You must make the authentication system operational and set user authorizations and verify that authentication and authorizations are operational before you can use the shared disk components that you just installed.
PSSP, the Sysctl subsystem in particular, must be configured and operational. Sysctl is an authentication system for running commands remotely and in parallel. It provides:
Root authority can be dynamically provided to non-root users based on their authenticated identity, the task they are trying to perform, access control lists, and any other relevant criteria. The root password need not be given out to as many people so it is kept secure.
Sysctl applications can be executed on remote hosts with full authentication and authorization.
Sysctl applications can be efficiently executed in parallel on many hosts.
In order to run commands for managing shared disks in particular, the /etc/sysctl.conf file must have the following statement in it:
include /usr/lpp/csd/sysctl_vsd.cmds
See PSSP: Installation and Migration Guide for installation information and PSSP: Administration Guide for information about Sysctl.
Authorization for many of the IBM Virtual Shared Disk commands are provided through Sysctl, an SP Trusted Service. PSSP, and the Sysctl service in particular, must be configured and operating. The method of granting access through Sysctl depends on the type of authentication used for SP Trusted Services. The current authentication methods supported are Kerberos Version 4 and DCE.
In order to grant access to a user, the administrator must edit the /etc/sysctl.acl and /etc/sysctl.vsd.acl files, adding the user's Kerberos Version 4 principal name. Then, the administrator must run sysctl svcrestart to complete the database update for the new entries. The administrator has to perform these authorization steps on the control workstation and on all the nodes that will be virtual shared disk clients or servers. In order to use Virtual Shared Disk after authorization has been set up, the user must log in to the Kerberos Version 4 authentication system using the kinit command. For more information on Kerberos Version 4, including how to create a principal and how to log in, see the book PSSP: Administration Guide.
In order to grant access to a user, the administrator must add a user's DCE principal name to the following DCE groups:
In order to use virtual shared disks after authorization has been set up, the user must log in to the DCE authentication system using the dce_login command. For more information on DCE, including how to create a principal and how to log in, see PSSP: Administration Guide.