Using noauth Rather than vopie Authentication

The noauth method exchanges user name, host names, and group/domain names, but makes no attempt to verify that the information is correct.

The noauth method is easier to configure than the vopie method. Consider using the noauth method rather than the vopie method if full authentication is not necessary, yet you want to use the Enhanced Authorization feature described in Enhanced Authorization.

Configuring for the noauth method is similar to configuring for the vopie method with these exceptions:

• Do not run the bpauthsync command with the -vopie argument
• Use string noauth instead of vopie in the methods_allow.txt file

---

  Note    The noauth method is not supported for Sequent systems.

---

Assume that this is an initial installation and you want to configure authentication for all systems. NetBackup server and client software has already been installed.

1. On the master server, copy the methods_allow.txt to a temporary file. For example, /tmp/ma.txt.
2. To the temporary file, add an entry for each host that requires noauth authentication:

   noauth : shark
   noauth : whale
   noauth : dog
   noauth : horse

3. Synchronize the methods_allow.txt files on the servers and the clients by running the following on the master server (all on one line):

   /usr/openv/netbackup/bin/admincmd/bpauthsync -methods -methods_allow /tmp/ma.txt -servers -clients

   The information in /tmp/ma.txt is written to methods_allow.txt on the servers and clients.

To disable authentication for client horse:

1. Push an empty methods_allow.txt file to the client by running the following on the master server (all on one line):

   /usr/openv/netbackup/bin/admincmd/bpauthsync -methods -methods_allow /dev/null -clients horse

   This disables authentication on the client.

2. On the master server, remove the entry for horse from the /usr/openv/var/auth/methods_allow.txt file.
3. Synchronize the methods files on all servers by running the following on the master server (all on one line):

   /usr/openv/netbackup/bin/admincmd/bpauthsync -methods -servers

   Authentication is no longer performed when communicating with this client.

Assume that all systems are configured for authentication, except for client horse.

To add authentication for client horse:

1. On the master server, copy the methods_allow.txt to a temporary file. For example, /tmp/ma.txt.
2. Add an entry for the new client to the temporary file:

   noauth : horse

3. Synchronize the methods_allow.txt files on the servers and the new client by running the following on the master server (all on one line):

   /usr/openv/netbackup/bin/admincmd/bpauthsync -methods -methods_allow.txt /tmp/ma.txt -servers -clients horse

   The information in /tmp/ma.txt is written to methods_allow.txt files on the servers and the client.

Assume that client horse was configured for authentication and the disk failed.

To restore authentication so all files can be recovered:

1. On the master server, copy the current methods_allow.txt file to another file. For example, copy it to /usr/openv/var/auth/methods_allow.txt.save
2. Remove the entry for the failed client from methods_allow.txt on the master server.
3. Push the modified methods_allow.txt file to the other servers by running the following (all on one line):

   /usr/openv/netbackup/bin/admincmd/bpauthsync -methods -servers

   This disables authentication for the failed client so the servers can communicate with it during recovery.

4. Reinstall the operating system (Windows or UNIX) and NetBackup on the failed client by following the instructions in the NetBackup Troubleshooting Guide for UNIX and Windows. However, do not restore any NetBackup or user files at this time.
5. On the master server, run the following command to push the original methods to the servers and the failed client (the command is all on one line):

   /usr/openv/netbackup/bin/admincmd/bpauthsync -methods -servers -clients horse -methods_allow /usr/openv/var/auth/methods_allow.txt.save

   The information in methods_allow.txt.save is written in methods_allow.txt on the servers and the client. The original authentication methods are restored.

6. Complete the client recovery by restoring the original NetBackup and user files as explained in the NetBackup Troubleshooting Guide for UNIX and Windows.

Assume that authentication was configured on all servers and clients and the disk fails on master server shark.

If the NetBackup catalog backup was written to a storage unit on the master server shark:

1. On the master server, recover the disk as explained in the NetBackup Troubleshooting Guide for UNIX and Windows and reinstall NetBackup.
2. Restore all files to the master server.
3. Synchronize all clients and servers by running the following on the master server (all on one line):

   /usr/openv/netbackup/bin/admincmd/bpauthsync -servers -clients

If the NetBackup catalog backup was written to a storage unit on whale, shark cannot recover the catalogs because the two servers cannot authenticate one another. In this instance, the following steps are required:

1. Install NetBackup on the master server (do not restore any files at this time).
2. Disable authentication between the master server and the media server where the catalog backup was written, by modifying their methods_allow.txt files:
   1. On the master server, remove the entry for the media server from the methods_allow.txt file (if an entry is present).
   2. On the media server, remove the entry for the master server from the methods_allow.txt file.
3. On the master server, run bprecover to restore the catalog files.
4. Restore all files to the master server, including those in the /usr/openv/var/auth directory.
5. On the media server, add back the entry for the master server from the methods_allow.txt file.