IBM RELEASE 7.3

The Security Controls section of the Server Configuration window is common to all server s. In the

example window above, the server displayed is a Core Server.

Field Descriptions

Principal Name. The name of the principal the server will use to authentica te.

Protection Level. The level of protection that will be provided for communication with peer

applications. The higher the level of protection, the more encryption and overhead requir ed in

communications with peers. The levels, from lowest to highest, are as follows:

•Connect - Performs authentication only when the client establishes a connection with the server.

•Packet - Ensures that all data received is from the expected client.

•Packet Integrity - Verifies that none of the data transferred between client and server has been

modified.

•Packet Privacy - Verifies that none of the data transferred between client and server has been

modified and also encrypts the data transferred between client and server.

Authentication Service Configuration. Each server can support up to two Authentica tion Services. The

following fields are used to define each authentication service configured for a server.

Mechanism. The authentication mechanism to use when passing identity information in

communications to HPSS components.

•KRB5 - indicates that the server will useKerberos 5 authentication.

•UNIX - indicates that the server will use UNIX authentication.

•Not Configured - indicates that an authentication service has not been configured for this

slot. At least one of the authentication service slots must be configured.

Authenticator Type. The type of authenticator specified in the Authenticator field. The types

are:

•Not Configured – indicates that an authenticator has not been configured for t his slot. If a

mechanism is specified, an authenticator type must also be specified.

•None – indicates no authenticator is supplied for this mechanism. This is appropr iate for

UNIX authentication if no keytab is used. The server's credentials will be its current

UNIX identity.

•Keytab - indicates that the authenticator is the path to a keytab file. For Kerbe ros

authentication this is a keytab file created with Kerberos utilitie s. For UNIX

authentication this is a keytab file created with the hpss_unix_keytab utilit y. See its man

page for details. Each server can have its own keytab file, or all the servers can share a

single keytab file. It is recommended that one keytab file be used for all of the servers on

any given host.

HPSS Management Guide November 2009

Release 7.3 (Revision 1.0) 93