Corporate Info  |  News  |  Solutions  |  Products  |  Partners  |  Services  |  Events  |  Download  |  How To Buy
	http://www.oracle.com/technology/documentation/index.html   |   Site Map   |   Search   |   PDF Files   |   Contact   |   Glossary
Tuxedo Doc Home   |   Administration   |   Topic List   |   Previous   |   Next   |   Contents

   Using the BEA Tuxedo Domains Component

Domain gateways can be made to authenticate incoming connections requested by remote domains and outgoing connections requested by local domains. The authentication mechanism is optional and compatible with the BEA Tuxedo mechanism specified in the TUXCONFIG file.

Application administrators can define when security should be enforced for incoming connections from remote domains. You can specify the level of security used by a particular local domain by setting the SECURITY parameter in the DM_LOCAL_DOMAINS section of the DMCONFIG file. There are three levels of password security:

• Application Password (using the APP_PW option)- Incoming connections from remote domains are authenticated using the application password defined in the TUXCONFIG file. The BEA Tuxedo application password is administered with tmloadcf(1), which prompts for the password when the SECURITY option is enabled in the TUXCONFIG file. The password is automatically propagated with the TUXCONFIG file to the other machines in the configuration. You can update the password dynamically using the tmadmin command.

• No Security (using the NONE option)-Incoming connections from remote domains are not authenticated.

• Remote Domains Password (using the DM_PW option)-BEA Tuxedo Domains uses this feature to enforce security between two or more BEA Tuxedo domains. Connections between the local and remote domains are authenticated using passwords defined in the DM_PASSWORDS section of the BDMCONFIG file. These passwords are added to the binary configuration file after dmloadcf has been run, using the passwd subcommand of the dmadmin(1) command. Each entry contains the password used by a remote domain to access a particular local domain and the password required by the local domain, in turn, to access the remote domain.

If the SECURITY parameter is not set in TUXCONFIG (that is, if it defaults to NONE or if it is set explicitly to NONE), the Domains configuration can still require the Domain gateways to enforce security at the DM_PW level. If the DM_PW option is selected, then each remote domain must have a password defined in the DM_PASSWORDS section of the BDMCONFIG file. In other words, incoming connections from remote domains without a password are rejected by domain gateways.

The DM_PASSWORDS table contains the following entries for each remote domain:

• LDOM-The name of the local domain providing access to the remote domain

• RDOM-The name of the remote domain

• LPWD-The password used by a local domain to authenticate with the remote domain

• RPWD-The password used by the remote domain to authenticate with the local domain

  Note: Passwords are stored securely in encrypted format.

See Also

• Examples of Coding Security Between Domains

• dmadmin(1) in BEA Tuxedo Command Reference

• DMCONFIG(5) in BEA Tuxedo File Formats and Data Descriptions Reference