If you need to use an external authentication broker for authenticating VCS users, you must set up a trust relationship between VCS and the broker. For example, if Veritas InfoScale Operations Manager is your external authentication broker, the trust relationship ensures that VCS accepts the credentials that VOM issues.
Perform the following steps to set up a trust relationship between your VCS cluster and a broker.
To set up a trust relationship
# /opt/VRTS/install/installer -securitytrust
The installer specifies the location of the log files. It then lists the cluster information such as cluster name, cluster ID, node names, and service groups.
Input the broker name of IP address: 184.108.40.206
Input the broker port: (14545)
Specify a port number on which broker is running or press Enter to accept the default port.
Input the data directory to setup trust with: (/var/VRTSvcs/ vcsauth/data/HAD)
Specify a valid data directory or press Enter to accept the default directory.
The installer performs one of the following actions:
If you specified a valid directory, the installer prompts for a confirmation.
Are you sure that you want to setup trust for the VCS cluster with the broker 220.127.116.11 and port 14545? [y,n,q] y
The installer sets up trust relationship with the broker for all nodes in the cluster and displays a confirmation.
Setup trust with broker 18.104.22.168 on cluster node1 ........Done
Setup trust with broker 22.214.171.124 on cluster node2 ........Done
The installer specifies the location of the log files, summary file, and response file and exits.
If you entered incorrect details for broker IP address, port number, or directory name, the installer displays an error. It specifies the location of the log files, summary file, and response file and exits.