IBM RELEASE 7.3 User Manual

Page 93

Advertising
background image

The Security Controls section of the Server Configuration window is common to all servers. In the
example window above, the server displayed is a Core Server.

Field Descriptions

Principal Name. The name of the principal the server will use to authenticate.

Protection Level. The level of protection that will be provided for communication with peer
applications. The higher the level of protection, the more encryption and overhead required in
communications with peers. The levels, from lowest to highest, are as follows:

Connect - Performs authentication only when the client establishes a connection with the server.

Packet - Ensures that all data received is from the expected client.

Packet Integrity - Verifies that none of the data transferred between client and server has been
modified.

Packet Privacy - Verifies that none of the data transferred between client and server has been
modified and also encrypts the data transferred between client and server.

Authentication Service Configuration. Each server can support up to two Authentication Services. The
following fields are used to define each authentication service configured for a server.

Mechanism. The authentication mechanism to use when passing identity information in
communications to HPSS components.

KRB5 - indicates that the server will useKerberos 5 authentication.

UNIX - indicates that the server will use UNIX authentication.

Not Configured - indicates that an authentication service has not been configured for this
slot. At least one of the authentication service slots must be configured.

Authenticator Type. The type of authenticator specified in the Authenticator field. The types
are:

Not Configured – indicates that an authenticator has not been configured for this slot. If a
mechanism is specified, an authenticator type must also be specified.

None – indicates no authenticator is supplied for this mechanism. This is appropriate for
UNIX authentication if no keytab is used. The server's credentials will be its current
UNIX identity.

Keytab - indicates that the authenticator is the path to a keytab file. For Kerberos
authentication this is a keytab file created with Kerberos utilities. For UNIX
authentication this is a keytab file created with the hpss_unix_keytab utility. See its man
page for details. Each server can have its own keytab file, or all the servers can share a
single keytab file. It is recommended that one keytab file be used for all of the servers on
any given host.

HPSS Management Guide

November 2009

Release 7.3 (Revision 1.0)

93

Advertising