ctcas_hba2.map File
Purpose
Defines the operating system identity that the RSCT enhanced host-based authentication (HBA2) security mechanism uses for service provider applications on a node.
Description
Applications that use the cluster security services library must obtain an identity from the security mechanisms supported by the library. These identities are specific to the individual security mechanisms supported by cluster security services. Because cluster security services support multiple security mechanisms and multiple applications, the cluster security services library must be informed of which identity to use for an application when interacting with a specific security mechanism on its behalf.
The ctcas_hba2.map file defines the identities that the core cluster applications use when they interact with RSCT HBA2. The cluster security services library expects to find this file in /var/ct/cfg/ctcas_hba2.map (preferred) or /opt/rsct/cfg/ctcas_hba2.map (default).
This file is ASCII-text formatted, and can be modified with a standard text editor. However, this file must not be modified unless the administrator is instructed to do so by the cluster software service provider. If this configuration file is to be modified, the default /opt/rsct/cfg/ctcas_hba2.map file must not be modified directly. Instead, the file must be copied to /var/ct/cfg/ctcas_hba2.map, and modifications must be made to this copy. The default configuration file must never be modified.
SERVICE:service_name:user_name_running_the_service| Attribute | Definition |
|---|---|
| SERVICE | Required keyword |
| service_name | Specifies the name commonly used to refer to the application. For example, it can be the name used by the system resource controller to refer to this application. |
| user_name_running_the_service | Specifies the operating system user identity used to run the application process. It is the owner identity that would be seen for the application process in the ps command output. |
Files
- /var/ct/cfg/ctcas_hba2.map
Restrictions
This file must not be modified unless the administrator is instructed to do so by the cluster software service provider. Incorrect modification of this file results in authentication failures for the applications listed in this file and possibly their client applications. If this configuration file is to be modified, the default /opt/rsct/cfg/ctcas_hba2.map file must not be modified directly. Instead, the file must be copied to /var/ct/cfg/ctcas_hba2.map, and modifications must be made to this copy. The default configuration file must never be modified.
Implementation specifics
This file is part of the Reliable Scalable Cluster Technology (RSCT) cluster security services. It is shipped as part of the rsct.core.sec fileset for AIX®.
Location
- /opt/rsct/cfg/ctcas_hba2.map
Examples
SERVICE:ctrmc:root
SERVICE:rmc:root
SERVICE:ctloadl:loadl
SERVICE:ctdpcl:root
SERVICE:ctpmd:root