81 lines
6.0 KiB
HTML
81 lines
6.0 KiB
HTML
|
<?xml version="1.0" encoding="UTF-8"?>
|
||
|
<!DOCTYPE html
|
||
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||
|
<html lang="en-us" xml:lang="en-us">
|
||
|
<head>
|
||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||
|
<meta name="copyright" content="(C) Copyright IBM Corporation 2005" />
|
||
|
<meta name="DC.rights.owner" content="(C) Copyright IBM Corporation 2005" />
|
||
|
<meta name="security" content="public" />
|
||
|
<meta name="Robots" content="index,follow" />
|
||
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
||
|
<meta name="DC.Type" content="task" />
|
||
|
<meta name="DC.Title" content="Secure Pegasus" />
|
||
|
<meta name="abstract" content="Use this topic to find out about the options that are available for ensuring that the CIM server is secure." />
|
||
|
<meta name="description" content="Use this topic to find out about the options that are available for ensuring that the CIM server is secure." />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzatlkickoff.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzatlsslenable.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzatlcertauth.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzatlauthentication.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzatlsupporteim.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzatlauthenticate.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="../rzalv/rzalvmst.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzatlcimconfig.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="../rzakh/rzakh000.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="../rzakh/rzakhpdns.htm" />
|
||
|
<meta name="DC.Format" content="XHTML" />
|
||
|
<meta name="DC.Identifier" content="rzatlsecure" />
|
||
|
<meta name="DC.Language" content="en-us" />
|
||
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
||
|
<!-- US Government Users Restricted Rights -->
|
||
|
<!-- Use, duplication or disclosure restricted by -->
|
||
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
||
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
||
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
||
|
<title>Secure Pegasus</title>
|
||
|
</head>
|
||
|
<body id="rzatlsecure"><a name="rzatlsecure"><!-- --></a>
|
||
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
||
|
<h1 class="topictitle1">Secure Pegasus</h1>
|
||
|
<div><p>Use this topic to find out about the options that are available
|
||
|
for ensuring that the CIM server is secure.</p>
|
||
|
<div class="section">One of the most significant concerns for a Pegasus administrator
|
||
|
is how to configure security. This is particularly true for <span class="keyword">i5/OS™</span> because
|
||
|
of <span class="keyword">i5/OS</span> platform security
|
||
|
requirements, significant functions were added to the open source implementation.
|
||
|
In Pegasus, there are two types of security checks, authentication and authorization.</div>
|
||
|
</div>
|
||
|
<div>
|
||
|
<ul class="ullinks">
|
||
|
<li class="ulchildlink"><strong><a href="rzatlsslenable.htm">Create an SSL key and certificate for Pegasus</a></strong><br />
|
||
|
For Pegasus to run in Secure Sockets Layer (SSL) mode, a private key and certificate are required. Pegasus checks for its private key and certificate during startup. If those files do not exist, Pegasus creates its private key and a self-signed 365-day certificate. You can also create a private key and certificate with this information.</li>
|
||
|
<li class="ulchildlink"><strong><a href="rzatlcertauth.htm">Configure the CIM server to verify client certificates</a></strong><br />
|
||
|
<span><img src="./delta.gif" alt="Start of change" />You can configure the CIM server to use secure
|
||
|
sockets layer (SSL) to verify client certificate's and to check certificate
|
||
|
revocation lists (CRLs) on the main SSL port and the export SSL port.<img src="./deltaend.gif" alt="End of change" /></span></li>
|
||
|
<li class="ulchildlink"><strong><a href="rzatlauthentication.htm">Authentication</a></strong><br />
|
||
|
<span><img src="./delta.gif" alt="Start of change" />Pegasus uses an authentication process to determine
|
||
|
which users can log into the CIMOM. Unless the <span class="parmname">enableAuthentication</span> property
|
||
|
of <span class="parmname">cimconfig</span> command is set to false, authentication
|
||
|
is performed for every connection, before users can access the CIM data.<img src="./deltaend.gif" alt="End of change" /></span></li>
|
||
|
<li class="ulchildlink"><strong><a href="rzatlsupporteim.htm">Enable Kerberos</a></strong><br />
|
||
|
Pegasus on iSeries™ supports both Kerberos and Enterprise Identity
|
||
|
Mapping (EIM). To enable Kerberos, use the cimconfig commands to set the httpAuthType
|
||
|
configuration option to Kerberos (this is the default value). </li>
|
||
|
<li class="ulchildlink"><strong><a href="rzatlauthenticate.htm">Authorize Pegasus</a></strong><br />
|
||
|
A type of security check that is required for Pegasus on <span class="keyword">i5/OS</span> is verifying that users have
|
||
|
access to the objects they are trying to change. This process is called <dfn class="term">authorization</dfn>.</li>
|
||
|
</ul>
|
||
|
|
||
|
<div class="familylinks">
|
||
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzatlkickoff.htm" title="The Common Information Model (CIM) is a standard developed by a consortium of major hardware and software vendors (including IBM) called the Distributed Management Task Force (DMTF) as part of the Web Based Enterprise Management (WBEM) initiative.">Common Information Model</a></div>
|
||
|
</div>
|
||
|
<div class="relconcepts"><strong>Related concepts</strong><br />
|
||
|
<div><a href="../rzalv/rzalvmst.htm">Enterprise Identity Mapping (EIM) topic</a></div>
|
||
|
<div><a href="rzatlcimconfig.htm" title="Configure the startup options for the CIMOM with the cimconfig command.">cimconfig usage information</a></div>
|
||
|
<div><a href="../rzakh/rzakh000.htm">Network Authentication Service topic</a></div>
|
||
|
<div><a href="../rzakh/rzakhpdns.htm">Hostname resolutions considerations topic</a></div>
|
||
|
</div>
|
||
|
</div>
|
||
|
</body>
|
||
|
</html>
|