A.8. Security Tab

Attributes on the Security tab are global security attributes which apply to all SGD servers in the array.

From the command line, use the Section D.16, “tarantella config list” command to list these settings, and the Section D.15, “tarantella config edit” command to edit these settings.

A.8.1. New Password Encryption Key

Usage: Select or deselect the check box.

Description

Whether to generate a new encryption key for the password cache when an SGD server is restarted.

If a new encryption key is generated, the existing password cache is preserved and encrypted with the new key.

Command Line

Command option: --security-newkeyonrestart 1 | 0

Usage: Specify 1 (true) or 0 (false).

In the following example, a new encryption key for the password cache is not generated when an SGD server is restarted.

--security-newkeyonrestart 0

A.8.2. Timeout for Print Name Mapping

Usage: Type a timeout value, measured in seconds, in the field.

Description

The period of time an entry in the print name mapping table is retained. This table is used to ensure that users can print from an application and then exit the application, without losing the print job.

The timer starts counting when the user closes the last application on the application server.

Set the timeout value to be greater than the maximum delay between choosing to print from an application and the printer responding.

If you change this value, all existing expiry timeouts are reset. Changes take effect immediately.

To flush the table, type in 0 and click Apply. You can then set the timeout to the required value.

To display the table, use the tarantella print status --namemapping command.

Command Line

Command option: --security-printmappings-timeout seconds

Usage: Replace seconds with the timeout value, measured in seconds.

In the following example, the print name mapping table is retained for 1800 seconds (30 minutes).

--security-printmappings-timeout 1800

A.8.3. Connection Definitions

Usage: Select or deselect the check box.

Description

Whether to take note of the Section C.2.32, “Connections” attribute when a user logs in to SGD.

Select the check box, or set the command line option to 1, if you are using the Connections attribute for user profile, organizational unit, or organization objects.

Deselect the check box if SGD security services are not enabled.

If SGD security services are enabled, connections are secure unless the check box is selected and some connections are defined otherwise.

Deselecting the check box enables users to log in more quickly.

Changes to this attribute take effect immediately.

Command Line

Command option: --security-applyconnections 1 | 0

Usage: Specify 1 (true) or 0 (false).

The following example disables checking of connections for SGD log ins.

--security-applyconnections 0

A.8.4. X Authorization for X Display

Usage: Select or deselect the check box.

Description

Whether to secure all SGD X displays using X authorization. This prevents users from accessing X displays they are not authorized to access.

X authorization is enabled by default.

To use X authorization, xauth must be installed on the application server.

If X authorization is enabled, SGD checks the standard locations for the xauth binary. Extra configuration might be needed if the binary is in a nonstandard location.

Changes to this attribute take effect immediately.

Note

This attribute only secures the X display between the SGD server and the application server.

Command Line

Command option:--security-xsecurity 1 | 0

Usage: Specify 1 (true) or 0 (false).

The following example enables X authorization.

--security-xsecurity 1