HPE Community
Operating System - HP-UX
1829904 Members
2424 Online
109993 Solutions
New Discussion

is .rhosts needed

 
SOLVED
Go to solution
Simon Jespersen
Frequent Advisor

‎10-23-2006 10:05 PM

‎10-23-2006 10:05 PM

is .rhosts needed

Hi!
Im wondering if the .rhost file is needed for the cmcluster to run properly or can this file be removed from the cluster node.

0 Kudos
10 REPLIES 10
Steven E. Protter
Exalted Contributor

‎10-23-2006 10:11 PM

‎10-23-2006 10:11 PM

Solution

Re: is .rhosts needed

Shalom,

You probably need it.

With SG 11.16 HP implemented an alternative methodology based on a file called cmnodelist

You will need to check your SG version and configuration to see which is in use.

If you remove the .rhosts file prior to doing this homework it is possible you will disable your cluster and crash one or more of the nodes.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Peter Godron
Honored Contributor

‎10-23-2006 10:12 PM

‎10-23-2006 10:12 PM

Re: is .rhosts needed

Simon,
please see:
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=1005972
and
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=628505
amongst others.
0 Kudos
melvyn burnard
Honored Contributor

‎10-23-2006 10:26 PM

‎10-23-2006 10:26 PM

Re: is .rhosts needed

you do NOT need .rhosts if using /etc/cmcluster/cmclnodelist prior to Serviceguard A.11.16, or if using /etc/cmcluster/cmclnodelist to create an initial cluster with Serviceguard A.11.16 or above.
A configured cluster using Serviceguard A.11.16 or above does NOT use .rhosts or /etc/cmcluster/cmclnodelist

I recommend people do NOT leave a .rhosts in the root user home directory.
See http://docs.hp.com/en/6283/SGsecurityfiles.pdf
and
http://docs.hp.com/en/5874/securingserviceguard_nov2005.pdf
for more information
My house is the bank's, my money the wife's, But my opinions belong to me, not HP!
0 Kudos
Simon Jespersen
Frequent Advisor

‎10-23-2006 10:27 PM

‎10-23-2006 10:27 PM

Re: is .rhosts needed

hi i can se the /etc/cmcluster/cmclnodelist
on both the nodes
but i cant see which version it is running, a quick look at the man pages for cmviewcl does not provide me with the info how to see the SG version.

where can i see that.
0 Kudos
rariasn
Honored Contributor

‎10-23-2006 10:31 PM

‎10-23-2006 10:31 PM

Re: is .rhosts needed

# /usr/sbin/cmversion

rgs,
0 Kudos
Peter Godron
Honored Contributor

‎10-23-2006 10:32 PM

‎10-23-2006 10:32 PM

Re: is .rhosts needed

Simon
"what /usr/lbin/cmcld" should show you version of SG and patches.
0 Kudos
Simon Jespersen
Frequent Advisor

‎10-23-2006 10:45 PM

‎10-23-2006 10:45 PM

Re: is .rhosts needed

thank you very much, my version is

root@bonn:./cmcluster # what /usr/lbin/cmcld
/usr/lbin/cmcld:
HP92453-02A.11.00 HP-UX SYMBOLIC DEBUGGER (END.O ILP32) $Revision: 75.02 $
Build date: Mon Mar 15 10:53:41 PST 2004
Build id: ibld_sg_a1116_tot
Build platform: hpux
Cluster Monitor Product $Revision: 82.2 $
Cluster Monitor Product Only $Revision: 82.2 $
Daemon
A.11.16.00 Date: 03/15/04
root@bonn:./cmcluster #


So SG 11.16 and the cmclnodelist exist on my to cluster members. This tell me at regarding to the cluster i can remove the .rhosts file.
0 Kudos
rariasn
Honored Contributor

‎10-23-2006 11:02 PM

‎10-23-2006 11:02 PM

Re: is .rhosts needed

Hi Simon,

Not is necesary .rhosts files

http://www.docs.hp.com/en/B3935-90078/B3935-90078.pdf

View "control access policies"

Access Control Policies
Non-root access to Serviceguard is now defined in the cluster and
package configuration files, in a parameter called Access Control Policy.

rgs

0 Kudos
melvyn burnard
Honored Contributor

‎10-23-2006 11:22 PM

‎10-23-2006 11:22 PM

Re: is .rhosts needed

Yes you are running SG A.11.16, albeit unpatched

You can remove the .rhosts files, and even the cmclnodelist if you wish. You would need the cmclnodleist files only if you deleted your cluster and recreated it.
I recommend you look at getting the latest SG. A.11.16 patch and installing it on these nodes
My house is the bank's, my money the wife's, But my opinions belong to me, not HP!
0 Kudos
Simon Jespersen
Frequent Advisor

‎10-23-2006 11:25 PM

‎10-23-2006 11:25 PM

Re: is .rhosts needed

Thank you all for your very useful and quick responces. It solved the issue regarding the .rhost which were posing a security risk.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.