-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 30.04.2013 08:27, Ulrich Windl wrote: >>>> Muhammad Sharfuddin <m.sharfud...@nds.com.pk> schrieb am >>>> 29.04.2013 um 14:16 in > Nachricht <517e6482.2040...@nds.com.pk>: >>> I think that you should just follow that advice, i.e. read that >>> SAP >> note and install >>> SAPHostAgent. >>> >> I asked the SAP Consultant to install the SAPHostAgent issue. >> >>> See also the agents documentations: crm ra info SAPDatabase >>> >> I read it and found nothing that help me fix this issue. > > The good news is that it still works despite of the warning. The RA > is a good example how to do a simple thing with maximum complexity. > According to my little understanding that SAPHostAgent is a web > server running as root, launching the sap start script on demand. > The RA in turn sends a HTTP request to the Host Agent to start the > process. I did not care to examine how authentication works, > because I want to be able to sleep at night ;-)
Oh you could sleep at night, even when I explain it: The autorization is made by a file permission of a socket on the system. So the Linux/Unix file permissions are controlling the permission to sent a set of commands to sapstartsrv / saphostagent. (Others could also be sent without that file permission - the set if comamnds needing authorization is controlled by a SAP configuration.) There are 3 (or more?) methods to authenticate: a) without (for simple unproblematic commands) b) via socket/file permission c) with username/password c) of course could not be used by the RA without introducing a security problem (and so does not try it :) I could not join your statement about the resource agent. The interface HOW to start/stop databases and instances is given by SAP, so the author of the RA implemented it in a SAP preferred way. The reason for the Webservice and to force also the RA is using it that the Webserver is THE interafce for all methods to control SAPDatabase and SAPInstances from outside. Its used by - SAP MMC - SAPMC - sapcontrol and maybe even by more... Regards Fabian > > Regards, Ulrich > > > _______________________________________________ Linux-HA mailing > list Linux-HA@lists.linux-ha.org > http://lists.linux-ha.org/mailman/listinfo/linux-ha See also: > http://linux-ha.org/ReportingProblems > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJRf5RqAAoJEJ1uHhrzMvZRtPAH+wSFXab9rjLujhSiqfJvKK6X IuIPadkxc9PutiqyVLbEL5J976R27aPwiR5xuJP9TkVbygVuq+C+lvhhccEFRb/7 wB0oROFss3htK/qQGkV6oLkTARFTbfo6luWoUzDIWYE+e4BC5VeCy5EG3bUYOvSn +HIP4Chb1zCvyJqTvRjiTqp32cFpuYmSneTE3HrirrqGoD3gCkjAFlYIROgxbJ0h xCSdA8/zJt8WzcqzNUuqNHv3mrMqiifYwUXYghd8wZmmwZiz1ZZfx7mOlqxwbwiw EhqqEQUj9Or/V7q9L0Aw5OJ1Uuqt4vei7YXRqteIRX2xRrCVLR+Km1u6jQJyl+A= =qRA0 -----END PGP SIGNATURE----- _______________________________________________ Linux-HA mailing list Linux-HA@lists.linux-ha.org http://lists.linux-ha.org/mailman/listinfo/linux-ha See also: http://linux-ha.org/ReportingProblems