Create encrypted files only if you plan on choosing the semiautomatic mode that uses an encrypted file to configure the Authentication Service. The encrypted files must be created by the administrator on the root broker node. The administrator must create encrypted files for each node that would be a part of the cluster before you configure the Authentication Service for VCS. See Veritas Cluster Server User's Guide for more information. You can configure the Authentication Service during or after VCS installation.
See Symantec Product Authentication Service
east> # vssat showalltrustedcreds
For example, the domain name would resemble "Domain Name: root@east.symantecexample.com" in the output.
For example, to verify on node north:
east> # vssat showprpl --pdrtype root \
--domain root@east.symantecexample.com --prplname north
east> # vssat deleteprpl --pdrtype root \
east> # vssat addprpl --pdrtype root --domain \
root@east.symantecexample.com --prplname north \
--password
password
--prpltype service
You must use this password that you create in the input file for the encrypted file.
The value that you provide for --prplname
in step 3 (for example, north).
The value that you provide for --password
in step 3.
The value that you determined in step 1.
The installer presents the format of the input file for the encrypted file when you proceed to configure the Authentication Service using encrypted file. For example, the input file for authentication broker on north would resemble:
broker=east.symantecexample.com
hash=758a33dbd6fae751630058ace3dedb54e562fe98
root_domain=vx:root@east.symantecexample.com
root_broker=east.symantecexample.com:2821
Note that for security purposes, the command to create the output file for the encrypted file deletes the input file.
RootBroker> # vssat createpkg --in /path/to/blob/input/file.txt --out /path/to/encrypted/blob/file.txt --host_ctx AB-hostnameeast> #
vssat createpkg --in /tmp/north.blob.in \
--out /tmp/north.blob.out --host_ctx north
Note that this command creates a encrypted file even if you provide wrong password for "password=" entry, but the encrypted file will fail to install on authentication broker node.