Filter
Top Products
Chapter 3 System Preparation
HPSS Installation Guide September 2002 177
Release 4.5, Revision 2
-dname "cn=HPSS Data Server" -alias hpss_ssmds \
-keystore keystore.ds -validity 365
ii. Display the fingerprint for the certificate:
% $JAVA_HOME/bin/keytool -keystore keystore.ds -list -v
iii. Export the certificate to the temporary file ds.cer:
% $JAVA_HOME/bin/keytool -keystore keystore.ds -export \
-alias hpss_ssmds -file ds.cer
C. Set up SSMDS for normal or low security mode:
i. Fornormal security mode, the administrator will be prompted for the password to
the keystore file <ds_keystore_password> when the SSMDS begins execution.
This means the Data Server may not be started automatically from inittab.Torun
in normal security mode, make sure the
HPSS_SSMDS_KEYSTORE_PASSWORD variable is set to "PROMPT" in the
hpss_env file.
This is the recommended operational mode.
ii. For low security mode, the SSMDS will read the password to its keystore from a
file at startup. To run in low security mode, make sure the
HPSS_SSMDS_KEYSTORE_PASSWORD variable is not set to anything in
hpss_env, and store and protect the keystore password:
% vi keystore.ds.pw
Enter <ds_keystore_password> into file & save.
% chmod 600 keystore.ds.pw
This is not the recommended operational mode.
D. Set up SSMDS Java security policy file
% cp /opt/hpss/config/templates/java.policy.ds.template \
java.policy.ds
% chmod 640 java.policy.ds
% vi java.policy.ds
Change "*.hpss.acme.com" to appropriate host info, such as "*.clearlake.ibm.com", in
the following section:
grant { permission java.net.SocketPermission
"*.hpss.acme.com:1024-",
"connect,accept,listen,resolve"; };
Save change and exit vi.
E. Set up the Client authorization file