halogin - utility that enables users to authenticate themselves in secure or non-secure VCS environments and establish a user-context for the purpose of executing VCS commands
halogin username [password]
halogin -endsession host
The halogin command line utility provides users the means to authenticate themselves in VCS cluster environments, which may be secure or non-secure. The utility also establishes a user-context in which subsequent VCS commands are run. A secure cluster uses Veritas Product Authentication Service, while a non-secure cluster does not. The halogin command is not for a root user, the command fails for a root user on the local system.
Once authenticated on a host, VCS grants users authorization to use VCS commands at a predetermined privilege level. The privilege level specifies that a VCS user can perform certain operations (read, write, or execute) on certain objects (systems, groups, or resources).
The halogin command stores the encrypted user-context information in the users local home directory. The user may enter subsequent commands without having to log in and enter a password. In case of a secure cluster, the credential may expire after a certain time period after which the password must be re-entered. The unixpwd credential lasts 24 hours. To display details of the credentials, use the /opt/VRTSvcs/bin/vcsat showcred command.
VCS user privilege levels include:
* Guest: Has read-only access to the configuration, that is, the capability to display and list information. * Operator: Has read-execute access to the configuration, that is, the capability to perform operations to take objects online and offline * Administrator: Has read-write-execute access to the configuration, that is, full access with the capability to change the configuration Users may need to set the following environment variables while using the halogin command in a secure cluster. In a non-secure environment, only VCS_HOST is recognized. * VCS_HOST set to the name of the host where the VCS engine is running. Default is localhost. * VCS_REMOTE_BROKER set to the name of the host that will be used to authenticate the user. Cannot be used with root. * VCS_DOMAIN set to the name of the domain to which the user belongs. * VCS_DOMAINTYPE
set to the type of the VxSS domain to which the user belongs: unixpwd, nt, nis, nisplus, localhost, or vx. If this variable is not set, the domain type defaults to "unixpwd".
username [password] Log in as username with the password password. The user must have set the appropriate environment variables, depending on whether the cluster runs in a secure or non-secure mode. If password is not supplied, halogin interactively prompts for it. -endsession host Delete the halogin user-context information on host where the commands are run. -endallsessions Delete halogin user-context information on all hosts. -help Display options available for halogin.
$HOME/.VRTSat - Directory where user credentials are stored (secure cluster environment only).
$HOME/.vcspwd - File containing remembered user-context logins.