Purpose
pmanrmdloadSDR - Reads a pmanrmd configuration file and loads the information into the System Data Repository (SDR).
Syntax
pmanrmdloadSDR ConfigFileName
Flags
None.
Operands
Description
The Problem Management subsystem provides 16 resource variables, named IBM.PSSP.pm.User_state1 through IBM.PSSP.pm.User_state16. These are predefined resource variables that have been set aside for system administrators to create their own resource monitors. A resource monitor that you create through Problem Management is a command that gets executed repeatedly by the pmanrmd daemon at a specific interval. The standard output from the command is supplied to the Event Management subsystem as the value for the resource variable. You can then use the pmandef command to subscribe to events for that resource variable.
The resource variable name, resource monitor command, sampling interval, and list of nodes for which the resource monitor is defined are stored in the SDR. The pmanrmdloadSDR command is used to store those definitions in the SDR.
You define your resource monitor to the pmanrmd daemon by doing the following:
Command="mount | awk '\''{print $3}'\'' | tail -l"The marks between awk and tail are single quotes, the others are double quotes.
Control workstation:
stopsrc -s pmanrm.syspar_name startsrc -s pmanrm.syspar_namewhere syspar_name is the name of the system partition.
Node:
stopsrc -s pmanrm startsrc -s pmanrm
For a more complete description of Problem Management resource monitors, refer to the "Using the Problem Management subsystem" chapter in PSSP: Administration Guide
Files
Security
You must have write access to the SDR to run this command.
Implementation Specifics
This command is part of the IBM Parallel System Support Programs (PSSP) Licensed Program (LP).
Prerequisite Information
IBM RS/6000 Cluster Technology: Event Management Programming Guide and Reference
The "Using the Problem Management subsystem" chapter in PSSP: Administration Guide
Location
/usr/lpp/ssp/bin/pmanrmdloadSDR
Related Information
Commands: pmandef
Purpose
pmv - Specifies a parallel file move.
Syntax
pmv [-w - | noderange | 'hostlist args'] mv_args
Flags
The pmv command requires the first flag or parameter on the command line to be a specification of the hosts on which the command is to be executed.
Operands
Description
The pmv command issues the AIX mv command on multiple hosts. The output is formatted so that duplicate output is displayed only once. The pmv command uses dsh to execute the mv command on multiple hosts. The output of the ls commands is written to standard output and formatted. The pmv command is identical to pexec mv.
Files
|Environment Variables
|PSSP 3.4 provides the ability to run commands using secure remote |command and secure remote copy methods.
|To determine whether you are using either AIX rsh or rcp |or the secure remote command and copy method, the following environment |variables are used. |If no environment variables are set, the defaults are |/bin/rsh and /bin/rcp.
|You must be careful to keep these environment variables consistent. |If setting the variables, all three should be set. The DSH_REMOTE_CMD |and REMOTE_COPY_CMD executables should be kept consistent with the choice of |the remote command method in RCMD_PGM: |
|For example, if you want to run pmv using a secure remote |method, enter:
|export RCMD_PGM=secrshell |export DSH_REMOTE_CMD=/bin/ssh |export REMOTE_COPY_CMD=/bin/scp
Security
|You must have access to the AIX remote commands or the secure remote |commands to run this command.
This command will automatically forward the DCE credentials if K5 is an enabled AIX authentication method and the user of the command has DCE credentials that can be forwarded. The special DCE credentials for root, called the machine or self host principal credentials, cannot be forwarded. To obtain DCE credentials that can be forwarded as a root user, a root user must issue dce_login -f.
Location
/usr/lpp/ssp/bin/pmv
Related Information
Commands: dsh, mv, pexec
Examples
To move a file from each host1, host2, and host3 to a different directory, enter:
pmv -w host1,host2,host3 /tmp/shnozzola /etc/shnozzola
Purpose
ppred - Performs a command on those hosts for which a test is satisfied.
Syntax
Flags
The ppred command requires the first flag or parameter on the command line to be a specification of the hosts on which the command is to be executed.
Operands
Description
The ppred command performs a test on remote hosts in parallel. On each host where the test succeeds, a command is run. Optionally, a command can be specified that runs if the test is unsuccessful.
|Environment Variables
|PSSP 3.4 provides the ability to run commands using secure remote |command and secure remote copy methods.
|To determine whether you are using either AIX rsh or rcp |or the secure remote command and copy method, the following environment |variables are used. |If no environment variables are set, the defaults are |/bin/rsh and /bin/rcp.
|You must be careful to keep these environment variables consistent. |If setting the variables, all three should be set. The DSH_REMOTE_CMD |and REMOTE_COPY_CMD executables should be kept consistent with the choice of |the remote command method in RCMD_PGM: |
|For example, if you want to run ppred using a secure remote |method, enter:
|export RCMD_PGM=secrshell |export DSH_REMOTE_CMD=/bin/ssh |export REMOTE_COPY_CMD=/bin/scp
Security
|You must have access to the AIX remote commands or the secure remote |commands to run this command.
This command will automatically forward the DCE credentials if K5 is an enabled AIX authentication method and the user of the command has DCE credentials that can be forwarded. The special DCE credentials for root, called the machine or self host principal credentials, cannot be forwarded. To obtain DCE credentials that can be forwarded as a root user, a root user must issue dce_login -f with a DCE principal other than a self host principal.
Location
/usr/lpp/ssp/bin/ppred
Related Information
Commands: dsh, hostlist, test
Examples
To verify that a file exists and is a regular file on the host occupying the first slot in each of 4 frames, enter:
ppred '-s 1-4:1' '-f /etc/passwd' 'echo \'host_name\''
Purpose
pps - Specifies a parallel ps command.
Syntax
pps [-w - | noderange | 'hostlist args'] ps_args
Flags
The pps command requires the first flag or parameter on the command line to be a specification of the hosts on which the command is to be executed.
Operands
Description
The pps command uses dsh to execute the ps command on multiple hosts. The output of the ls commands is written to standard output and formatted so that distinct output is presented only once. The pps command is identical to pexec ps.
Files
|Environment Variables
|PSSP 3.4 provides the ability to run commands using secure remote |command and secure remote copy methods.
|To determine whether you are using either AIX rsh or rcp |or the secure remote command and copy method, the following environment |variables are used. |If no environment variables are set, the defaults are |/bin/rsh and /bin/rcp.
|You must be careful to keep these environment variables consistent. |If setting the variables, all three should be set. The DSH_REMOTE_CMD |and REMOTE_COPY_CMD executables should be kept consistent with the choice of |the remote command method in RCMD_PGM: |
|For example, if you want to run pps using a secure remote |method, enter:
|export RCMD_PGM=secrshell |export DSH_REMOTE_CMD=/bin/ssh |export REMOTE_COPY_CMD=/bin/scp
Security
|You must have access to the AIX remote commands or the secure remote |commands to run this command.
This command will automatically forward the DCE credentials if K5 is an enabled AIX authentication method and the user of the command has DCE credentials that can be forwarded. The special DCE credentials for root, called the machine or self host principal credentials, cannot be forwarded. To obtain DCE credentials that can be forwarded as a root user, a root user must issue dce_login -f.
Location
/usr/lpp/ssp/bin/pps
Related Information
Commands: dsh, pexec, ps
Examples
To list processes on each host1, host2, and host3 (described previously), enter:
pps -w host1,host2,host3 -ef
Purpose
preparevsd - Makes a virtual shared disk available.
Syntax
preparevsd {-a | vsd_name...}
Flags
Operands
Description
The preparevsd command brings the specified virtual shared disks from the stopped state to the suspended state. The virtual shared disks are made available. Open and close requests are honored, while read and write requests are held until the virtual shared disks are brought to the active state. If they are in the suspended state, this command leaves them in the suspended state.
You can use the System Management Interface Tool (SMIT) to run this command. To use SMIT, enter:
smit vsd_mgmt
and select the Prepare a Virtual Shared Disk option.
Security
You must be in the AIX bin group to run this command.
Restrictions
If you have the Recoverable Virtual Shared Disk software installed and operational, do not use this command. The results may be unpredictable.
See PSSP: Managing Shared Disks.
Prerequisite Information
PSSP: Managing Shared Disks
Location
/usr/lpp/csd/bin/preparevsd
Related Information
Commands: cfgvsd, ctlvsd, lsvsd, resumevsd, startvsd, stopvsd, suspendvsd, ucfgvsd
Examples
To bring the virtual shared disk vsd1vg1n1 from the stopped state to the suspended state, enter:
preparevsd vsd1vg1n1
Purpose
prm - Specifies a parallel file remove.
Syntax
prm [-w - | noderange | 'hostlist args'] rm_args
Flags
The prm command requires the first flag or parameter on the command line to be a specification of the hosts on which the command is to be executed.
Operands
Description
The prm command issues the AIX rm command on multiple hosts. The output is formatted so that distinct output is displayed only once. The prm command uses dsh to execute the rm command on multiple hosts. The output of the ls commands is written to standard output and formatted. The prm command is identical to pexec rm.
Files
|Environment Variables
|PSSP 3.4 provides the ability to run commands using secure remote |command and secure remote copy methods.
|To determine whether you are using either AIX rsh or rcp |or the secure remote command and copy method, the following environment |variables are used. |If no environment variables are set, the defaults are |/bin/rsh and /bin/rcp.
|You must be careful to keep these environment variables consistent. |If setting the variables, all three should be set. The DSH_REMOTE_CMD |and REMOTE_COPY_CMD executables should be kept consistent with the choice of |the remote command method in RCMD_PGM: |
|For example, if you want to run prm using a secure remote |method, enter:
|export RCMD_PGM=secrshell |export DSH_REMOTE_CMD=/bin/ssh |export REMOTE_COPY_CMD=/bin/scp
Security
|You must have access to the AIX remote commands or the secure remote |commands to run this command.
This command will automatically forward the DCE credentials if K5 is an enabled AIX authentication method and the user of the command has DCE credentials that can be forwarded. The special DCE credentials for root, called the machine or self host principal credentials, cannot be forwarded. To obtain DCE credentials that can be forwarded as a root user, a root user must issue dce_login -f.
Location
/usr/lpp/ssp/bin/prm
Related Information
Commands: dsh, rm, pexec
Examples
To remove a file from each host1, host2, and host3 (described previously), enter:
prm -w host1,host2,host3 /tmp/shnozzola
Purpose
psyslclr - Removes entries from syslog log files on a set of nodes.
Syntax
Flags
Operands
None.
Description
Use this command to delete log entries in syslogd generated log files. Options allow for selecting the files and records that are trimmed.
The arguments to options -d, -f, -l, -n, -r, and -w can be a comma-delimited or single-quoted, blank-delimited list of values. If the -l flag is used, the command will only trim records from the specified list of log file names. If the -l flag is not passed, the command will first parse the syslog configuration file (the default is /etc/syslog.conf) to select files for trimming.
The -f and -p flags can be used to control selecting files in the configuration file. All files found in the configuration file will be trimmed if the -f and -p flags are not used.
The -d, -e, -n, -r, -s, and -y flags are used to match log entries to be deleted. A record must match a value from each of the flags that are used to be trimmed. If a flag is not passed, all records match for that field. To delete all records, use the -y flag with 0 as the argument. If the -w flag begins with a slash (/), it is interpreted as a file containing a list of nodes to execute the command on; otherwise, it can be a list as described previously. If neither the -a nor the -w flags are used, the command defaults to the local node.
Files
Security
The psyslclr command consists of a client script and a server procedure which is executed by the Sysctl facility. Sysctl performs access authorization according to the configuration of security services on the server nodes. The server uses the Sysctl aclcheck procedure for granting access which requires the caller to have a principal entry in the log management ACL: /etc/logmgt.acl. The principal must log into the appropriate authentication service prior to running this command.
Location
/usr/lpp/ssp/bin/psyslclr
Related Information
Commands: psyslrpt
Daemons: syslogd
Examples
psyslclr -a -y 30
psyslclr -w k47n10 -s 04110000 -e 07230000 -r ftp,snmpd
psyslclr -w /tmp/nodelist -f mail,user -p error -y 0
Purpose
psyslrpt - Generates reports of records in syslog log files on a set of nodes.
Syntax
Flags
Operands
None.
Description
Use this command to generate reports of log entries in syslogd generated log files. Options allow for selecting the files and records that are reported. The arguments to options -d, -f, -l, -n, -r, and -w can be a comma-delimited or single-quoted, blank-delimited list of values. If the -l flag is used, the command will report records from the specified list of log file names. If the -l flag is not passed, the command will first parse the syslog configuration file (the default is /etc/syslog.conf) to select files for reporting.
The -f and -p options can be used to control the selecting of files in the configuration file. All files found in the configuration file are reported on if the -f and -p flags are not used.
The -d, -e, -n, -r, and -s options are used to match log entries to be reported. A record must match a value from each of these flags that are used to be reported. If a flag is not passed, all records match for that field. If the -w argument begins with slash (/), it is interpreted as a file containing a list of nodes to execute the command on; otherwise, it can be a list as described previously. If neither the -a nor -w flags are used, the command defaults to the local node.
Files
Security
The psyslrpt command consists of a client script and a server procedure which is executed by the Sysctl facility. Sysctl callbacks perform access authorization according to the configuration of security services on the server nodes. The server procedure uses the Sysctl AUTH callback for granting access which requires the caller to have been authenticated in accordance with the security policy of the target node or nodes.
Location
/usr/lpp/ssp/bin/psyslrpt
Related Information
Commands: psyslclr
Daemons: syslogd
The PSSP: Administration Guide
Examples
psyslrpt -a -s 03030000
psyslrpt -w k47n10 -s 04110000 -e 07230000 -r ftp,snmp
psyslrpt -w k47n12,k47n15 -d'10479 1157' -l /var/adm/SPlogs/SPdaemon.log
Purpose
rcmdtgt - Obtains a Kerberos Version 4 authentication ticket for the local realm, with a maximum allowed lifetime, using the service key for the instance of the rcmd principal on the local host.
Syntax
rcmdtgt
Flags
None.
Operands
None.
Description
Use this command to obtain Kerberos Version 4 authorization with a maximum allowed lifetime, using the service key for rcmd.localhost found in the service key file at /etc/krb-srvtab. When using SP authentication services, these tickets have an unlimited lifetime. When using AFS authentication services, a maximum of 30 days is enforced.
This command is intended primarily for use in shell scripts and other batch-type facilities.
The KRBTKFILE environment variable must be used to specify the ticket cache file used by rcmdtgt to store authentication tickets.
If Kerberos Version 4 is not an active authentication method for AIX remote commands, and Compatibility is not an active authentication method for SP trusted services, this command performs no function but returns successfully.
Because the ticket obtained using this command may not expire, the user should be careful to delete the temporary ticket file.
When using /usr/lpp/ssp/rcmd/bin/rcmdtgt, remember to check that the authentication method is in fact Kerberos Version 4 before using k4destroy or /usr/lpp/ssp/kerberos/bin/kdestroy to destroy credentials. While Kerberos Version 4 may be configured, the authentication method may be superseded by DCE and you could be destroying credentials obtained by the system administrator through a Kerberos Version 4 login.
Environment Variables
Files
Security
You must have root privilege to run this command.
Location
/usr/lpp/ssp/rcmd/bin/rcmdtgt
Related Information
Commands: k4destroy, k4init
Files: krb.conf
Refer to the "RS/6000 SP files and other technical information" section of PSSP: Command and Technical Reference for additional Kerberos information.
Examples
The following example, excerpted from the sample script.cust file, shows how rcmdtgt can be used in a shell script to perform the authentication required to use the rcp command:
# set the host name from which you will copy the file. SERVER='cat /etc/ssp/server_host_name | cut -d" " -f1' # Define a temporary ticket cache file, then get a ticket export KRBTKFILE=/tmp/tkt.$$ /usr/lpp/ssp/rcmd/bin/rcmdtgt # # Perform kerberos-authenticated rcp # rcp is linked to AIX rcp rcp $SERVER:/etc/resolv.conf /etc/resolv.conf # Remove the ticket cache file /bin/k4destroy unset KRBTKFILE
Purpose
removehsd - Removes one or more hashed shared disks, the virtual shared disks associated with them, and the System Data Repository (SDR) information for virtual shared disks on the associated nodes.
Syntax
Flags
Operands
None.
Description
Use this command to remove the logical volumes associated with virtual shared disks in the set of hashed shared disks. The order in which the virtual shared disks that make up the hashed shared disks and the hashed shared disks themselves are removed is the reverse of the order in which they were created.
If the virtual shared disk or hashed shared disk is configured on any of the nodes on the system partition, this command is unsuccessful, unless the -f flag is specified.
Security
You must have access to the virtual shared disk subsystem via the sysctl service to run this command.
Prerequisite Information
PSSP: Managing Shared Disks
Location
/usr/lpp/csd/bin/removehsd
Related Information
Commands: createhsd, removevsd
Examples
To unconfigure and remove the virtual shared disks associated with the hashed shared disks DATA and remove the hashed shared disk as well, type:
removehsd -d DATA -f
You can use the System Management Interface Tool (SMIT) to run this command. To use SMIT, enter:
smit delete_vsd
and select the Remove a Hashed Shared Disk option.
Purpose
removevsd - Removes a set of virtual shared disks that are not part of any hashed shared disk.
Syntax
Flags
Operands
None.
Description
Use this command to remove the logical volumes associated with the virtual shared disks and update the backup nodes' Object Data Managers (ODMs), if any exist. The virtual shared disk information will be deleted from the System Data Repository (SDR). The removal of the virtual shared disks is done in the reverse of the order in which they were created. Volume groups are not removed with this command.
If the virtual shared disk is configured on any of the nodes on the system partition, this command is unsuccessful, unless the -f flag is specified.
You can use the System Management Interface Tool (SMIT) to run this command. To use SMIT, enter:
smit delete_vsd
and select the Remove a Virtual Shared Disk option.
Security
You must have access to the virtual shared disk subsystem via the sysctl service to run this command.
Prerequisite Information
PSSP: Managing Shared Disks
Related Information
Commands: createvsd, removehsd
Location
/usr/lpp/csd/bin/removevsd
Examples
To unconfigure and remove all defined virtual shared disks in a system or system partition, enter:
removevsd -a -f
Purpose
resource_center - Invokes the RS/6000 SP Resource Center.
Syntax
resource_center [-c] [Netscape flags ...]
Flags
Operands
None.
Description
The RS/6000 SP Resource Center provides one single interface for all softcopy SP documentation and information resources. It consists of HTML files, Java and JavaScript, and runs in Netscape Navigator. The SP Resource Center provides access to the following RS/6000 SP information:
Upon invoking the resource_center command for the first time, a dialog box will ask you for the location of the Netscape executable that is installed on your system. Enter the full pathname to the Netscape program (for example, /usr/local/bin/netscape). This path information is stored in your $HOME/.resctr file, and you will only be prompted for it once.
The resource_center command will bring up Netscape Navigator with the top level RS/6000 SP Resource Center page loaded. There are three frames on the SP Resource Center interface. The frame on the top is the Title frame. The frame on the left is the Navigation frame. The large frame on the right is the Display frame.
The Title frame lets you access the IBM Home Page on the Internet (click on the IBM logo), go back to the top of the SP Resource Center (the "Home" link), search the contents of the SP Resource Center (the "Search" link), display an index of the SP Resource Center's contents (the "Index" link), and obtain help about the use of the SP Resource Center (the "Help" link).
The Navigation frame lets you select content to view. This frame contains categories that may be expanded and collapsed to display their sub-categories. Click on a category with a right-pointing arrow to expand the category, and click on a category with a down-pointing arrow to collapse the category. When one category is expanded, all other categories are collapsed. When a category is expanded, any of the sub-categories may be selected, and the contents are displayed in the Display frame.
Some sub-categories on the Navigation frame include a small "world" icon that indicates that the link will take you to the Internet. If you do not have an Internet connection, these links will not work. When you select a link to the Internet, a new Netscape window appears. This ensures that the SP Resource Center Title and Navigation frames do not get in the way of the Internet Web page.
The Display frame is used to display all local information. When a non-Internet link is selected from the Navigation frame, the resulting information is displayed in the Display frame.
To quit the SP Resource Center, exit Netscape Navigator.
Environment Variables
The NETSCAPE environment variable is used (if set) to specify the pathname to the Netscape Navigator Web browser that will be used to display the RS/6000 SP Resource Center.
Files
Restrictions
If your machine does not have a connection to the Internet, some of the SP Resource Center's hyperlinks will not function.
Web pages on the Internet that the SP Resource Center points to may not be available due to the dynamic nature of the Web.
Prerequisite Information
Netscape Navigator version 4 or later is required to run this command. The first time each user invokes the resource_center command, the pathname to the Netscape program is stored in $HOME/.resctr.
If online publications are installed on the system, the SP Resource Center will use the local copies, otherwise it will look on the Web for the online publications.
Location
/usr/lpp/ssp/bin/resource_center
Examples
To invoke the RS/6000 SP Resource Center, enter:
resource_center
This example assumes the directory /usr/lpp/ssp/bin is in your path.
Purpose
resumevsd - Activates an available virtual shared disk.
Syntax
resumevsd [-p | -b | -l server_list] {-a | vsd_name ...}
Flags
Operands
Description
The resumevsd command brings the specified virtual shared disks from the suspended state to the active state. The virtual shared disks remains available. Read and write requests which had been held while the virtual shared disk was in the suspended state are resumed.
You can use the System Management Interface Tool (SMIT) to run this command. To use SMIT, enter:
smit vsd_mgmt
and select the Resume a Virtual Shared Disk option.
Security
You must be in the AIX bin group to run this command.
Restrictions
See PSSP: Managing Shared Disks
Prerequisite Information
PSSP: Managing Shared Disks
Location
/usr/lpp/csd/bin/resumevsd
Related Information
Commands: cfgvsd, ctlvsd, lsvsd, preparevsd, startvsd, stopvsd, suspendvsd, ucfgvsd
Examples
To bring the virtual shared disk vsd1vg1n1 from the suspended state to the active state, enter:
resumevsd vsd1vg1n1
|Purpose
|rm_spsec - Unconfigures all service principals and keyfiles |on a per node basis. | |
Syntax
|rm_spsec [-h] |[-v] [-r {SP|WS} |[-c]] -t {local|admin} |[-p] [dce_hostname]
Flags
Operands
Description
The rm_spsec command reads from two files, a default file (/usr/lpp/ssp/config/spsec_defaults) and an override file (/spdata/sys1/spsec/spsec_overrides). The two types of configuration removal are admin and local.
The local version of this command must be executed on the host which is to have its definition and use of SP Security Services removed from DCE registry, and must be run prior to running the admin version of the command.
Issuing rm_spsec -t local will delete keytab objects for the current host. Removing keytab objects also removes the keyfiles from the /spdata/sys1/keyfiles directory. The sysctl ACL files will be deleted from the /var/sysctl directory. If this command is run on the control workstation and local is used, the hardmon ACL files will be deleted from the /spdata/sys1/spmon/hmdceacls directory.
The admin version of this command requires cell administration authority and access to the DCE registry. When -t admin is specified, all SP Trusted Services principals (including their entries in any groups and organizations), accounts, rpc entries (including their directories) for the specified DCE host name are removed from the DCE registry.
The -p flag specifies a system partition name for either local or admin. For local, the command must be run on the control workstation because that is where the partition sensitive keyfiles reside).
For syntax errors within either of the input files, an error message is issued and logged and processing halts. All errors are logged to the |/var/adm/SPlogs/auth_install/log and printed to standard output.
|For remote execution, use the -r flag. This |allows an administrator to run this command from another machine on behalf of |a remote SP or standalone workstation. When -r SP is |specified, the SP_NAME environment variable must be set to the short host name |of the SDR daemon on the SP being unconfigured. When -r |WS is specified, the SP_NAME environment variable can specify the short |host name of any working SDR.
|This command requires that the host be previously configured using |the DCE database. (See the config_spsec command.) |Additionally, since this command depends on the two input files listed in the |"Files" section, the administrator must ensure that these files are copied |from the SP control workstation, as that is the location for the master copies |to the local machine. If the remote host name is a control workstation, |in order to remove all principals associated with the control workstation, the |-c flag must be used in conjunction with the -r |flag.
Notes:
Files
/spdata/sys1/spsec/spsec_overrides |
|CDS registry and Security Server database updated
Exit Values
Information pertaining to the specific workstation's service principals and account information may remain in the Security registry and the associated keyfiles may remain on the system.
Security
You must have DCE cell administrator authority for removal of admin configuration, and root authority for removal of local configuration.
Location
/usr/lpp/ssp/bin/rm_spsec
Related Information
Commands: config_spsec, create_keyfiles
DCE Administration publications for AIX
Examples
|rm_spsec -v -t local
|Then on the control workstation, log into the DCE cell with an ID that |has cell administration authority, and enter:
|rm_spsec -v -t admin mySPnode.abc.com
|rm_spsec -v -t local -p mySPlp
|export SP_NAME=mySPcws |rm_spsec -v -t admin -c -r SP mySPnode.abc.com |rm_spsec -v -t admin -c -r SP mySPcws.abc.com
Purpose
rmkp - Removes Kerberos Version 4 principals.
Syntax
rmkp -h
rmkp [-n] [-v] {name[.instance]|name.|.instance} ...
Flags
Operands
Description
Use this command to remove principals from the local Kerberos Version 4 database. You will be prompted to confirm each deletion prior to its execution. This command will not remove any of the four principals that were predefined by Kerberos Version 4 when the database was created. Deleted entries are saved in the /var/kerberos/database/rmkp.save.<PID> file, in the readable ASCII format produced by the kdb_util dump command. The rmkp command should normally be used only on the primary server. If there are secondary authentication servers, the push-kprop command is invoked to propagate the change to the other servers. The command can be used to update a secondary server's database, but the changes may be negated by a subsequent update from the primary.
Files
Standard Output
When the -v option is omitted, only the prompt for confirmation is written to standard output. When the -v flag is specified, the disposition of each selected principal is indicated by a message, and the name of the file containing the removed entries is printed. The -v flag has no effect on error messages written to standard error.
Exit Values
Security
You must have root privilege and be logged on to a Kerberos Version 4 server host. It can be invoked indirectly as a Sysctl procedure by a Kerberos database administrator who has a valid ticket and is listed in the admin_acl.add file.
Restrictions
When you execute the rmkp command through the Sysctl procedure of the same name, the -n flag is added to your command invocation. This is required because Sysctl does not provide an interactive environment that supports prompting for confirmation. Suppressing confirmation increases the risk of unintentionally removing the wrong principal. In this mode, each principal to be removed must be named explicitly; selection of multiple principals by name or instance alone is not allowed. Since nonroot Kerberos administrators can execute this command only through Sysctl, you must be root on the server to use the special notation for selecting multiple principals.
Location
/usr/kerberos/etc/rmkp
Related Information
Commands: chkp, kadmin , kdb_util, lskp, mkkp , sysctl
Examples
rmkp tempuser
You should receive a prompt similar to the following:
Confirm removal of principal tempuser? (y or n): y
rmkp -v joe. frank rcmd.node25tr
You should receive prompts similar to the following:
Confirm removal of principal joe? (y or n): n joe was not removed Confirm removal of principal joe.admin? (y or n): y joe.admin was removed Confirm removal of principal frank? (y or n): y frank was removed Confirm removal of principal rcmd.node25tr? (y or n): y rcmd.node25tr was removed Removed entries were saved in /var/kerberos/database/rmkp.save.7942
Purpose
rvsdrestrict - Displays and sets which level of the IBM Recoverable Virtual Shared Disk software is to run when you have a system partition with mixed levels of the PSSP or IBM Recoverable Virtual Shared Disk software.
Syntax
|
Flags
Operands
None.
Description
The rvsdrestrict command is used to restrict the level that the IBM Recoverable Virtual Shared Disk software will run at. This command must be used when in a system partition with mixed levels of PSSP and or mixed levels of the IBM Recoverable Virtual Shared Disk software. If a node has a lower level of the IBM Recoverable Virtual Shared Disk software installed than what is set with this command, then the rvsd subsystem will not start on that node.
This command does not dynamically change rvsd subsystem run levels across the SP. An rvsd subsystem instance will only react to this information after being restarted. Thus, if your cluster runs at a given level, and you want to override this level you must stop rvsd subsystem on all nodes, override the level, and restart.
Standard Output
Current rvsd subsystem run level as recorded in the SDR.
Security
You must be in the AIX bin group and have write access to the SDR to run this command.
Location
/usr/lpp/csd/bin/rvsdrestrict
Examples
|rvsdrestrict -s RVSD2.1
|This will force all the rvsd subsystems to run at the functionality level |of RVSD2.1.
|rvsdrestrict -s RVSD3.1