Chapter 13: Security Configuration Tasks
Identities define a user name, password, and SSL session characteristics to be used by components or servlets that call other components. Identities are also used for inter-server authentication when propagating caller credentials in a call sequence that involves multiple servers. EAServer provides a System and Anonymous identity by default.
Defining a new identity
Highlight the Identities folder.
Select File | New Identity. Follow the wizard screens to configure the properties.
Modifying or deleting an identity
Expand the Identities folder and highlight the icon for the identity of interest.
Choose one of the following:
File | Configuration Wizard to display a wizard that walks you through the configuration of the most commonly configured properties
File | Properties to display the Identity Properties dialog box described in “Configuring identity properties”
File | Delete to delete the identity
The Identity Properties dialog has these tabs:
“Identity properties/basic” defines the user name and password.
“Identity properties/SSL” specifies whether connections made using the identity will use SSL and if so, the SSL session characteristics.
“Identity properties/Entrust” configures Entrust specific properties for SSL connections.
Enter the user name and password for inter-server connections made using the identity.
Settings on this tab specify whether connections made using the identity will use SSL and if so, the SSL session characteristics.
Configuring the SSL settings
If SSL is not to be used at all, choose <none> for the security characteristic. Otherwise choose the characteristic that defines the required level of security. See Table 13-2 for descriptions of the security characteristics.
Check Use Entrust if your site uses Entrust for SSL certificate management and you wish connections made with this identity to use an Entrust certificate.
If the specified security characteristic requires mutual authentication, choose a client certificate.
Client certificate field may require a password If you have not connected to the EAServer Manager | Certificates folder, you are prompted for the Sybase token PIN when you put the focus on the Certificate Label field. You must connect to EAServer Manager | Certificates folder or enter the correct PIN before you can view certificate names.
If you enabled Entrust support in the SSL tab, the Entrust tab settings specify the Entrust certificate to be used.
Configuring the Entrust settings
Browse to or type the path to the entrust.ini file (typically located in the Windows installation directory on Windows machines, and in the Entrust clients subdirectory on UNIX systems.
Browse or type the path to the Entrust profile file (.epf extension) that defines the certificate to be used.
Enter the password required to use the specified Entrust profile.
|Copyright © 2005. Sybase Inc. All rights reserved.|