Very Computer

by **Prem** » Tue, 19 Jan 1999 04:00:00

Hi Everyone,
Presently, I'm trying to configure the sysctl to allow operator to
perform tasks such as "Efence" and "Eunfence". However, when I have
added the operator's Kerberos id the ACL file (/etc/sysctl.acl -->

Eunfence 33", the error message appears as follow:
All nodes successfully fenced.
/usr/lpp/ssp/rcmd/bin/rsh: 0041-003 No tickets file found. You
need to run "kinit".
trying normal rsh (/usr/bin/rsh)
EXITSTATUS=1

However, when I tried to login as "root.admin", and then subsequently
re-login as operator's Kerberos id, only then the above command (sysctl
Efence 33) works without any errors.

Do anyone know why is this so?

For information, the ssp versions are listed as follow:

ssp.authent 2.2.0.2 A SP Authentication Server
ssp.basic 2.2.0.9 A SP System Support Package
ssp.clients 2.2.0.8 A SP Authenticated Client
Commands
ssp.css 2.2.0.9 A SP Communication Subsystem

ssp.sysctl 2.2.0.1 A SP Sysctl Package

Thanks in advance.

by **MayrHarr** » Thu, 21 Jan 1999 04:00:00

It looks like the ticket-granting-ticket for the
operator does not exist.
Not sure why. Perhaps it is like the supper
update delay.
You have gotten farther than I have with
the operator commands. My operator ID
can not do ANY sysctl commands.
IBM has not been too helpful in this area.
Maybe I should call MIT.

by **Jon Asha** » Fri, 22 Jan 1999 04:00:00

You'll find that you'll ALSO need to add the Kerberos
principal to the /etc/sysctl.rootcmds.acl (or thereabouts) file.
This gives the pricipal cshutdown, cstartup, switch commands only.

There's a perl script referenced in the ACL file that acts as
a wrapper for sysctl - just for the purpose you suggest.

As for the Kerberos problem you mention, sound like you need to
make sure you're logged on as a (any) non-root user, then run
kinit for the non-root principal (not root.admin). Make sure
your PATH statement has the needed commands.

I've used sysctl in scripts for operator reboots, etc., very handy item.

Note:
(by the look of your PSSP code, you need PTF's and make sure to
commit the ones you have in applies state first.)

Regards, Jon

>Hi Everyone,
>Presently, I'm trying to configure the sysctl to allow operator to
>perform tasks such as "Efence" and "Eunfence". However, when I have
>added the operator's Kerberos id the ACL file (/etc/sysctl.acl -->

>Eunfence 33", the error message appears as follow:
> All nodes successfully fenced.
> /usr/lpp/ssp/rcmd/bin/rsh: 0041-003 No tickets file found. You
>need to run "kinit".
> trying normal rsh (/usr/bin/rsh)
> EXITSTATUS=1

> However, when I tried to login as "root.admin", and then subsequently
>re-login as operator's Kerberos id, only then the above command (sysctl
>Efence 33) works without any errors.

> Do anyone know why is this so?

> For information, the ssp versions are listed as follow:

> ssp.authent 2.2.0.2 A SP Authentication Server
> ssp.basic 2.2.0.9 A SP System Support Package
> ssp.clients 2.2.0.8 A SP Authenticated Client
>Commands
> ssp.css 2.2.0.9 A SP Communication Subsystem

> ssp.sysctl 2.2.0.1 A SP Sysctl Package

> Thanks in advance.

-----------------------------------------------------------------
Jon Ashare | Remove NOSPAM from address for e-mail

-----------------------------------------------------------------

Very Computer

SP2 Sysctl command

SP2 Sysctl command

SP2 Sysctl command

SP2 Sysctl command