IBM Hub/Switch Switch User Manual


 
Chapter 3 System Preparation
180 September 2002 HPSS Installation Guide
Release 4.5, Revision 2
To use the hpssadm utility and the Java version of the Data Server, continue following the
instructions for the remainder of this section.
3.8.1.3 Prerequisite Software
This required software is:
1. One of the following:
Java 1.3.0 JRE (Java Runtime Environment)
Java 1.3.0 SDK (Software Development Kit)
2. Java 1.0.2 JSSE (Java Secure Sockets Extensions)
This software is available for download for AIX, Solaris, and Windows at no cost. Section 3.8.2:
Installing Java on page 181 lists the locations from which the software is available.
3.8.1.4 Security Mechanisms
Access by hpssadm clients to the Data Server is restricted by DCE authentication mechanisms and
by aflat file authorization mechanism.The transmission of sensitive information such as passwords
from the hpssadm utility to the Data Server is encrypted. In addition, both the Data Server and
hpssadm client are executed under a Java Security Manager, which imposes restrictions on file
system and network accesses.
Encryption mechanisms:
Encryption of the connection over which the user's DCE password is transmitted to the Data
Server is implemented with Secure Sockets Layer (SSL). JSSE (Java Secure Sockets Extensions)
is the Java implementation of SSL. SSL requires the creation and management of a public key
and X.509 certificate for the Data Server. The creation and distribution of these certificates and
other aspects of SSL are discussed in Section 3.8.3: Configuring SSL on page 183.
Java Security Manager restrictions:
The Java Security Manager requires that a Java security policy file for the Data Server and for
each hpssadm user be created and maintained. This limits the file system and network socket
access of each program, over and above the regular system protections. The policy file is
discussed in Section 3.8.4: Configuring the Java Security Policy File on page 186.
Authorization mechanisms:
Only users specified in the hpssadm.config file will be authorized to connect to the Data Server
using hpssadm. This file is discussed in Section 3.8.5: Setting up the Client Authorization File on
page 188.
Authentication mechanisms:
Only users with valid DCE login ids and passwords will be allowed to connect to the Data
Server using hpssadm. Each user's login name and password are stored in a private keytab on