This topic contains information about MPM configuration
files. If you want to disable any or all of the MPMs configured for
the cluster security services, contact the IBM® Support Center.
Note: IBM does not support
a configuration where none of the supplied security mechanisms are
active. Such a configuration effectively eliminates any security features
of the cluster infrastructure.
Cluster security services provides a Mechanism Abstraction Layer
(MAL) that converts the mechanism-independent instructions requested
by an application into general tasks to be performed by any mechanism.
A Mechanism Pluggable Module (MPM) is a component that converts generalized
security services routines into the specific security mechanism functions. Table 1 shows the available MPMs provided by cluster
security services and the security mechanism that they support:
Table 1. MPMs provided by the cluster
security services
MPM mnemonic
MPM path name
Security mechanism
unix
/usr/lib/unix.mpm
Host based authentication (HBA)
hba2
/usr/lib/hba2.mpm
Enhanced host based authentication
(HBA2)
When cluster security services is installed on a node, a default
MPM configuration file is installed in /opt/rsct/cfg/ctsec.cfg.
This is an ASCII text file that lists information for each MPM on
the system. Figure 1 shows the contents
of the /opt/rsct/cfg/ctsec.cfg configuration file. Figure 1. Contents of the /opt/rsct/cfg/ctsec.cfg configuration
file
The entries in the configuration file contain the mnemonic and
path name of the MPM, an identification code number for the MPM, a
priority value, and MPM instruction flags. The priority value indicates
the preferred security mechanism for the node and specifies a priority
order among multiple MPMs.