Kerberos Authentication and the Recovery Appliance
The Recovery Appliance OS user can be vetted with Kerberos authentication.
-
Follow your data center processes for configuring a Recovery Appliance node to authenticate an OS user with Kerberos.
The Kerberos user must belong to the following groups:
raadmin
dbmusers
oinstall
-
Confirm your Kerberos-authenticated user is accessible on all of the Recovery Appliance compute server nodes in the cluster.
getent passwd <USER_NAME>
This confirms the client configuration is correct for the name services and that the users are present.
-
From the Recovery Appliance, issue the command to add that Kerberos user as an
admin_user
.racli add admin_user --user_name=USER_NAME [--user_uid=USER_ID --user_gid=GROUP_ID]
-
--user_name
-
System user name to add to RACLI admin group.
-
--user_uid
-
Set the user identifier for the newly created admin user. Value must be >= 1003.
During the installation of RA 19.x or later, you can define the
raadmin
uid
withra_preinstall.pl
. -
--user_gid
-
Set the initial login group identifier for the newly created admin user. A group number must refer to an already existing group. Value must be >= 1003.
During the installation of RA 21.1 or later, you can define the
gid
withra_preinstall.pl
.
-