http://h30097.www3.hp.com/unix/cdsa

Note:

CDSA is available only for Tru64 UNIX 5.1 and later. If you are running Tru64 UNIX 5.0A, you cannot run security-enabled SLP.

2.Enable security in OpenSLP by placing the following entry in the /etc/slp.conf configuration file:

net.slp.securityEnabled = true

3.In the root account, run the keytool utility to generate pairs of public and private keys. To do this, you must have an account on the system for user daemon. The keytool utility places one file for the private key and a corresponding file for the public key in the current working directory.

You can move the files to any appropriate location on the system. The names of the files take the form priv_<unique_number> and pub_<unique_number>. Corresponding pairs of private and public files have the same unique number. The private key file will ultimately be owned by daemon with read-only-by-owner privileges. The public key file will be owned by root and will be readable by owner, group, and other users.

4.Configure a Security Parameter Index file, /etc/slp.spi, that will associate each key pair with an SLP Security Parameter Index (SPI). Use the following format:

<private public> SPI_string path_of_file_generated_by_keytool

For example, the contents of the /etc/slp.spi file could look as follows:

private spi1 secure_directory/priv_1234567890 public spi1 any_directory/pub_1234567890 public spi2 any_directory/pub_2234567890 public spi3 any_directory/pub_3234567890

Note:

For SLP Version 2, only one private key is supported per system. If there is more than one private entry in the /etc/slp.spi file, only the first private entry is processed; the other private entries will be ignored.

The public key file must have a fully readable path; that is, its parent directories must also be readable. At least one public key is required per system.

Running the Services

To select and run services on the network, you must first run the OpenSLP daemon (slpd), which enables binding to the SLP port.

From the Internet Express Administration utility, you can start, stop, and restart the OpenSLP:

1.From the Manage Components menu, choose Manage OpenSLP for Tru64 UNIX. The OpenSLP Administration menu is displayed.

2.From the OpenSLP Administration menu, choose Start/Stop the OpenSLP daemon. The Start/Stop the OpenSLP Daemon form is displayed, indicating whether the OpenSLP daemon is running or is stopped.

When the daemon is stopped, Start and Cancel buttons appear on the form. When the daemon is running, Stop, Restart, and Cancel buttons appear.

3.To start the OpenSLP daemon, click the Start button. This action starts the OpenSLP daemon (slpd with certain default options: -c /etc/slp.configwhen no security is enabled, and -s /etc/slp.spiwhen security is enabled.

Configuring OpenSLP 209

Page 209
Image 209
HP UX Internet Express Software manual Running the Services, Configuring OpenSLP