Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Password synchronisation in HACMP

Status
Not open for further replies.
phorbiuz

phorbiuz

Technical User
Jul 22, 2004
67
GB
We've got a 2 node cluster using shared storage. Both nodes are AIX 5.3 using HACMP 5.3, and run in an active/active configuration with depots 1 and 2 running from node A and depots 3 and 4 running from node B. Each depot/group can fail to each node on error detection, with fallback being manual.

Node A
Resource group 1
Volume group 1
Resource group 2
Volume group 2

Node B
Resource group 3
Volume group 3
Resource group 4
Volume group 4

The application itself isn't that good in my opinion, as it needs to have users defined at the OS level rather than within the app.

What this means is that should a user's password on Node B expire, the OS prompts them to change it. This of course they do, but as its not within HACMP it is not replicated across the cluster. So they're password is still good on Node B, but remains expired on Node A.

As there are several hundred users on each node, we can't allow this to continue as, in the event of a fallover, lots of people can't log in anymore.

I've heard File Collections could help here, but the problem is it runs every 10 mins, and should a user on Node A change their password at the same time a user on Node B does theirs (ie within the 10 min interval), then one of the users password change will be lost as it will only synchronize in 1 direction at a time.

Anyone come across this before and can offer advice?

Thanks in advance.





 
Sort by date Sort by votes
Why don't you let your users use the cspoc change password feature?

Code: 
 x() {
 /usr/es/sbin/cluster/cspoc/fix_args nop cl_chpasswd -cspoc -f -r $*
 if [ $? -ne 0 ]
 then
         exit 1
 fi
 }
 x -cspoc -g'rg'  khalid

Regards,
Khalid
 
Upvote 0 Downvote
I think I should clarify this a bit more sorry.

The /usr/bin/passwd executable on both sides of the cluster is linked to /usr/es/sbin/cluster/utilities/clpasswd.

If a user is already on the command line and issues a password change it will run the HACMP utility and change the password on both sides of the cluster.

However, if their password is expired on both sides of the cluster when initially logging in, the OS asks them to change the password, but it doesn't run the HACMP utility and instead just changes the password on the local node. It doesn't seem to run the /usr/bin/passwd link to /usr/es/sbin/cluster/utilities/clpasswd.

I'm thinking the OS runs a different passwd command (maybe chpasswd or pwdadm?) on the initial log-in compared to after a user has logged in.

Ta.





 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

HariharanER
  • Locked
  • Question
Current versions are used in AIX
Replies
0
Views
298
HariharanER
HariharanER
Declan-Hughe-CS
  • Locked
  • Question
Curl - AIX 7.2 - Illegal instruction - core dumped
Replies
0
Views
353
Declan-Hughe-CS
Declan-Hughe-CS
mar3i
  • Locked
  • Question
Cannot inrease var filesystem 1
Replies
2
Views
216
pa2nc
pa2nc
tmpmoa
  • Locked
  • Question
Could not load program git-remote-http in AIX
Replies
0
Views
141
tmpmoa
tmpmoa
dhirender
  • Locked
  • Question
How to calculate total disk space available in AIX
Replies
1
Views
236
johnherman
johnherman

Part and Inventory Search

Sponsor

Back
Top