Add Kerberos principals and Active Directory (AD) users to the IBM® Spectrum Symphony database.
About this task
Kerberos principals and AD users cannot act as consumer users in IBM Spectrum Symphony until they are explicitly
added to the EGO user namespace. The only exception is the built-in Admin
user
account, which is mapped to the AD user or Kerberos principal.
You can add users to IBM Spectrum Symphony from the command line or
from the cluster management console. Follow
these steps to add users by using the egosh user add command; to add users from
the cluster management console, see Creating a user account.
Procedure
-
Log on to any management or compute host as the cluster administrator. For example:
egosh user logon -u Admin -x egoadminKDC
-
Except for the user/principal that is mapped to the
Admin
user, use the
egosh user add command to add all Kerberos principals and AD users to EGO. For
example:
egosh user add -u userKDC -x 111
egosh user add -u userAD -x 111
When adding
users, you are not required to provide the KDC or AD password for the user; any random string is
sufficient. Also, do not include the realm or domain. If one AD user is the same as a Kerberos
principal except for the domain or realm, they are treated as the same user. For example,
egoadmin@EXAMPLE.COM and
egoadmin@EXAMPLEAD.COM are
the same
egoadmin user.
-
Assign roles for the user accounts by using the egosh user assignrole. For
example:
egosh user assignrole -u userKDC -r CLUSTER_ADMIN
egosh user assignrole -u userAD -r CONSUMER_ADMIN -p /SymTesting/Symping73.2
What to do next
Use Kerberos authentication to log on to your hosts and run workload. See Using Kerberos authentication to access a Linux cluster.