A SERVICE OF

logo

Open as PDF
next previous
hpss_ldap_import to convert DCE authorization information into LDAP.
Kerberos authentication and Unix authorization. In this case, the site determines on its own
how to convert DCE authentication information into Kerberos. The site will then use
hpss_unix_import to convert DCE authorization information into Unix. Depending on
environment variables, the hpss_unix_import program may import authentication information
(i.e. Create a password for the Unix user) into Unix. The site could manually reset or remove
the password from the converted Unix accounts if this is an issue after running the
hpss_unix_import program.
6.2.3.1. Authentication Mechanisms
A site may select between Unix or Kerberos authentication. Some pros and cons of each are listed
below.
Unix:
Cross cell authentication is not supported.
Can choose to use either system password or HPSS password file.
Can degrade performance as the number of HPSS users increases due to sequential seeking
through password file.
Encryption is performed using Unix encrypt function.
HPSS servers/processes utilize Unix keytab file.
Can use LDAP or Unix as authorization mechanism.
The hpss_dce_export and hpss_unix_import utilities are provided to convert DCE
authentication information.
Kerberos:
Cross cell authentication information is not converted; thus, not covered in this document.
Using an institutional Kerberos server can complicate conversion if UID conflicts exists
between current DCE principals or groups and existing Kerberos principals or groups.
Uses underlying Kerberos encryption algorithms.
HPSS servers/processes utilize Kerberos keytab file.
Requires LDAP as authorization mechanism; Unix authorization not supported.
No utilities are provided to convert DCE information to Kerberos. Site are required to perform
the conversion from DCE on their own.
6.2.3.2. Authorization Mechanisms
A site may select between Unix or LDAP authorization. Some pros and cons of each are listed
below.
Unix:
Can degrade performance as the number of HPSS users increases due to sequential seeking
through password file.
Easier to setup and manage than LDAP.
HPSS Installation Guide July 2008
Release 6.2 (Revision 2.0) 183