IBM Platform Symphony
Description
This fix patch applies only to the following platform:
· Linux 64-bit
This patch only includes bug fixes for Symphony security plug-in sec_ego_kerberos.so.
Readme file for: IBM® Platform Symphony
Product/Component Release:
Update Name: Fix pack
Fix ID: sym-
Publication date: 27th November 2013
Last modified date: 27th November 2013
Contents:
1. Download location
2. Products or components affected
3. System requirements
4. Installation and
configuration
5.
Usage
6. List of
fixes
7. List of files
8. Copyright and trademark information
1. Download location
Search Fix ID in http://www.ibm.com/eserver/support/fixes/
2. Products or components affected
Product/Component Name, Platform, Fix ID:
Platform Symphony/sec_ego_kerberos.so,
Linux 64-bit, sym-
3. System requirements
None
4. Installation and configuration
4.1
Before
installation
1. Stop the cluster:
Log on to the master
host as the cluster administrator and run:
> source
$EGO_TOP/cshrc.platform
> soamcontrol
app disable all
> egosh
service stop all
> sudo
egosh ego shutdown
2.
Back up the following files on all management hosts if you want to be
able to roll back the change:
$EGO_TOP/
If you also want to
resolve kerberos authentication
failed problem on compute hosts, please do it as above.
4.2 Installation steps
1. Copy the binaries
to the following directory on all
management hosts:
$EGO_TOP/
If you also want to
resolve kerberos authentication
failed problem on compute hosts, please do it as above.
4.3 After installation
1. Start the upgraded cluster
Log on to the master host as the cluster
administrator and run:
> source $EGO_TOP/cshrc.platform
> sudo
egosh ego start
> soamcontrol
app enable app_name
4.4 Uninstalling
1. Stop the cluster
Log on to the master host as the cluster administrator and run:
> source
$EGO_TOP/cshrc.platform
> soamcontrol
app disable all
> egosh
service stop all
> sudo
egosh ego shutdown
2.
Restore the
following files on all management hosts with the backed-up files:
$EGO_TOP/
If you also want to
restore it from kerberos
authentication failed problem on compute hosts, please do it as above.
3.
Start the
cluster
Log on to the master host as the cluster administrator and
run:
>
source $EGO_TOP/cshrc.platform
> sudo
egosh ego start
> soamcontrol
app enable app_name
5. Usage
There are two ways
to generate valid Kerberos TGT for later authentication,
1) Run Kerberos
toolkit “kinit” before running “egosh
user logon”.
2) Run “egosh user logon” and supply Kerberos principal name and Kerberos
password.
Once valid Kerberos
TGT is generated, user can pass authentication automatically, any new typed
user name and password will be ignored for “egosh
user logon” until the Kerberos TGT removed or expired.
Please note that
Symphony does provide renewal for HDFS tokens, so user do not need to restart
any Symphony daemons on compute nodes, but client still has expiration and has
to renew Kerberos TGT by kinit or logon again if
Kerberos TGT expired.
6. List of fixes
SUP_BY_SYM#225055: Kerberos
authentication does not recognize KRB5CCNAME with FILE: prefix
SUP_BY_SYM#227069: Vemkd crashes repeatedly after Kerberos ticket expired
7. List of files
sec_ego_kerberos.so
7. Copyright and trademark information
© Copyright IBM Corporation 2013
IBM®, the IBM logo and ibm.com® are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.