Changing management and read-only mode, Table 4-4, See “changing management and read-only – Dell Emulex Family of Adapters User Manual

OneCommand™ Manager Application

P010066-01A Rev. A

4. Using the OneCommand Manager Application

Changing Management and Read-Only Mode

85

* To inform you of an unsecured server that you may want to secure.
** Allowed if the username and password are the same on both domains.

OneCommand Manager Secure Management Configuration
Requirements

For systems to run OCM Secure Management, they must be configured to provide the

following two capabilities:
1. Authentication – On Linux and Solaris systems this is done using the PAM interface

and must be configured as follows:



For Solaris systems, place the correct setting in the “auth” section of

/etc/pam.d/other file or its earlier equivalent /etc/pam.conf.



For Linux systems, this is the /etc/pam.d/passwd file “auth” section or

equivalent.

2. User Group Membership – From the host machine, OCM Secure Management must

be able to access the OCM group to which the user belongs. For Linux and Solaris

systems, it uses the ‘getgrnam’ and ‘getgrid’ C-library API calls. The equivalent to

the API calls can be obtained by typing “getent group” from the shell command

line. If the four OCM group names are listed with their member users, the machine

is ready to use OCM secure management.

3. For Solaris systems, you must use ‘useradd -G groupname’ for authentication to

work. You cannot use a lowercase ‘g’.

Changing Management and Read-Only Mode

Note: This functionality is only available to root users and administrators even when

running in Secure Management mode.

During installation, a management and a read-only mode are selected. If modification

of these settings after installation was selected, you can change the management mode:



Secure Management - The setting enables roles-based security. See “Using

OneCommand Manager Secure Management” on page 83 for details.



Strictly Local Management – This setting allows management of adapters on

this host. Management of adapters on this host from other hosts is not allowed.



Local Management Plus – This setting only allows management of adapters on

this host, but management of adapters on this host from another host is

possible.

Table 4-4 Passive Commands: machines on any domain

Remote Server
(Secure)

Remote Server
(Not Secure)

Client (Secure)

Allowed

Allowed

Client (Not Secure)

Allowed

Allowed