Account Management 3.0
 
Platform Services Quick Start Guide for AIX
    Prerequisites Installation and verification steps
  1. With the release of AIX 4.3.3 SP 9 and 10 IBM introduced a problem with the DCE interface, we are working with IBM to resolve this issue and Platform Services for AIX will have a patch resolving this issue in the future, check with support.novell.com to see if this is available.
  2. Make sure you have an entropy source for the SSL comunications, Account Management ships with the prngd which can be retrieved here prngd-0.9.24.tar.gz or from /prngd in the Distribution Directory, created on the Manager server by Core Services installation.

    To install Platform Services for AIX
    3.
  3. If you do not have an appropriatly configured Platform Set object, use the Account Management Web Interface to create a Platform Set object and associate the appropriate users and groups with it via the search object configuration page also make sure that search object for the platform is covered by a Census search object.
    Generally platform sets are determined by sets of users and groups, and multiple types of platforms can reside in a single platform set and users and groups can reside in multiple platform sets.
    When ever you modify a search object for the census or platform sets you should start a trawl to populate the platforms.
  4. Use the Account Management Web Interface to create a Platform Object in an appropriate Platform Set.
    Make sure you set all the IP addresses for the Platform in the web interface to make sure mutually authenticated SSL will function properly.
  5. Log in as root to the server where you are installing Platform Services.
  6. Retrieve the distribution package from here am300_platserv_aix.tar or from the Distribution Directory on the Manager server to a temporary location on the target server.
  7. Extract the distribution package: tar xvf am300_platserv_aix.tar
    This creates and populates an ASAM directory in the temporary location.
  8. Run the setup/install script from this ASAM directory. This prepares the /usr/local/ASAM directory.
  9. Run the /usr/local/ASAM/bin/PlatformServices/plat-config script.
    You can now remove all of the distribution files from the temporary location.
  10. Obtain a Platform certificate from the Manager by running either the Platform Services Process or the Platform Receiver with the -s command line parameter:
    /usr/local/ASAM/bin/PlatformServices/PlatformServicesProcess/asampsp -s
    or
    /usr/local/ASAM/bin/PlatformServices/PlatformReceiver/asamrcvr -s
    Respond to the prompts:
    Common name of the Platform configuration object (specified in the Web interface when it was created)
    Fully distinguished name and password of a directory user with Read and Create object rights to the ASAM System container
  11. Review the contents of the Platform Configuration file /usr/local/ASAM/data/asamplat.conf.
    Make sure it has at least one agent configured if you wish to do Authentication Redirection.
  12. Review the file permissions of /usr/local/ASAM/data to ensure that they are appropriate for your installation.
  13. Edit /etc/security/user and change the entries for the users you want to use Account Management authentication. The file user.sample in ASAM/bin/ PlatformServices demonstrates the required changes. The required entries for Account Management have the following settings:
    AUTH1 = SYSTEM
    AUTH2 = NONE
    SYSTEM = DCE
    registry = DCE
  14. The Platform Receiver responds to events by running corresponding Receiver Scripts. The Platform Receiver runs Receiver Scripts from /usr/ local/ASAM/bin/PlatformServices/PlatformReceiver/scripts. The base set of Receiver Scripts is delivered to you in a subdirectory of /usr/local/ ASAM/bin/PlatformServices/PlatformReceiver/scripts called aix-passwd. The install offered to install the base scripts for you. If you accepted, then the plat-config script copied all of the scripts in aix-passwd up one level to /usr/local/ASAM/bin/ PlatformServices/PlatformReceiver/scripts.
    NOTE If you have developed your own set of custom scripts, copy your custom scripts to /usr/local/ASAM/bin/PlatformServices/PlatformReceiver/scripts.
    NOTE For information about developing your own custom scripts, see /usr/local/ASAM/bin/PlatformServices/PlatformReceiver/scripts/scriptwriters.README.
  15. Run the Platform Receiver in Full Sync Mode by using the -f command
    line parameter:
    /usr/local/ASAM/bin/PlatformServices/
    PlatformReceiver/asamrcvr -f
  16. Add Platform Services Process and Platform Receiver operation into
    routine system startup, shutdown, and scheduling procedures as
    appropriate.
    NOTE: Optional Startup/Shutdown scripts are provided in the ASAM/data/ UnixStartupScripts directory.
    NOTE: AIX does not support a PAM implementation. Platform Services for AIX uses the custom authentication module framework of AIX instead.
    NOTE: When you try to copy a newer version of the libascauth.a library file or the DCE file, you might get a “Cannot open or remove a file containing a running program” error. This occurs when the kernel or a user program has the library open. When this situation occurs, you can do one of the following to install the newer version:
    Remove /usr/lib/libascauth.a and then copy the newer version into /usr/ lib.
    Remove /usr/lib/security/DCE and then copy the newer version into /usr/ lib/security.
    Boot into single-user mode and the copy newer version into /usr/lib.