How to: |
You can run the server in any of the following security provider modes:
The default security provider mode is OPSYS if you have satisfied the OPSYS requirements. Otherwise, the default provider mode is OFF. To apply a different security mode, To apply a different security provider, use the Web Console. To configure the server security provider, access the Control Menu, right-click Security Providers, and then select Change Providers.
Note: To revert to OFF, if OPSYS was previously set up, additional steps are required as outlined in the OPSYS setup steps below to properly revert.
If a 7.7.04 or higher refresh is performed on a prior server of 7.7.03 or lower and the EDAEXTSEC variable was used to control the security modes of DBMS, PTH, or LDAP, the variable should be removed from wherever it was set. The server security should be re configured using the Web Console method of setting the security provider.
You must satisfy the requirements described in How to Satisfy Security Provider OPSYS Requirements.
Some security modes need additional information before they can be configured and activated, such as the various LDAP parameters involved in connecting to and using a LDAP directory. The various parameters are displayed within the Web Console configuration page for each mode with help icons next to them. You can also find Web Console help in the Server Administration for UNIX, Windows, OpenVMS, IBMÂ i, and z/OS manual. To access the manual on the Web Console:
The Web Console Help window opens.
To run a server in security provider mode OPSYS in OpenVMS, you must satisfy the following requirements. You must do this when you set up the server administration (iadmin) ID.
Although installation can be done by an ordinary user, the changes listed here require the SYSTEM ID.
Run MCR AUTHORIZE to add the following privileges to the iadmin ID.
Privilege |
Function |
Required for |
---|---|---|
CMKRNL |
May change mode to kernel |
Server impersonation features |
IMPERSONATE |
May impersonate another user |
Server impersonation features |
NETMBX |
May create network device |
Mailboxes * |
PRMGBL |
May create permanent global sections |
IPC Shared Memory * |
PRMMBX |
May create permanent mailbox |
IPC Control Pipes * |
SYSGBL |
May create system wide global sections |
IPC Shared Memory * |
SYSNAM |
May insert in system logical name table |
IPC Control Pipes * |
SYSPRV |
May access objects using system protection |
Creating system logical tables* and server security features |
TMPMBX |
May create temporary mailbox |
Mailboxes * |
WORLD |
May affect other processes in the world |
Control of impersonated processes |
SYSLCK |
May lock system wide resources |
Adapter for Progress only * |
* Also required for non-secured servers.
Any additional privileges or changes in quota required by particular underlying databases must also be authorized and customized in the EDAENV.PRM file, as described in How to Add/Change Privileges and Quotas (EDAENV.PRM).
The default minimal quota resources are also contained in the default EDAENV.PRM file. You do not need to have values explicitly declared in the UAF or SYSTEM tables, provided the iadmin user ID has IMPERSONATE privileges. However, some situations may require quotas to be increased (for instance, if there are problems accessing very large databases). This is also done by customizing the EDAENV.PRM file, as described below.
You can create privilege and quota settings using a configuration file (EDAENV.PRM). To customize the settings:
EDAENV.PRM edit rules:
The EDAENV.PRM file should not be confused with the EDAENV.COM file, which is used for running additional OpenVMS commands (typically logical declarations) at startup. An example of EDAENV.PRM follows:
io_direct = 200 queue_limit = 100 page_file = 2097152 buffer_limit = 800000 io_buffered = 200 ast_limit = 300 working_set = 3076 maximum_working_set = 8192 extent = 10240 file_limit = 4096 enqueue_limit = 4000 job_table_quota = 10000 priority = 4 privilege_1 : TMPMBX, NETMBX, PRMMBX privilege_2 : PRMGBL, SYSGBL, SYSNAM privilege_3 : SYSPRV, CMKRNL, WORLD privilege_4 : SYSLCK, IMPERSONATE
iWay Software |