Sun Java System Calendar Server 6 2005Q4 Administration Guide

Maintaining Security Between Front-End and Back-End Servers

You can configure password authentication between front-end and back-end servers. This section explains how secure communication between the two can be set up and how it works. The following topics are covered:

How Authentication is Accomplished

A front-end server uses the Database Wire Protocol (DWP) to communicate with a back-end server. Because DWP uses HTTP as the transport mechanism, Calendar Server provides authentication for DWP connections between front-end and back-end servers using configuration parameters.

When the front-end server first connects to the back-end server, it sends the user ID and password specified in the ics.conffile. The back-end server checks the parameters in its ics.conffile, and if both parameters match, the authentication is successful. The back-end server then sends a session ID back to the front-end server. The front-end server uses the session ID in subsequent DWP commands to the back-end server.

Subsequent connections from the same front-end server do not need to be authenticated again, unless the back-end server is restarted or the session expires because of no activity between the two servers.

If you have multiple front-end and back-end servers, you can use the same user ID and password for each one.

If a back-end server does not specify a user ID and password, no authentication is performed.

ProcedureTo Set Up Authentication for DWP Connections for a Front-end Server

Before You Begin

Caution – Caution –

These parameters are not included in the installed version of the ics.conf file. To use authentication for DWP connections, you must add the required parameters to the ics.conf file on each front-end server.


  1. On every front-end server, log in as an administrator with permission to change the configuration.

  2. Change to the /etc/opt/SUNWics5/cal/config directory.

  3. Save your old ics.conf file by copying and renaming it.

  4. Add the ics.conf parameters as shown in the following table:

    Parameter 

    Description 

    caldb.dwp.server.back-end-server.admin

    On a front-end server, specifies the administrator's user ID that is used for authentication for a DWP connection to a back-end server, where back-end-server is the name of the server.

    caldb.dwp.server.back-end-server.cred

    On a front-end server, specifies the password that is used for authentication for a DWP connection to a back-end server, where back-end-server is the name of the server.

  5. Save the file as ics.conf.

  6. Restart Calendar Server.

    cal_svr_base/SUNWics5/cal/sbin/start-cal

ProcedureTo Set up Authentication for DWP Connections for a Back-end Server

Before You Begin

Caution – Caution –

These parameters are not included in the installed version of the ics.conf file. To use authentication for DWP connections, you must add the required parameters to the ics.conf file on each back-end server.


  1. On every back-end server, log in as an administrator with permission to change the configuration.

  2. Change to the /etc/opt/SUNWics5/cal/config directory.

  3. Save your old ics.conf file by copying and renaming it.

  4. Add the ics.conf parameters as shown in the following table:

    Parameter 

    Description 

    service.dwp.admin.userid

    On a back-end server, specifies the user ID that is used to authenticate a DWP connection. If a back-end server does not specify a user ID, no authentication is performed. 

    service.dwp.admin.cred

    On a back-end server, specifies the password that is used to authenticate a DWP connection. If a back-end server does not specify a password, no authentication is performed. 

  5. Save the file as ics.conf.

  6. Restart Calendar Server.

    cal_svr_base/SUNWics5/cal/sbin/start-cal