Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How can I manage password chaging on HACMP?

Status
Not open for further replies.
baggetta

baggetta

Technical User
Feb 27, 2003
116
US
We've just installed the lateset HACMP v4.5 software on 2 new IBM 660-H1 servers and wanted to know if anyone has a good script or way of chaning passwords so they replicate on both servers? A user will normally be assinged 1 IP address to login to. When they login in for the first time, they will be asked to change the password. At this point, I want to get this users password and execute the "passwd" command on the second server and pass the users new password. If the main server goes down, they will access the backup server and login with username that is on this server created by HACMP and their password should work. Copying the etc/security/passwd file on both servers is not the way I want to go because of how its currently setup, and users constantly forget their passwords and I feel that replication of the unix password files in not a good solution. I have heard IBM say that you can make a script that calls the passwd command and passes the new password of the user to the second server. Has anyone done this? Any info would be appriciated.
 
Sort by date Sort by votes
bagetta,

HACMP already does this in version 4.5 via the C-SPOC menu's:

You can call the script below which prompts the user to change the password and updates both servers, this is already done in the password management C-SPOC menu's:

It needs to be run as root though.

/usr/es/sbin/cluster/sbin/cl_chpasswd -cspoc -g'net_prod' '-k' sharpep

This changes user 'sharpep' password via the prompts and the -g is the resource group name.

Best of luck

PSD
IBM Certified Specialist - AIX V4.3 Systems Support
IBM Certified Specialist - AIX V4 HACMP
 
Upvote 0 Downvote
To do this such that it is transparent to the users you need to ensure that the stanzas for the users in /etc/security/passwd match. I have a script which I have written to synchronise users passwords on a daily basis if you are interested. Leave your mail address and I'll post it to you

Dave
 
Upvote 0 Downvote
PSD, I know that HACMP does this but I just don't want to change passwords on both nodes, I need the users password updated on both nodes when he tries to log into 1 of them. HACMP does not do this according to IBM which i have already asked. This has to be done either by scripting when the user log's in for the first time, or I have to ask the user to login into both machines (which have different IP addresses) whenever he changes his password. As you can see, this would be much nice if it was done in the background.
 
Upvote 0 Downvote
dsn1,
I wouldn't mind looking at your script, it may turn on a light bulb or 2 to work with HACMP. Please email to:
ebaggetta@mississaug.faurecia.com
thanks
 
Upvote 0 Downvote
hi
I want my hundred of users in cluster to change their passwords.

however problem which i am facing is that only root user is allowed to execute cspoc command to change users passwords in HACMP.....

how i can overcome this problem


Here comes polani Once again!!!

P690 Certified Specailist
HACMP & AIX Certified Specailist
AIX & HACCMP Instructor
 
Upvote 0 Downvote
there is an CFM (config file manager) - a part of CSM Server which allows to update/synchronize specified files from one point (CSM Server) to all defined nodes/groups in CSM database. It works similiar like FileCollection from PSSP but CFM is easier in configuration - it pushes specified files to all or specified CSM nodes/groups (using -b switch of cfmupdatenode command the backup files are created on remote/clients before copying new one)

I am using it for about 2 years - including HACMP environments - and since now no problems occured.

Users changes their password on CSM server and cron task every scheduled minutes initialises cfmupdatenode command.


r, m.
 
Upvote 0 Downvote
ogniemi,
Where do I find CSM Server? Is this something within AIX5.1 or is it a seperate server? When you say that it pushes files, are you moving the passwd file between nodes? I cannot do this, since both my nodes are not syncronized and one users password on 1 node may not be the same on the 2nd node...

So when you need to change a users password once it was created 2 months ago, how does it update both nodes?
 
Upvote 0 Downvote
it is separate server not included in AIX and as I had found in log it uses rdist to synchronise required files. If users on your servers (cluster nodes) have different passwords on each node than you can't use it.

I use CFM as it allows me to keep all passwords synchronized on all cluster envs.

r,m.
 
Upvote 0 Downvote
Where can I get more info. on CFM? Is this a product from IBM or a 3rd party? The other solution I was looking into was NIS, but this doesn't seem to do the passwd trick that I need to, looking into the documentation. It still uses the command, passwd.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

E
  • Locked
  • Question
AIX Power5 on 5.3- On varyonvg error "cannot be varied on because no good copies of the descriptor area"
Replies
1
Views
645
JenLM
J
E
  • Locked
  • Question
What are reservations and how do you set them?
Replies
0
Views
556
emze
E
David Figueiredo
  • Locked
  • Question
CDE on AIX
Replies
0
Views
393
David Figueiredo
David Figueiredo
bjvail
  • Locked
  • Question
IBM PS700 replaced, map existing drives on DS3500
Replies
1
Views
396
iggsterman
iggsterman
noobAIX
  • Locked
  • Question
How to extend PP on VG ( FREE PPs: 0 (0 megabytes))
Replies
1
Views
417
chgwhat
chgwhat

Part and Inventory Search

Sponsor

Back
Top