chauthservice

The chauthservice command can be used to configure the remote authentication service of the cluster.

Syntax

Read syntax diagramSkip visual syntax diagram
>>- svctask -- -- chauthservice -- --+---------------------+---->
                                     '- -enable --+- yes-+-'   
                                                  '- no--'     

>-- --+---------------+-- --+--------------------------+-- ----->
      '- -url -- url -'     '- -username -- user_name -'      

>--+-----------------------------+-- --------------------------->
   '- -password --+------------+-'      
                  '- password -'        

>--+-------------------------+-- --+------------+--------------><
   '- -sslcert -- file_name -'     '- -refresh -'   

Parameters

-enable yes | no
(Optional) Enables or disables the SAN Volume Controller system's use of the remote authentication server. When the enable parameter is set to no, remote authentications are failed by the system, but local authentications continue to operate normally.
-url url
(Optional) Specifies the Web address of the remote authentication service. This must be a valid IPv4 or IPv6 network address. You can use the following characters: a - z, A - Z, 0 - 9, _, ~, :, [, ], %, or /. The maximum length of the Web address is 100 characters.
-username user_name
(Optional) Specifies the HTTP basic authentication user name. The user name cannot start or end with a blank. The user name can consist of a string of 1 - 64 ASCII characters with the exception of the following characters: %:",*' .
-password password
(Optional) Specifies the HTTP basic authentication user password. The password cannot start or end with a blank. It must consist of a string of 6 - 64 printable ASCII characters. The password variable is optional. If you do not provide a password, the system prompts you and does not display the password that you type.
-sslcert file_name
(Optional) Specifies the name of the file that contains the SSL certificate, in privacy enhanced mail (PEM) format, for the remote authentication server.
-refresh
(Optional) Causes the SAN Volume Controller to invalidate any remote user authorizations that are cached on the cluster. Use this when you modify user groups on the authentication service and want the change to immediately take effect on the SAN Volume Controller.

Description

This command sets the attributes of the remote authentication service on the cluster. It is not necessary to disable the remote authentication service to change its attributes. To disable the remote authentication service in a controlled manner when it is not available, use the enable parameter with the no option.

When the authentication service is enabled or the configuration is changed, the cluster does not test whether the remote authentication system is operating correctly. To establish whether the system is operating correctly, issue the command svcinfo lscurrentuser for a remotely authenticated user. If the output lists the user's roles obtained from the remote authentication server, remote authentication is operating successfully. If the output is an error message, remote authentication is not working correctly, and the error message describes the problem.

If you are using the url parameter, the Web address can have either of the following formats:
  • http://network_address:http remote authentication service port number/path_to_service
  • https://network_address:https remote authentication service port number/path_to_service

The network address must be an IPv4 or IPv6 address. Do not use the corresponding host name.

For example, if the system network IPv4 address is 9.71.45.108, you could enter either of the following corresponding addresses: 
http://9.71.45.108:16310/TokenService/services/Trust
https://9.71.45.108:16311/TokenService/services/Trust

An invocation example

To fully configure and enable the authentication service:

svctask chauthservice -url https://9.71.45.108:16311/TokenService/services/Trust
 -sslcert /tmp/sslCACert.pem -username admin -password password -enable yes

The resulting output 

No feedback

An invocation example

To disable remote authentication:

svctask chauthservice -enable no

The resulting output 

No feedback

An invocation example

To switch to an HTTPS connection to the authentication service:

svctask chauthservice -url https://9.71.45.108:16311/TokenService/services/Trust
 -sslcert /tmp/ssl_cert.pem

The resulting output 

No feedback

An invocation example

To refresh the SAN Volume Controller remote authorization cache:

svctask chauthservice -refresh

The resulting output 

No feedback
Parent topic: User management commands
Library | Support | Terms of use | Feedback
© Copyright IBM Corporation 2003, 2009. All Rights Reserved.