IBM Platform Symphony 6.1.1 Fix Patch #227299 Readme File

Description

This fix patch applies only to the following platform:

·         Linux 64-bit

This patch only includes bug fixes for Symphony security plug-in sec_ego_kerberos.so.

 

Readme file for: IBM® Platform Symphony

Product/Component Release: 6.1.1

Update Name: Fix pack

Fix ID: sym-6.1.1-build227299

Publication date: 27th November 2013

Last modified date: 27th November 2013

 

Contents:

1.      Download location

2.      Products or components affected

3.      System requirements

4.      Installation and configuration

5.    Usage

6.      List of fixes

7.      List of files

8.      Copyright and trademark information

1.   Download location

Search Fix ID in http://www.ibm.com/eserver/support/fixes/

2.   Products or components affected

Product/Component Name, Platform, Fix ID:

Platform Symphony/sec_ego_kerberos.so, Linux 64-bit, sym-6.1.1-build227299

3.   System requirements

None

4.   Installation and configuration

4.1          Before installation

1.     Stop the cluster:

Log on to the master host as the cluster administrator and run:

> source $EGO_TOP/cshrc.platform

> soamcontrol app disable all

> egosh service stop all

> sudo egosh ego shutdown

2.    Back up the following files on all management hosts if you want to be able to roll back the change:

$EGO_TOP/1.2.8/linux2.6-glibc2.3-x86_64/lib/sec_ego_kerberos.so

 

If you also want to resolve kerberos authentication failed problem on compute hosts, please do it as above.

 

4.2      Installation steps

1.    Copy the binaries to the following directory on all management hosts:

$EGO_TOP/1.2.8/linux2.6-glibc2.3-x86_64/lib/sec_ego_kerberos.so

 

If you also want to resolve kerberos authentication failed problem on compute hosts, please do it as above.

 

4.3          After installation

1.    Start the upgraded cluster

Log on to the master host as the cluster administrator and run:

> source $EGO_TOP/cshrc.platform

> sudo egosh ego start

> soamcontrol app enable app_name

 

4.4          Uninstalling

1.        Stop the cluster

Log on to the master host as the cluster administrator and run:

> source $EGO_TOP/cshrc.platform

> soamcontrol app disable all

> egosh service stop all

> sudo egosh ego shutdown

2.        Restore the following files on all management hosts with the backed-up files:

$EGO_TOP/1.2.8/linux2.6-glibc2.3-x86_64/lib/sec_ego_kerberos.so

 

If you also want to restore it from kerberos authentication failed problem on compute hosts, please do it as above.

3.        Start the cluster 

Log on to the master host as the cluster administrator and run:

> source $EGO_TOP/cshrc.platform

> sudo egosh ego start

> soamcontrol app enable app_name

 

5.   Usage

There are two ways to generate valid Kerberos TGT for later authentication,

1) Run Kerberos toolkit “kinit” before running “egosh user logon”.

2) Run “egosh user logon” and supply Kerberos principal name and Kerberos password.

Once valid Kerberos TGT is generated, user can pass authentication automatically, any new typed user name and password will be ignored for “egosh user logon” until the Kerberos TGT removed or expired.

Please note that Symphony does provide renewal for HDFS tokens, so user do not need to restart any Symphony daemons on compute nodes, but client still has expiration and has to renew Kerberos TGT by kinit or logon again if Kerberos TGT expired.

 

6.   List of fixes

 

SUP_BY_SYM#225055: Kerberos authentication does not recognize KRB5CCNAME with FILE: prefix

SUP_BY_SYM#227069: Vemkd crashes repeatedly after Kerberos ticket expired

 

7.   List of files

 

sec_ego_kerberos.so

 

7.       Copyright and trademark information

© Copyright IBM Corporation 2013

U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.

IBM®, the IBM logo and ibm.com® are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.