WLEC

Access Control Lists (ACLs) limit the access to local services within a local domain by restricting the remote domains that can execute these services. Inbound policy from a remote domain is specified using the AclPolicy element. Outbound policy towards a remote domain is specified using the CredentialPolicy element. This allows WebLogic Server and Tuxedo applications to share the same set of users and the users are able to propagate their credentials from one system to the other.

Table 11-9

Attribute Label	Description	Value Constraints
Acl Policy	The inbound access control list (ACL) policy toward requests from a remote domain. If Interoperate is set to Yes, AclPolicy is ignored. LOCAL: The local domain modifies the identity of service requests received from a given remote domain to the principal name specified in the local principal name for a given remote domain. GLOBAL: The local domain passes the service request with no change in identity. MBean: weblogic.management. configuration. WTCRemoteTuxDomMBean Attribute: AclPolicy	Default: "LOCAL" Valid values: "GLOBAL" "LOCAL"
Credential Policy	The outbound access control list (ACL) policy toward requests to a remote domain. If Interoperate is set to Yes, CredentialPolicy is ignored. LOCAL: The remote domain controls the identity of service requests received from the local domain to the principal name specified in the local principal name for this remote domain. GLOBAL: The remote domain passes the service request with no change. MBean: weblogic.management. configuration. WTCRemoteTuxDomMBean Attribute: CredentialPolicy	Default: "LOCAL" Valid values: "GLOBAL" "LOCAL"
Min Encryption Level	The minimum encryption key length (in bits) used when establishing a network connection for a local domain. A value of 0 indicates no encryption is used. The value of the MinEncrypBits attribute must be less than or equal to the value of the MaxEncrypBits attribute. A MinEncrypBits of 40 can be used only with domains running Tuxedo 7.1 or higher. MBean: weblogic.management. configuration. WTCRemoteTuxDomMBean Attribute: MinEncryptBits	Default: "0" Valid values: "0" "40" "56" "128"
Max Encryption Level	The maximum encryption key length (in bits) used when establishing a network connection for a local domain. A value of 0 indicates no encryption is used. The value of the MaxEncryptBits attribute must be greater than or equal to the value of the MinEncrypBits attribute. A MaxEncryptBits of 40 can be used only with domains running Tuxedo 7.1 or higher. MBean: weblogic.management. configuration. WTCRemoteTuxDomMBean Attribute: MaxEncryptBits	Default: "128" Valid values: "0" "40" "56" "128"
Allow Anonymous	Decides whether the anonymous user is allowed to access Tuxedo. If anonymous is allowed to access Tuxedo the the default AppKey will be used for TpUsrFile, and LDAP AppKey generators selection. As for Custom AppKey generator then it depends on the design of the Custom AppKey generator. MBean: weblogic.management. configuration. WTCRemoteTuxDomMBean Attribute: AllowAnonymous	Default: false Valid values: true false
Default AppKey	The default AppKey value to be used by anonymous user and other users who are not defined in the user database if the plug-in allows them to access Tuxedo. The standard plug-in TpUsrFile and LDAP does not allow user not defined in user database to access Tuxedo, the only exception is the anonymous user when Allow Anonymous is enabled. MBean: weblogic.management. configuration. WTCRemoteTuxDomMBean Attribute: DefaultAppKey	Default: "-1"
AppKey Generator	The AppKey generator selection. There are three choices. TpUsrFile. LDAP. Custom. The TpUsrFile is default, it is based on the imported Tuxedo TPUSR file as the source of the user security information. In WLS 7.0 and before the WTC only support this option. The LDAP utilize the embedded LDAP server as source of user security information. The user record must define the Tuxedo UID and GID information in the description field. The last choice Custome user must write their own AppKey generator class that can get the user security information to be passed to Tuxedo. MBean: weblogic.management. configuration. WTCRemoteTuxDomMBean Attribute: AppKey	Default: "TpUsrFile" Valid values: "TpUsrFile" "LDAP" "Custom"
Tp User File	The full path to user password file containing uid/gid information. This file is the same one generated by the Tuxedo tpusradd utility on the remote domain. Username, uid and gid information must be included and valid for correct authorization, authentication, and auditing. MBean: weblogic.management. configuration. WTCRemoteTuxDomMBean Attribute: TpUsrFile
Tuxedo UID Keyword	The keyword for Tuxedo UID (user id) used in the WlsUser when using the Tuxedo migration utility tpmigldap. The keyword is used to find Tuxedo UID in the user record in the embedded LDAP database. MBean: weblogic.management. configuration. WTCRemoteTuxDomMBean Attribute: TuxedoUidKw	Default: "TUXEDO_UID"
Tuxedo GID Keyword	The keyword for Tuxedo GID (group id) used in the WlsUser when using the Tuxedo migration utility tpmigldap. The keyword is used to find Tuxedo GID in the user record in the embedded LDAP database. MBean: weblogic.management. configuration. WTCRemoteTuxDomMBean Attribute: TuxedoGidKw	Default: "TUXEDO_GID"
Custom AppKey Class	The full pathname to the custom AppKey generator class. The class pointed by this full pathname will be loaded at runtime if the Custom AppKey generator plug-in is selected. MBean: weblogic.management. configuration. WTCRemoteTuxDomMBean Attribute: CustomAppKeyClass
Custom AppKey Param	The optional parameters to be used by the custom AppKey class at the class initialization time. MBean: weblogic.management. configuration. WTCRemoteTuxDomMBean Attribute: CustomAppKeyClassParam