This chapter explains the tasks necessary to add an authentication configuration to an existing SP system. Changing security configurations on an existing system is not very complex from an administrative perspective. One major restriction is that you cannot move an existing system partition between security states without a common security configuration. You must first add and establish the new security configuration to the nodes before you can remove the security configuration that you no longer want from the system partition. The commands that follow are explained more fully in Chapter 2, Installing and configuring a new RS/6000 SP system, however, not all of the steps shown in that chapter are needed when adding an authentication configuration.
For example, you may want to implement DCE in a system that had been migrated to |PSSP 3.4 from PSSP 3.2. This system would have been installed and migrated using Kerberos V4 security. The initial settings, as shown by the splstdata -p command, may look similar to the following:
auth_install k4 auth_root_rcmd k4 ts_auth_methods compat auth_methods k4:std
As the first step in going to a DCE-only system, you will initialize DCE in the system partition by running the security setup steps on the control workstation. During this process, the security settings would be changed to:
auth_install dce:k4 auth_root_rcmd dce:k4 ts_auth_methods dce:compat auth_methods k5:k4:std
After the nodes have completed the transition to dce:k4, Kerberos k4 can be deleted from the system partition. You would again run the security setup steps to remove k4 and compat from the attributes. The final security settings may look similar to the following:
auth_install dce auth_root_rcmd dce ts_auth_methods dce auth_methods k5
The following steps refer to a system partition. In some cases, they will need to be repeated for each system partition on the system.
As with many of the PSSP commands, you must have the appropriate authority or credentials to use these commands. See Step 24: Obtain credentials.