Corporate Info  |  News  |  Solutions  |  Products  |  Partners  |  Services  |  Events  |  Download  |  How To Buy
	http://www.oracle.com/technology/documentation/index.html   |   Site Map   |   Search   |   PDF Files   |   Contact   |   Glossary
Tuxedo Doc Home   |   TOP END Domain Gateway   |   Topic List   |   Previous   |   Next   |   Contents

   Using the BEA Tuxedo TOP END Domain Gateway

The following sections in the DMCONFIG file contain security parameters you define to establish security for a configuration that includes the TEDG:

• DM_LOCAL_DOMAINS Section

• DM_ACCESS_CONTROL Section

• DM_LOCAL_SERVICES Section

DM_LOCAL_DOMAINS Section

The SECURITY parameter specified in the DM_LOCAL_DOMAINS section of the DMCONFIG file controls the security level for the TEDG. This parameter specifies whether BEA TOP END security is used by the TEDG for internode authentication and protection. If TYPE=TOPEND, then the following values are valid for the SECURITY parameter:

• NONE

• CLEAR

• SAFE

• PRIVATE

  This parameter . . .	Uses BEA TOP END Security	And specifies . . .
  NONE	No	The default value
  CLEAR	Yes	No protection is required for internode messages
  SAFE	Yes	Messages should be sent using the Kerberos SAFE message checksum
  PRIVATE	Yes	Messages should be encrypted using the Kerberos 4 implementation of DES

Values for the SECURITY parameter must be consistent with the BEA TOP END Node Manager (NM) configuration parameters [security] and [internode security] as described in nm_config(4T). Consistency is checked during node sign-on.

This optional section contains local Access Control Lists (ACL) used by the TEDG to restrict access by remote domains to local resources. Each entry consists of an ACL_NAME resource identifier along with a list of required parameters designating remote domains permitted to access the resource. If no entry exists for a local service, the service is accessible to all remote domains.

The optional ACL parameter is used by the TEDG to restrict requests from a BEA TOP END remote domain made to specific services or queue spaces defined in SERVICE and QSPACE entries, respectively. Define the ACL parameter as follows:

ACL = identifier

where identifier specifies the name of the access control list (ACL) to be used by the TEDG to restrict requests made to the target service or queue space by BEA TOP END systems. The ACL is defined in the DM_ACCESS_CONTROL section. If this parameter is not specified then access control is not performed for requests to the service or queue space defined in this entry.

• DMCONFIG for GWTOPEND(5) in BEA Tuxedo File Formats and Data Descriptions Reference

• nm_config(4T) in BEA TOP END Programmer's Reference Manual

Copyright © 2000 BEA Systems, Inc. All rights reserved. Required browser: Netscape 4.0 or higher, or Microsoft Internet Explorer 4.0 or higher.