How to Set Up Domains Authentication


	BEA Home \| Events \| Solutions \| Partners \| Products \| Services \| Download \| Developer Center \| WebSUPPORT
	http://www.oracle.com/technology/documentation/index.html \| Site Map \| Search \| PDF Files \| Contact \| Glossary

Tuxedo Documentation \| Using the BEA Tuxedo Domains Component \| Local Topics \| Previous Topic \| Next Topic \| Contents

Domain gateways can be made to authenticate incoming connections requested by remote domains and outgoing connections requested by local domains. The authentication mechanism is optional and compatible with the BEA Tuxedo mechanism specified in the TUXCONFIG file.

Application administrators can define when security should be enforced for incoming connections from remote domains. You can specify the level of security used by a particular local domain by setting the SECURITY parameter in the DM_LOCAL_DOMAINS section of the DMCONFIG file. There are three levels of password security:

No Security (using the NONE option)—incoming connections from remote domains are not authenticated.
Application Password (using the APP_PW option)— incoming connections from remote domains are authenticated using the application password defined in the TUXCONFIG file. The BEA Tuxedo application password is administered with tmloadcf(1), which prompts for the password when the SECURITY option is enabled in the TUXCONFIG file. The password is automatically propagated with the TUXCONFIG file to the other machines in the configuration. You can update the password dynamically using the tmadmin command.
Remote Domains Password (using the DM_PW option)—BEA Tuxedo Domains uses this feature to enforce security between two or more BEA Tuxedo domains. Connections between the local and remote domains are authenticated using passwords defined in the DM_PASSWORDS section of the BDMCONFIG file. These passwords are added to the binary configuration file after dmloadcf has been run, using the passwd subcommand of the dmadmin(1) command. Each entry contains the password used by a remote domain to access a particular local domain and the password required by the local domain, in turn, to access the remote domain.

If the SECURITY parameter is not set in TUXCONFIG (that is, if it defaults to NONE or if it is set explicitly to NONE), the Domains configuration can still require the Domain gateways to enforce security at the DM_PW level. If the DM_PW option is selected, then each remote domain must have a password defined in the DM_PASSWORDS section of the BDMCONFIG file. In other words, incoming connections from remote domains without a password are rejected by domain gateways.

T_DM_PASSWORDS MIB Class Definitions

The T_DM_PASSWORDS class represents configuration information for inter-domain authentication through local and remote access points of type TDOMAIN. The T_DM_PASSWORDS class contains the following entries for each remote domain.

TA_DMLACCESSPOINT—the name of the local domain access point to which the password applies.
TA_DMRACCESSPOINT—the name of the remote domain access point to which the password applies.
TA_DMLPWD—the local password used to authenticate connections between the local domain access point (identified by TA_DMLACCESSPOINT) and the remote domain access point (identified by TA_DMRACCESSPOINT).
TA_DMRPWD—the remote password used to authenticate connections between the remote domain access point (identified by TA_DMRACCESSPOINT) and the local domain access point (identified by TA_DMLACCESSPOINT).
Note: Passwords are stored securely in encrypted format.

Setting Domains Passwords

BEA Tuxedo Domains passwords (DM_PW) are set using the dmadmin(1) command, as follows:

     passwd [-r] local_domain_name remote_domain_name

This command prompts the administrator for new passwords for the specified local and remote domains.