HPE Community
Operating System - HP-UX
1848011 Members
8827 Online
104022 Solutions
New Discussion

Singlre Sign on Username and password

 
SOLVED
Go to solution
Brian Duthie
Occasional Contributor

‎06-04-2007 07:54 PM

‎06-04-2007 07:54 PM

Singlre Sign on Username and password

I have a customer who has 3 HP rp8400 HP-UX 11i machines. Each run +- 30 Oracle databases.

The Application is a Terminal based app requiring System Usernames and passwords.(Local on each machine at this time)

They wish to cluster these machines. How do they syncronise usernames and passwords between the 3 machines? To ensue the user can login after the DB is failed over.

Regards
Brian
0 Kudos
5 REPLIES 5
S Plunkett
Occasional Advisor

‎06-04-2007 08:37 PM

‎06-04-2007 08:37 PM

Re: Singlre Sign on Username and password

Have you looked at Kerberos(5) ?

Regards,
Sarah Plunkett
0 Kudos
Steven E. Protter
Exalted Contributor

‎06-04-2007 09:14 PM

‎06-04-2007 09:14 PM

Solution

Re: Singlre Sign on Username and password

Shalom,

You could install the Red Hat or Netscape LDAP server for HP-UX http://software.hp.com and have centralized authentication based on your Unix host.

If you have a windows domain, you can install samba CIFS/9000 from the above site and integrate the systems into an ADS domain and let Windows do it (arrrhg).

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Robert Fritz
Regular Advisor

‎06-06-2007 05:58 AM

‎06-06-2007 05:58 AM

Re: Singlre Sign on Username and password

Also, you may want to consider SelectAccess, though that may be for a scale beyond what you want here.

http://www.openview.hp.com/products/select/index.html

-R
Those Who Would Sacrifice Liberty for Security Deserve Neither." - Benjamin Franklin
0 Kudos
John Kittel
Trusted Contributor

‎06-06-2007 06:26 AM

‎06-06-2007 06:26 AM

Re: Singlre Sign on Username and password

As already suggested, LDAP (ADS) may be "best"...

But if you don't want to or can't do that for some reason, - possibly easier to accomplish(?) is the way I have done it. Initially make sure the regular ux accounts uids and gids (and group info) are the same on all systems. If they aren't already, then you'll have to make them so (usermod, or remove and recreate accounts if necessary, which can be quite a hassle if they are way out of sync). Then make sure whenever you make a change on one system you make the same changes on the other systems ( add, modify accts, etc.). Keeping in sync is manual process, but I have a nightly cron job that checks and reminds me if I forget anything. Then the last piece is the passwords, - I have a twice daily cron job that copies the user's tcb files (not system accounts) from the node that has the application package active, to the other node. We have a simple two node active-active cluster, and I have had no problems over the past 3 years doing it this way.

(probably) other responders will comment further on the deficiencies of this method...
0 Kudos
Brian Duthie
Occasional Contributor

‎06-06-2007 06:37 PM

‎06-06-2007 06:37 PM

Re: Singlre Sign on Username and password

Good Day All

Thank you for the tips and comments .

We are going to install LDAP and see how that goes.

Thanks again
Brian
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.