Support User Manuals

IBM Hub/Switch Switch User Manual

Open as PDF

of 590

Chapter 3 System Preparation

180 September 2002 HPSS Installation Guide

Release 4.5, Revision 2

To use the hpssadm utility and the Java version of the Data Server, continue following the

instructions for the remainder of this section.

3.8.1.3 Prerequisite Software

This required software is:

1. One of the following:

◆ Java 1.3.0 JRE (Java Runtime Environment)

◆ Java 1.3.0 SDK (Software Development Kit)

2. Java 1.0.2 JSSE (Java Secure Sockets Extensions)

This software is available for download for AIX, Solaris, and Windows at no cost. Section 3.8.2:

Installing Java on page 181 lists the locations from which the software is available.

3.8.1.4 Security Mechanisms

Access by hpssadm clients to the Data Server is restricted by DCE authentication mechanisms and

by aﬂat ﬁle authorization mechanism.The transmission of sensitive information such as passwords

from the hpssadm utility to the Data Server is encrypted. In addition, both the Data Server and

hpssadm client are executed under a Java Security Manager, which imposes restrictions on ﬁle

system and network accesses.

Encryption mechanisms:

Encryption of the connection over which the user's DCE password is transmitted to the Data

Server is implemented with Secure Sockets Layer (SSL). JSSE (Java Secure Sockets Extensions)

is the Java implementation of SSL. SSL requires the creation and management of a public key

and X.509 certiﬁcate for the Data Server. The creation and distribution of these certiﬁcates and

other aspects of SSL are discussed in Section 3.8.3: Conﬁguring SSL on page 183.

Java Security Manager restrictions:

The Java Security Manager requires that a Java security policy ﬁle for the Data Server and for

each hpssadm user be created and maintained. This limits the ﬁle system and network socket

access of each program, over and above the regular system protections. The policy ﬁle is

discussed in Section 3.8.4: Conﬁguring the Java Security Policy File on page 186.

Authorization mechanisms:

Only users speciﬁed in the hpssadm.conﬁg ﬁle will be authorized to connect to the Data Server

using hpssadm. This ﬁle is discussed in Section 3.8.5: Setting up the Client Authorization File on

page 188.

Authentication mechanisms:

Only users with valid DCE login ids and passwords will be allowed to connect to the Data

Server using hpssadm. Each user's login name and password are stored in a private keytab on

previous next