clauth - authorize secure access by a specified machine during establishment of an Oracle Solaris Cluster node
/usr/cluster/bin/clauth -V
/usr/cluster/bin/clauth [subcommand] -?
/usr/cluster/bin/clauth disable
/usr/cluster/bin/clauth enable -n control-node [–p {des | sys}]
/usr/cluster/bin/clauth show
The clauth command controls the network access policies for machines that are to be configured as nodes of a new-cluster. The clauth command has no short form.
During initial configuration of a new cluster, cluster configuration commands are issued by one system, called the control node. The control node issues the command to establish the new cluster and configures other specified systems as nodes of that cluster.
The control node requires secure access to all potential cluster nodes. To authorize acceptance of commands that are issued by the control node, the administrator must first run the clauth command on each node to be added to the cluster. The administrator can also specify which secure RPC authentication protocol to use, sys (or unix) or Diffie-Hellman (des). The default protocol used is sys. The clauth command does not need to be run on the control node.
If the control node issues cluster configuration commands to a non-cluster system that has not authorized that control node, the configuration attempt fails.
You do not need to use the clauth command when adding a new node to an established cluster.
You can use this command only in the global zone.
The general form of the clauth command is as follows:
clauth [subcommand] [options]
You can omit subcommand only if options specifies the –? option or the –V option.
Each option of this command has a long form and a short form. Both forms of each option are provided with the description of the option in the “OPTIONS” section of this man page.
The following subcommands are supported:
Disables access by the previously specified control node.
Users other than superuser require solaris.cluster.modify RBAC authorization to use this subcommand. See rbac (5) .
Enables access by the specified control node to the issuing machine. Only one control node can be authorized.
If the system is already configured in the cluster of the control node, the clauth enable operation fails.
To change the authorized control node, issue the enable subcommand and specify the new control node. The previously authorized control node is replaced by the new control node.
Users other than superuser require solaris.cluster.modify role-based access control (RBAC) authorization to use this subcommand. See rbac (5) .
Displays the name of the machine that has permission to access the issuing machine. Also displays the authentication protocol.
Users other than superuser require solaris.cluster.read RBAC authorization to use this subcommand. See rbac (5) .
The following options are supported:
Displays help information. When you use this option, no other processing is performed.
You can specify this option without a subcommand or with a subcommand. If you specify this option without a subcommand, the list of subcommands of this command is displayed.
Specifies the name of the node that is being granted access to the issuing system. This option is valid only with the enable subcommand and is always required.
Specifies the authentication protocol that is used to check whether a machine has access to the cluster configuration.
This option is valid only with the enable subcommand.
Supported protocols are des and sys (or unix). The default authentication type is sys, which provides the least amount of secure authentication. For more information about these authentication types, see Chapter 10, Configuring Network Services Authentication, in Managing Kerberos and Other Authentication Services in Oracle Solaris 11.3 .
Displays the version of the command.
Do not specify this option with subcommands, operands, or other options. The subcommands, operands, or other options are ignored. The –V option displays only the version of the command. No other processing is performed.
The following exit values are returned:
Successful completion.
An error occurred.
The following clauth command allows the control node phys-control to communicate with the potential cluster node phys-schost-1 using Diffie-Hellman (des) authentication.
phys-schost-1# clauth enable -n phys-control -p desExample 2 Revoke All Control Node Communication
The following clauth command removes authorization for communication with the previously authorized control node.
phys-schost-1# clauth disableExample 3 Show Authorized Control Nodes
The following clauth command displays each machine that is authorized as a control node for phys-schost-1 and what authentication protocol it uses.
phys-schost-1# clauth show ===== Cluster Installation Service ===== svc:/network/rpc/scrinstd:default online Control node phys-control Authentication protocol sysExample 4 Change the Authorized Control Node
The following clauth command authorizes the new control node phys-new-control, replacing the previously specified control node phys-control.
phys-schost-1# clauth show ===== Cluster Installation Service ===== svc:/network/rpc/scrinstd:default online Control node phys-control Authentication protocol sys phys-schost-1# clauth enable -n phys-new-control phys-schost-1# clauth show … Control node phys-new-control …
See attributes (5) for descriptions of the following attributes:
|