ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzatl_5.4.0.1/rzatlsecure.htm

81 lines
6.0 KiB
HTML
Raw Permalink Normal View History

2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2005" />
<meta name="DC.rights.owner" content="(C) Copyright IBM Corporation 2005" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="task" />
<meta name="DC.Title" content="Secure Pegasus" />
<meta name="abstract" content="Use this topic to find out about the options that are available for ensuring that the CIM server is secure." />
<meta name="description" content="Use this topic to find out about the options that are available for ensuring that the CIM server is secure." />
<meta name="DC.Relation" scheme="URI" content="rzatlkickoff.htm" />
<meta name="DC.Relation" scheme="URI" content="rzatlsslenable.htm" />
<meta name="DC.Relation" scheme="URI" content="rzatlcertauth.htm" />
<meta name="DC.Relation" scheme="URI" content="rzatlauthentication.htm" />
<meta name="DC.Relation" scheme="URI" content="rzatlsupporteim.htm" />
<meta name="DC.Relation" scheme="URI" content="rzatlauthenticate.htm" />
<meta name="DC.Relation" scheme="URI" content="../rzalv/rzalvmst.htm" />
<meta name="DC.Relation" scheme="URI" content="rzatlcimconfig.htm" />
<meta name="DC.Relation" scheme="URI" content="../rzakh/rzakh000.htm" />
<meta name="DC.Relation" scheme="URI" content="../rzakh/rzakhpdns.htm" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzatlsecure" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Secure Pegasus</title>
</head>
<body id="rzatlsecure"><a name="rzatlsecure"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Secure Pegasus</h1>
<div><p>Use this topic to find out about the options that are available
for ensuring that the CIM server is secure.</p>
<div class="section">One of the most significant concerns for a Pegasus administrator
is how to configure security. This is particularly true for <span class="keyword">i5/OS™</span> because
of <span class="keyword">i5/OS</span> platform security
requirements, significant functions were added to the open source implementation.
In Pegasus, there are two types of security checks, authentication and authorization.</div>
</div>
<div>
<ul class="ullinks">
<li class="ulchildlink"><strong><a href="rzatlsslenable.htm">Create an SSL key and certificate for Pegasus</a></strong><br />
For Pegasus to run in Secure Sockets Layer (SSL) mode, a private key and certificate are required. Pegasus checks for its private key and certificate during startup. If those files do not exist, Pegasus creates its private key and a self-signed 365-day certificate. You can also create a private key and certificate with this information.</li>
<li class="ulchildlink"><strong><a href="rzatlcertauth.htm">Configure the CIM server to verify client certificates</a></strong><br />
<span><img src="./delta.gif" alt="Start of change" />You can configure the CIM server to use secure
sockets layer (SSL) to verify client certificate's and to check certificate
revocation lists (CRLs) on the main SSL port and the export SSL port.<img src="./deltaend.gif" alt="End of change" /></span></li>
<li class="ulchildlink"><strong><a href="rzatlauthentication.htm">Authentication</a></strong><br />
<span><img src="./delta.gif" alt="Start of change" />Pegasus uses an authentication process to determine
which users can log into the CIMOM. Unless the <span class="parmname">enableAuthentication</span> property
of <span class="parmname">cimconfig</span> command is set to false, authentication
is performed for every connection, before users can access the CIM data.<img src="./deltaend.gif" alt="End of change" /></span></li>
<li class="ulchildlink"><strong><a href="rzatlsupporteim.htm">Enable Kerberos</a></strong><br />
Pegasus on iSeries™ supports both Kerberos and Enterprise Identity
Mapping (EIM). To enable Kerberos, use the cimconfig commands to set the httpAuthType
configuration option to Kerberos (this is the default value). </li>
<li class="ulchildlink"><strong><a href="rzatlauthenticate.htm">Authorize Pegasus</a></strong><br />
A type of security check that is required for Pegasus on <span class="keyword">i5/OS</span> is verifying that users have
access to the objects they are trying to change. This process is called <dfn class="term">authorization</dfn>.</li>
</ul>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzatlkickoff.htm" title="The Common Information Model (CIM) is a standard developed by a consortium of major hardware and software vendors (including IBM) called the Distributed Management Task Force (DMTF) as part of the Web Based Enterprise Management (WBEM) initiative.">Common Information Model</a></div>
</div>
<div class="relconcepts"><strong>Related concepts</strong><br />
<div><a href="../rzalv/rzalvmst.htm">Enterprise Identity Mapping (EIM) topic</a></div>
<div><a href="rzatlcimconfig.htm" title="Configure the startup options for the CIMOM with the cimconfig command.">cimconfig usage information</a></div>
<div><a href="../rzakh/rzakh000.htm">Network Authentication Service topic</a></div>
<div><a href="../rzakh/rzakhpdns.htm">Hostname resolutions considerations topic</a></div>
</div>
</div>
</body>
</html>