UNIX client verification

The following procedures are used to verify the UNIX client:

Verify the credential for the UNIX client.
Verify that the authentication client libraries are installed.
Verify correct authentication domains.

The following table describes the verification procedures for the UNIX client.

Table: Verification procedures for the UNIX client

Procedures	Description
Verify the credential for the UNIX client	Check that the credential for the client is indeed for the correct client and comes from the correct domain. Run bpnbat -whoami with -cf for the client's credential file. For example: bpnbat -whoami -cf /usr/openv/var/vxss/credentials/unix_client.company.com Name: unix_client.company.com Domain: NBU_Machines@unix_primary.company.com Issued by: /CN=broker/OU=root@unix_primary.company.com/O=vx Expiry Date: Oct 31 14:49:00 2007 GMT Authentication method: Veritas Private Security Operation completed successfully. If the domain listed is not NBU_Machines@unix_primary.company.com, consider running bpnbat -addmachine for the name in question (unix_client). This command is run on the computer with the authentication broker that serves the NBU_Machines domain (unix_primary). Then, on the computer where we want to place the certificate (unix_client), run: bpnbat -loginmachine
Verify that the authentication client libraries are installed	Run bpnbat -login on the client to verify that the authentication client libraries are installed. bpnbat -login Authentication Broker: unix_primary.company.com Authentication port [Enter = default]: Authentication type (NIS, NIS+, WINDOWS, vx, unixpwd): NIS Domain: min.com Name: Smith Password: Operation completed successfully.
Verify correct authentication domains	Check that any defined authentication domains for the client are correct in the Access Control host properties or by using cat(1). Ensure that the domains are spelled correctly. Also ensure that the authentication brokers on the list for each of the domains are valid for that domain type. This process can also be verified in bp.conf using cat(1). cat bp.conf SERVER = unix_primary SERVER = unix_media CLIENT_NAME = unix_primary AUTHENTICATION_DOMAIN = min.com "default company NIS namespace" NIS unix_primary 0 AUTHENTICATION_DOMAIN = unix_primary.company.com "unix_primary password file" PASSWD unix_primary 0 AUTHORIZATION_SERVICE = unix_primary.company.com 0 USE_VXSS = AUTOMATIC

Procedures

Description

Verify the credential for the UNIX client

Check that the credential for the client is indeed for the correct client and comes from the correct domain. Run bpnbat -whoami with -cf for the client's credential file.

For example:

   bpnbat -whoami -cf 
    /usr/openv/var/vxss/credentials/unix_client.company.com
   Name: unix_client.company.com
   Domain: NBU_Machines@unix_primary.company.com
   Issued by: /CN=broker/OU=root@unix_primary.company.com/O=vx
   Expiry Date: Oct 31 14:49:00 2007 GMT
   Authentication method: Veritas Private Security
   Operation completed successfully.

If the domain listed is not NBU_Machines@unix_primary.company.com, consider running bpnbat -addmachine for the name in question (unix_client). This command is run on the computer with the authentication broker that serves the NBU_Machines domain (unix_primary).

Then, on the computer where we want to place the certificate (unix_client), run: bpnbat -loginmachine

Verify that the authentication client libraries are installed

Run bpnbat -login on the client to verify that the authentication client libraries are installed.

   bpnbat -login
   Authentication Broker: unix_primary.company.com
   Authentication port [Enter = default]:
   Authentication type (NIS, NIS+, WINDOWS, vx, unixpwd): NIS
   Domain: min.com
   Name: Smith
   Password:
   Operation completed successfully.

Verify correct authentication domains

Check that any defined authentication domains for the client are correct in the Access Control host properties or by using cat(1). Ensure that the domains are spelled correctly. Also ensure that the authentication brokers on the list for each of the domains are valid for that domain type.

This process can also be verified in bp.conf using cat(1).

   cat bp.conf
   SERVER = unix_primary
   SERVER = unix_media
   CLIENT_NAME = unix_primary
   AUTHENTICATION_DOMAIN = min.com "default company
    NIS namespace" 
   NIS unix_primary 0
   AUTHENTICATION_DOMAIN = unix_primary.company.com "unix_primary 
   password file" PASSWD unix_primary 0
   AUTHORIZATION_SERVICE = unix_primary.company.com 0
   USE_VXSS = AUTOMATIC

UNIX client verification

Feedback

Feedback