Configuring the host based authentication mechanisms
There are several administrative tasks related to the host based authentication mechanisms.
Table 1 describes the administrative tasks you may need or want to perform that are related to the host based authentication mechanisms.
| Task | Describes how to... | Perform this task if... |
|---|---|---|
| Configuring the ctcasd daemon on a node | Modify a configuration file read by the Cluster Security Services daemon (ctcasd) upon startup. | You want to modify the operational parameters of the ctcasd daemon. You can configure such things as how many threads the daemon creates, the key generation methods it uses in preparing host public and private keys, and where the daemon looks for key files and the trusted host list. |
| Configuring credential life span | Set the credential life span for a security mechanism and, for the HBA2 mechanism, enable credential tracking. | You want the security mechanism to detect expired credentials and refuse authentication to applications that present such credentials. For the HBA2 mechanism, you also want to refuse authentication to applications that present previously authenticated credentials. |
| Guarding against address and identify spoofing when transferring public keys | Copy public keys between nodes to establish the security environment needed for a management domain or an RSCT peer domain. | You do not think your network security is sufficient to prevent address and identity spoofing. If you are confident in the security of your network, you do not need to perform this task; the keys will be copied automatically as part of your node configuration process. |
| Changing a node's private/public key pair | Modify a node's private and public keys. | A node's private key needs to be modified. |
| Configuring security compliance mode | Set the security compliance mode of RSCT services. | You want RSCT to adhere to a security compliance. |