Create encrypted files (BLOB files) only if you plan to choose the semiautomatic mode that uses an encrypted file to configure the Authentication Service. The administrator must create the encrypted files on the root broker node. The administrator must create encrypted files for each node that is going to be a part of the cluster before you configure the Authentication Service for VCS.
To create encrypted files
Make a note of the following root broker information. This information is required for the input file for the encrypted file:
Make a note of the following authentication broker information for each node. This information is required for the input file for the encrypted file:
identity |
The value for the authentication broker identity, which you provided to create authentication broker principal on the root broker system. This is the value for the --prplname option of the addprpl command. See Creating authentication broker accounts on root broker system. |
password |
The value for the authentication broker password, which you provided to create authentication broker principal on the root broker system. This is the value for the --password option of the addprpl command. See Creating authentication broker accounts on root broker system. |
broker_admin_password |
The value for the authentication broker password for Administrator account on the node. This password must be at least five characters. |
For each node in the cluster, create the input file for the encrypted file.
The installer presents the format of the input file for the encrypted file when you proceed to configure the Authentication Service using encrypted file. For example, the input file for authentication broker on galaxy resembles:
[setuptrust] broker=venus.symantecexample.com hash=758a33dbd6fae751630058ace3dedb54e562fe98 securitylevel=high [configab] identity=galaxy password=password root_domain=vx:root@venus.symantecexample.com root_broker=venus.symantecexample.com:2821 broker_admin_password=ab_admin_password start_broker=false enable_pbx=false
Back up these input files that you created for the authentication broker on each node in the cluster.
Note that for security purposes, the command to create the output file for the encrypted file deletes the input file.
For each node in the cluster, create the output file for the encrypted file from the root broker system using the following command.
RootBroker> # vssat createpkg \ --in /path/to/blob/input/file.txt \ --out /path/to/encrypted/blob/file.txt \ --host_ctx AB-hostname
venus> # vssat createpkg --in /tmp/galaxy.blob.in \ --out /tmp/galaxy.blob.out --host_ctx galaxy
Note that this command creates an encrypted file even if you provide wrong password for "password=" entry. But such an encrypted file with wrong password fails to install on authentication broker node.
After you complete creating the output files for the encrypted file, you must copy these files to the installer node.