------------------------------------------------------
    |LPP:   ssp.clients  /etc/objrepos    3.4.0.0     COMMITTED  I     4
    |From:  c180n01.ppd.pok.ibm.com c180n05.ppd.pok.ibm.com
    |       c180n09.ppd.pok.ibm.com c180n10.ppd.pok.ibm.com
    |----------------------------------------------------------------------
    |========================= Errors =====================================
    |Error: /bin/lslpp: 0504-132  Fileset ssp.bogus not installed.
    |From:  c180n01.ppd.pok.ibm.com c180n05.ppd.pok.ibm.com
    |       c180n09.ppd.pok.ibm.com c180n10.ppd.pok.ibm.com
    |----------------------------------------------------------------------
  4. |To query LP information for ssp.clients and ssp.bogus (a |nonexistent file set) on all nodes in the system, and have the results |displayed as a list separated by colons, enter:
    |[c180s][/]> lppdiff -Gac ssp.clients ssp.bogus
    | 
    |From:Name:Path:Level:PTF:State:Type:Num
    |c180n01.ppd.pok.ibm.com,c180n05.ppd.pok.ibm.com,c180n09.ppd.pok.ibm.com,
    |c180n10.ppd.pok.ibm.com:ssp.clients:/etc/objrepos:3.4.0.0::COMMITTED:I:4
    |c180n01.ppd.pok.ibm.com,c180n05.ppd.pok.ibm.com,c180n09.ppd.pok.ibm.com,
    |c180n10.ppd.pok.ibm.com:ssp.clients:/usr/lib/objrepos:3.4.0.0:COMMITTED:
    |   I:4
    |From:Error
    |c180n01.ppd.pok.ibm.com,c180n05.ppd.pok.ibm.com,c180n09.ppd.pok.ibm.com,
    |c180n10.ppd.pok.ibm.com:/bin/lslpp:
    |0504-132  Fileset ssp.bogus not installed.

lsauthpar

Purpose

lsauthpar - Lists and verifies the active remote command authentication methods for a system partition.

Syntax

lsauthpar [-h | [-c] [ -p partition] [-v]]

Flags

-h
Specifies that the command syntax is to be listed. When this flag is specified, other flags are ignored.

-c
Specifies that the output is to be a single line consisting of the colon delimited list of methods, as stored in raw form in the System Data Repository.

-p partition
Specifies the partition for which the active authentication methods are to be listed. The partition can be specified in either hostname or IP address format. If none is specified, the value of the SP_NAME environment variable will be used. If this option is not specified and SP_NAME is not set, the default partition is assumed on the control workstation and the primary partition is assumed on a node.

-v
Specifies that the command should verify the active methods by running lsauthent on each accessible node in the partition against the settings stored in the System Data Repository. The -c flag is incompatible with this flag.

Operands

None.

Description

The lsauthpar command lists the remote command authentication methods that are active for the system partition. This command verifies the settings in the System Data Repository (SDR), reporting spurious settings; to make corrections use the chauthpar command.

This command also provides an option to check whether all nodes in the applicable system partition have the correct setting. No remote verification will occur, unless the SDR setting is valid.

|When verifying settings on running nodes using dsh via the |AIX rsh command to run lsauthent, the control workstation |and the nodes must have at least one common remote command authentication |method active. When this is not the case, verification will result in |errors reported by dsh or rsh. The AIX setting on the |nodes must be reset by the local root user issuing chauthent on each |node or by a reboot. No attempt is made to verify nodes that are |inaccessible.

|The lsauthpar command can also be run by dsh using |the secure remote command routine by setting the RCMD_PGM environment variable |to use "secrshell." See PSSP: Installation and |Migration Guide for more information on setting up the secure remote |command environment.

When you specify -v, this command uses the remote command facilities to obtain the settings from nodes in the system partition. Authorization to perform that task will be unsuccessful for any remote host that does not have at least one of the required remote command authentication methods active. If the command finds discrepancies, it will be necessary to execute the chauthent command on the indicated nodes or to re-boot the nodes, to enable client/server communication with them.

Environment Variables

The SP_NAME variable can be used to designate the applicable partition.

|PSSP 3.4 provides the ability to run commands using secure |remote command and secure remote copy methods.

|To determine whether you are using either AIX rsh or |rcp or the secure remote command and copy method, the following |environment variables are used. |If no environment variables are set, the defaults are |/bin/rsh and /bin/rcp.

|You must be careful to keep these environment variables |consistent. If setting the variables, all three should be set. |The DSH_REMOTE_CMD and REMOTE_COPY_CMD executables should be kept consistent |with the choice of the remote command method in RCMD_PGM: |

|For example, if you want to run lsauthpar using a secure |remote |method, enter:

|export RCMD_PGM=secrshell
|export DSH_REMOTE_CMD=/bin/ssh
|export REMOTE_COPY_CMD=/bin/scp

Standard Output

When -v is omitted, output consists of the methods that are active for the system partition, in the order of precedence established when they were set. When the -c flag is specified, the output is a single line consisting of a colon-separated list of methods. Without the -c flag, each method is identified by a descriptive name on a separate line. When verification is specified, methods are displayed in colon-delimited format.

Standard Error

Output consists of error messages when the command cannot complete successfully and when discrepancies are found during verification.

Exit Values

0
Indicates successful completion of the command.

1
Indicates that an error occurred.

Security

When the -v option is omitted, the lsauthpar command may be used by any user. Successful verification of the setting on a node requires the user to be authorized for remote command execution from the control workstation to that node.

Restrictions

When the -v option is specified, the command may be executed only on the control workstation.

Implementation Specifics

This command is part of the IBM Parallel System Support Programs (PSSP) Licensed Program (LP) (file set ssp.clients).

Prerequisite Information

The chapters on security in the PSSP: Administration Guide.

Location

/usr/lpp/ssp/bin/lsauthpar

Examples

  1. To list the remote command authentication methods for the current partition, enter:
    $lsauthpar
     
    Kerberos 5
    Kerberos 4
    Standard Aix
    
  2. To list in colon format the remote command authentication methods for a partition known by IP address, enter:
    $lsauthpar -c -p 120.14.89.10
     
    k4:std
    
  3. This example verifies authentication methods for a named partition, with no discrepancies found:
    $lsauthpar -v -p sp4partA
     
    Remote command authentication methods for the partition: k4:std
    No discrepancies were found. 
    
  4. This example verifies the authentication methods for a named partition, where a node's settings do not match the information found in the System Data Repository:
    $lsauthpar -p sp3p2 -v
     
    Remote command authentication methods for the partition: k5:k4:std
    lsauthpar: 0016-347 On sp3n13.abc.com the remote command authentication
    methods are incorrectly set to "std"
    

lsauthpts

Purpose

lsauthpts - Lists and verifies the active trusted services authentication methods for a system partition.

Syntax

lsauthpts [-h | [-c] [-p partition] [-v]]

Flags

-h
Specifies that the command syntax is to be listed. When this flag is specified, other flags are ignored.

-c
Specifies single line output consisting of the colon delimited list of methods, as stored in raw form in the System Data Repository.

-p partition
Specifies the partition for which the active authentication methods are to be listed. The partition can be specified in either hostname or IP address format. If none is specified, the value of the SP_NAME environment variable will be used. If this option is not specified and SP_NAME is not set, the default partition is assumed on the control workstation and the primary partition is assumed on a node.

-v
Specifies that the command should verify the active methods by running lsauthts on each accessible node in the partition, against the settings stored in the System Data Repository. The -c flag is incompatible with this flag.

Operands

None.

Description

The lsauthpts command lists the trusted services authentication methods that are active for the system partition. This command always verifies the correctness of the setting in the System Data Repository, reporting spurious settings to the user, who can use the chauthpts command to make corrections.

This command also provides an option to check whether all nodes in the applicable system partition have the correct setting. No remote verification will occur, unless the SDR setting is valid.

|When verifying settings on running nodes using the AIX rsh |command via dsh to run lsauthts, the control workstation and |the nodes must have at least one common remote command authentication method |active. When this is not the case, verification will result in errors |reported by dsh.

|The lsauthpts command can also be run by dsh using |the secure remote command routine by setting the RCMD_PGM environment variable |to use "secrshell." See PSSP: Installation and |Migration Guide for more information on setting up the secure remote |command environment.

Environment Variables

The SP_NAME environment variable can be used to designate the applicable partition.

|PSSP 3.4 provides the ability to run commands using secure |remote command and secure remote copy methods.

|To determine whether you are using either AIX rsh or |rcp or the secure remote command and copy method, the following |environment variables are used. |If no environment variables are set, the defaults are |/bin/rsh and /bin/rcp.

|You must be careful to keep these environment variables |consistent. If setting the variables, all three should be set. |The DSH_REMOTE_CMD and REMOTE_COPY_CMD executables should be kept consistent |with the choice of the remote command method in RCMD_PGM: |

|For example, if you want to run lsauthpts using a secure |remote |method, enter:

|export RCMD_PGM=secrshell
|export DSH_REMOTE_CMD=/bin/ssh
|export REMOTE_COPY_CMD=/bin/scp

Standard Output

When -v is omitted, output consists of the methods that are active for the system partition, in the order of precedence established when they were set. When the -c flag is specified, the output is a single line consisting of a colon-separated list of methods. Without the -c flag, each method is identified by a descriptive name on a separate line. When verification is specified, methods are displayed in colon-delimited format.

Standard Error

Output consists of error messages when the command cannot complete successfully, and when discrepancies are found during verification.

When you specify -v, this command uses the remote command facilities to obtain the settings from nodes in the system partition. Authorization to perform that task will fail for any remote host that does not have at least one of the required remote command authentication methods active. If the command finds discrepancies, it will be necessary to execute the chauthts command on the indicated nodes, or to re-boot the nodes to enable client-server communication.

Exit Values

0
Indicates successful completion of the command.

1
Indicates that an error occurred.

Security

When -v is omitted, the lsauthpts command may be used by any user. Successful verification of the setting on a node requires the user to be authorized for remote command execution from the control workstation to that node.

Restrictions

When the -v option is specified, the command may be executed only on the control workstation.

Implementation Specifics

This command is part of the IBM Parallel System Support Programs (PSSP) Licensed Program (LP) (file set ssp.clients).

Prerequisite Information

The chapters on security in the PSSP: Administration Guide.

Location

/usr/lpp/ssp/bin/lsauthpts

Examples

  1. Listing the trusted services authentication methods for the current partition:
    $lsauthpts
     
    Compatibility
    
  2. Listing in colon format the trusted services authentication methods for a partition known by IP address:
    $lsauthpts -c -p 120.14.89.10
     
    dce:compat
    
  3. Verifying authentication methods for the default or current partition, with no discrepancies found:
    $lsauthpts -v
     
    Trusted services authentication methods for the partition: dce
    No discrepancies were found.
    
  4. Verifying the authentication methods for a named partition, where a node's settings do not match the information found in the System Data Repository:
    $lsauthpts -p sp3p2 -v
     
    Trusted services authentication methods for the partition: dce:compat
    lsauthpts: 0016-347 On sp3n13.abc.com the trusted services authentication
    methods are incorrectly set to "compat"
    

lsauthts

Purpose

lsauthts - Lists the active authentication methods for trusted services on a host.

Syntax

lsauthts [-h | -c]

Flags

-h
Specifies that the command syntax is to be listed. When this flag is specified, all other flags are ignored.

-c
Specifies that the output is to be displayed in colon (short) format.

Operands

None.

Description

The lsauthts command lists the authentication methods that are used by trusted services on the local host. Trusted services that support multiple methods will attempt to authenticate and authorize client requests using the methods in the order listed

Standard Input

The local settings are obtained from the /spdata/sys1/spsec/auth_methods file.

Standard Output

The long form of the output consists of a line for each authentication method that is active. The short form consists of one line with the methods separated by colons.

Standard Error

Output consists of error messages, when the command cannot complete successfully.

There are no unique consequences of command errors.

Exit Values

0
Indicates successful completion of the command.

1
Indicates the file does not exist, cannot be accessed, or contains data that is not valid.

Security

The lsauthts command may be used by any user.

Implementation Specifics

This command is part of the IBM Parallel System Support Programs (PSSP) Licensed Program (LP) (file set ssp.clients).

Prerequisite Information

The chapters on security in the PSSP: Administration Guide.

Location

/usr/lpp/ssp/bin/lsauthts

Examples

  1. Listing the authentication methods on a host that uses just DCE for trusted services authentication:
    $lsauthts
     
    DCE 
    
  2. Listing the authentication methods on a host that uses DCE and Compatibility methods for trusted services authentication:
    $lsauthts -c
     
    dce:compat
    

lsfencevsd

Purpose

lsfencevsd - Lists IBM Virtual Shared Disks that are fenced from access by nodes.

Syntax

lsfencevsd

Flags

None.

Operands

None.

Description

Use this command to display a map that shows which IBM Virtual Shared Disks are fenced from which nodes in the system or system partition.

Security

You must be in the AIX bin group to run this command.

Prerequisite Information

PSSP: Managing Shared Disks

Location

/usr/lpp/csd/bin/lsfencevsd

Related Information

Commands: fencevsd, unfencevsd

Examples

To display the map of fenced IBM Virtual Shared Disks in the system, enter:

lsfencevsd

The system displays a map similar to the following:

minor        Fenced Nodes
(13):           13 14
(14):            1  2

lshacws

Purpose

lshacws - Gets the HACWS state of the control workstation.

Syntax

lshacws

Flags

None.

Operands

None.

Description

Use this command to print the current HACWS state of the control workstation. It prints to standard output a number string that indicates the HACWS state of the local host and whether the local host is part of an HACWS configuration.

This command is valid only when issued on the control workstation. When the command is executed and the calling process is not on a control workstation, an error occurs.

Note:
The High Availability Cluster Multiprocessing (HACMP) event scripts and installation scripts supplied with the High Availability Control Workstation (HACWS) option of the IBM Parallel System Support Programs for AIX (PSSP), set the control workstation state. The state is changed during reintegration in the HACWS supplied pre- and post-event scripts for HACMP. The administrator should not normally have to set the control workstation state.

Exit Values

0
Indicates successful completion of the command.

1
Indicates that the command could not obtain the HACWS state.

2
Indicates that the command retrieved an HACWS state that was not valid.

3
Indicates that the command was not executed on a control workstation.

The following are the valid printed values and their defined HACWS state:

0
Indicates that this is a control workstation that is not part of an HACWS configuration.

1
Indicates that this is the primary control workstation, but not the active control workstation.

2
Indicates that this is the primary and active control workstation.

16
Indicates that this is the backup control workstation and not the active control workstation.

32
Indicates that this is the backup and active control workstation.

Prerequisite Information

Refer to PSSP: Administration Guide for information on the HACWS option.

Location

/usr/lpp/ssp/bin/lshacws

Related Information

Commands: sethacws

Subroutines: hacws_set, hacws_stat

Examples

The following lshacws command results indicate the node type:

lshacws
 
Results: 32 - node is a backup and active control workstation
Results: 16 - node is a backup and inactive control workstation
Results: 2  - node is a primary and active control workstation
Results: 1  - node is a primary and inactive control workstation
Results: 0  - node is a control workstation but not an HACWS configuration
Results: error occurs with exit value = 3 - node is not a control workstation

lshsd

Purpose

lshsd - Displays configured hashed shared disks for a virtual shared disk and the characteristics.

Syntax

lshsd [-l | -s] [hsd_name ...]

Flags

-l
Lists the minor number, the stripe size, the number of virtual shared disks, the name of the hashed shared disk, and the underlying virtual shared disks. (This is lowercase l, as in list.)

-s
Displays the statistics of reads and writes on underlying virtual shared disks in hashed shared disks.

Operands

hsd_name ...
Specifies a hashed shared disk for the virtual shared disk.

Description

This command displays the configured hashed shared disks. If a list of hashed shared disks follow the flag then information about them is displayed. lshsd without any arguments or flag lists the names of all the hashed shared disks currently configured.

Prerequisite Information

PSSP: Managing Shared Disks

Location

/usr/lpp/csd/bin/lshsd

Related Information

Commands: cfghsd, ucfghsd, hsdatalst , updatehsd

Examples

  1. To list all the configured hashed shared disks, enter:
    lshsd
    

    The system displays a message similar to the following:

    hsd1
    hsd2
    hsd3
    .
    .
    .
    
  2. To list hashed shared disks and their characteristics, enter:
    lshsd -l hsd1 hsd2
    

    The system displays a message similar to the following:

    HSD_name=hsd1 Stripe_size=32768 Hsd_minorno=1 numVsds=2
         option=protectlvcb size_in_MB=40
    vsd.rlv01
    vsd.rlv02
     
    HSD_name=hsd2 Stripe_size=32768 Hsd_minorno=1 numVsds=3
         option=protectlvcb size_in_MB=40
    vsd.rlv03
    vsd.rlv04
    vsd.rlv05
    
  3. To list statistical information about hashed shared disk hsd1, enter:
    lshsd -s hsd1
    

    The system displays a message similar to the following:

                9     hsd parallelism
                0     READ requests not at page boundary
                0     WRITE requests not at page boundary
    HSD_name=hsd1 Stripe_size=4096 HSD_minorno=1 numVSDs=2
    option=protect_lvcb size_in_MB=40
    number_read number_write vsd_name
        16          16       vsdn01v1
        16          16       vsdn02v1
    

lskp

Purpose

lskp - Lists Kerberos principals.

Syntax

lskp [ -h | -p | -s | -c | {name[.instance]|name. |.instance} ...]

Flags

-h
Displays usage information.

-p
Lists the four principals that are predefined by Kerberos.

-s
Lists service principals for the rcmd and hardmon services.

-c
Lists client principals (all but those listed by -p and -s).

Operands

{name[.instance]| name.|.instance} ...
Identifies specific principals to list. Specify name. to list all principals with a specific principal name or .instance to list all principals with a specific instance.
Note:
The name must be followed by a period and the instance must be preceded by a period.
This operand and the various flags are mutually exclusive. When the command is issued with no operands or flags, all principals are listed.

Description

Use this command to list principals in the local Kerberos database, displaying for each the principal name and instance, the maximum ticket lifetime, and the expiration date. You can list the entire authentication database, an individual entry, all entries with a specified principal name, or all entries with a specified instance. Or you can list entries in different categories: all client (user) principals, all service principals, or all principals predefined by Kerberos.

Files

/var/kerberos/database/admin_acl.get
Access control list for kadmin and lskp ..

/var/kerberos/database/principal.*
Kerberos database files.

Standard Output

For each principal, the lskp command displays the principal identifier as name.instance (on a separate line if its length exceeds twenty characters), and the principal's attributes. The maximum ticket lifetime is the maximum period that a Ticket-Granting-Ticket issued to this principal will be valid. Any ticket lifetime up to this value can be requested using an option on the k4init command. The key version is an integer set to one when the principal is created and incremented each time the password is changed. The principal's expiration date is displayed in local time, based on the setting of the TZ environment variable.

Exit Values

0
Indicates the successful completion of the command. No output is produced for principal names that do not exist.

1
Indicates that an error occurred and no principal was listed. One of the following conditions was detected:

Security

The lskp command can be run by the root user logged in on a Kerberos server host. It can be invoked indirectly as a Sysctl procedure by a Kerberos database administrator who has a valid ticket and is listed in the admin_acl.get file.

Location

/usr/kerberos/etc/lskp

Related Information

Commands: chkp, kadmin , kdb_edit, mkkp, rmkp , sysctl

Examples

  1. To list the predefined Kerberos principals, enter:
    lskp -p
    

    You should receive output similar to the following:

    krbtgt.ABC.DEF.GHI.COM
                        tkt-life: 30d   key-vers: 1
                        expires: 2037-12-31 23:59
    default             tkt-life: 30d   key-vers: 1
                        expires: 2037-12-31 23:59
    changepw-kerberos   tkt-life: 30d   key-vers: 1
                        expires: 2037-12-31 23:59
    K.M                 tkt-life: 30d   key-vers: 1
                        expires: 2037-12-31 23:59
    
  2. To list two specific Kerberos principals, joe.admin and lisa, enter:
    lskp joe.admin lisa
    

    You should receive output similar to the following:

    joe.admin           tkt-life: 15d+08:46   key-vers: 1
                        expires: 2005-03-15 23:59
     
    lisa                tkt-life: 08:00   key-vers: 1
                        expires: 1997-06-09 23:59
    

lsvsd

Purpose

lsvsd - Displays configured virtual shared disks and their characteristics.

Syntax

lsvsd [-l] [-s] [-i] [ vsd_name...]

Flags

-l
Lists the name of the virtual shared disk, the minor number, the state, the current server node number, and, at the server only, the major and minor number of the logical volume. (This is lowercase l, as in list.)

The state field can have one of the following values:

STP Stopped
SUS Suspended
ACT Active

An asterisk (*) in front of any of these values indicates that the virtual shared disk has been fenced from this node.

This flag is not compatible with the -s flag.

The server_list of the virtual shared disk is listed.

-s
Lists usage statistics about the virtual shared disks. It lists the number of local logical read and write operations, the number of remote logical read and write operations, the number of client logical read and write operations, the number of physical reads and writes, the number of cache hits for read, and the number of 512-byte blocks read and written. The number of blocks read and written is cumulative, so issue ctlvsd -V to reset this count before measuring it.

The local logical operations are requests which were made by a process executing at the local node, whereas the remote logical operations were made by a process executing on a remote node. Client operations are those local logical requests that cannot be satisfied locally, and have to be sent to a remote node. Physical operations are those server operations which must be passed to the underlying disk device. Cache read hits are those server reads which do not require a device read, because the read operation was satisfied from the virtual shared disk cache.

This flag is not compatible with the -l flag.

-i
Lists the "node to IP address" map that is currently used by the IBM Virtual Shared Disk driver.

Operands

node_number
Specifies a node.

ip_address
Specifies an IP address.

switch_number
Specifies a switch node number.

vsd_name
Specifies a virtual shared disk.

Description

The lsvsd command displays information about virtual shared disks currently configured on the node on which the command is run. If a list of virtual shared disks follows the flags, information about those virtual shared disks is displayed. lsvsd with no arguments or flags lists the names of all the virtual shared disks currently configured on the node.

The lsvsd command displays information about both the configuration and the usage of a virtual shared disk.

You can use the System Management Interface Tool (SMIT) to run the lsvsd command. To use SMIT, enter:

smit vsd_mgmt

and select the Show All Managed Virtual Shared Disk Characteristics option.

Prerequisite Information

PSSP: Managing Shared Disks

Location

/usr/lpp/csd/bin/lsvsd

Related Information

Commands: cfgvsd, ctlvsd, preparevsd, resumevsd, startvsd, stopvsd, suspendvsd, ucfgvsd, updatevsdnode, updatevsdtab

Examples

  1. To list all virtual shared disks in the system, enter:
    lsvsd
    

    The system displays a message similar to the following:

    vsd00
     
    vsd01
     
    .
    .
    .
    
  2. To list virtual shared disks and their characteristics, enter:
    lsvsd -l
    

    The system displays a message similar to the following:

    minor  state  server  lv_major  lv_minor  vsd_name  option   size (MB)
    83     STP      -1        0        0      vsdn08v3  cache       20
    84     STP      -1        0        0      vsdn08v4  nocache     16
    
  3. To list statistics about virtual shared disks and precede the column output with a header, enter:
    lsvsd -s
    

    The system displays a message similar to the following:

    lc-rd lc-wt rm-rd rm-wt c-rd c-wt  p-rd  p-wt  h-rd   br   bw  vsd_name
       84    84  2858   169    0    0   348   253  2605  164  184  vsd.vsd1
        0     0     0     0    0    0     0     0     0    0    0  vsd.rl01
        0     0     0     0    0    0     0     0     0    0    0  vsd.rl02
    
  4. Issuing lsvsd -i when VSD/KLAPI is enabled produces output similar to:
    node        IP address
      1         9.114.43.129
      3         9.114.43.131
      5         9.114.43.133
      7         9.114.43.135
      9         KLAPI[   8]
     10         9.114.43.138
     11         KLAPI[  10]
     12         9.114.43.140
     13         9.114.43.141
     14         9.114.43.142
     15         9.114.43.143
     16         9.114.43.144
    

The following table spells out the names of the headers used in the displays for the -l and -s options:
Header Meaning
minor Virtual shared disk minor number
state State of this virtual shared disk:active, stopped, suspended
server Primary node for this virtual shared disk
lv major Logical volume major number
lv minor Logical volume minor number
vsd_name Name of this virtual shared disk
option Option:cache or nocache
lc-rd Local logical reads
lc-wt Local logical writes
rm-rd Remote logical reads
rm-wt Remote logical writes
c-rd Client logical reads
c-wt Client logical writes
p-rd Physical reads
p-wt Physical writes
h-rd Reads from cache
br Blocks read
bw Blocks written


[ Top of Page | Previous Page | Next Page | Table of Contents | Index ]