Enabling and disabling Security Services
Prev	Administering the cluster from the command line	Next

---

Enabling and disabling Security Services

This section describes how to enable and disable Security Services. Do not edit the VCS configuration file main.cf to enable or disable VxSS. You must set up a root broker before enabling security services on a cluster. See the Veritas Cluster Server Installation Guide for instructions on setting up a root broker.

To enable Symantec Product Authentication Services on a Veritas Cluster Server cluster

1. Verify you have a root broker configured. See the Veritas Cluster Server Installation Guide for instructions.
2. Start the installvcs program with the -security option.

   # ./installvcs -security

3. Review the output as the installer displays the directory where the logs are created.
4. Enter 1 to enable the Authentication Service on the cluster.

   1) Enable Veritas Security Services on a VCS Cluster

   2) Disable Veritas Security Services on a VCS Cluster

   3) Install Veritas Security Services Root Broker

   Select the Security option you would like to perform [1-3,q] 1

5. If Veritas Cluster Server is not configured in the system from where you started the installvcs program, enter the name of a node in the cluster that you want to enable the Authentication Service.

   Enter the name of one system in the VCS Cluster that you would like to enable Veritas Security Services: north

   The installer proceeds to verify communication with the node in the cluster.

6. Review the output as the installer verifies whether Veritas Cluster Server configuration files exist.

   The installer also verifies that Veritas Cluster Server is running on all systems in the cluster.

7. Press Enter to confirm that you want to enable the Authentication Service.

   Would you like to enable Veritas Security Services on this cluster? [y,n,q] (y) y

8. Proceed with the configuration tasks. Enter credentials that you provided when you set up the root broker. See Veritas Cluster Server Installation and Configuration Guide for details on the configuration modes
10. Review the output as the installer modifies the Veritas Cluster Server configuration files to enable the Authentication Service, and starts Veritas Cluster Server in a secure mode.

    The installer creates the Security service group, creates Authentication Server credentials on each node in the cluster and Web credentials for Veritas Cluster Server users, and sets up trust with the root broker.

To disable Symantec Product Authentication Services on a Veritas Cluster Server cluster

1. Verify you have a root broker configured. See the Veritas Cluster Server Installation Guide for instructions.
2. Start the installvcs program with the -security option.

   # ./installvcs -security

3. Review the output as the installer displays the directory where the logs are created.
4. Enter 2 to disable the Authentication Service on the cluster.

   1) Enable Veritas Security Services on a VCS Cluster

   2) Disable Veritas Security Services on a VCS Cluster

   3) Install Veritas Security Services Root Broker

   Select the Security option you would like to perform [1-3,q] 2

5. If Veritas Cluster Server is not configured in the system from where you started the installvcs program, enter the name of a node in the cluster that you want to disable the Authentication Service.

   Enter the name of one system in the VCS Cluster that you would like to disable Veritas Security Services: north

6. Review the output as the installer proceeds with a basic verification.
7. Press Enter at the prompt to confirm that you want to disable the Authentication Service.

   Would you like to disable Veritas Security Services on this cluster? [y,n,q] (y) y

8. Review the output as the installer modifies the Veritas Cluster Server configuration files to disable the Authentication Service and starts Veritas Cluster Server.