BEA Logo BEA Tuxedo Release 8.0

  BEA Home  |  Events  |  Solutions  |  Partners  |  Products  |  Services  |  Download  |  Developer Center  |  WebSUPPORT

   http://www.oracle.com/technology/documentation/index.html   |   Site Map   |   Search   |   PDF Files   |   Contact   |   Glossary

 

   Tuxedo Documentation   |   Using the BEA Tuxedo Domains Component   |   Local Topics   |   Previous Topic   |   Next Topic   |   Contents

 

Examples of Coding Security Between Domains

The SECURITY parameter in the DM_LOCAL_DOMAINS section of the DMCONFIG file specifies the security type of a local domain. If authentication is required, it is done every time a connection is established between the local domain and a remote domain. If the security types of the two domains are incompatible, or if the passwords do not match, the connection fails.

Example 1: Setting Security to NONE

If SECURITY is set to NONE for a local domain, incoming connection attempts are not authenticated. Even with SECURITY set to NONE, a local domain can still connect to remote domains that have SECURITY set to DM_PW, but before such a connection can be established, you must define the passwords on both sides by running dmadmin(1) or by using DM_MIB(5).

Setting Security to NONE for Both Application and Domains

 
DOM1: SECURITY in UBBCONFIG set to NONE
       SECURITY in DMCONFIG set to NONE
 
DOM2: SECURITY in UBBCONFIG set to NONE
       SECURITY in DMCONFIG set to DM_PW

In this example, DOM1 is not enforcing any security but DOM2 is enforcing DM_PW security. On the initiator side, the pertinent attributes in UBBCONFIG and DMCONFIG are set as follows:

 
UBBCONFIG
 SECURITY=NONE
 
DMCONFIG
 *DM_LOCAL_DOMAINS
DOM1
   DOMAINID=DOM1
   SECURITY=NONE
 
 *DM_REMOTE_DOMAINS
DOM2 DOMAINID="DOM2"

On the responder side, the pertinent attributes in UBBCONFIG and DMCONFIG are set as follows:

 
UBBCONFIG
 SECURITY=NONE
 
DMCONFIG
 *DM_LOCAL_DOMAINS
DOM2
   DOMAINID=DOM2
   SECURITY=DM_PW
 
 *DM_REMOTE_DOMAINS
DOM1 DOMAINID="DOM1"

After the required attributes have been set in the TUXCONFIG and BDMCONFIG files, boot the applications on DOM1 and DOM2. 

On DOM1:
     dmadmin
      passwd DOM1 DOM2
       Enter Local Domain Password:foo1
       Reenter Local Domain Password:foo1
       Enter Remote Domain Password:foo2
       Reenter Remote Domain Password:foo2
 
On DOM2:
     dmadmin
     passwd DOM2 DOM1
     Enter Local Domain Password:foo2
     Reenter Local Domain Password:foo2
     Enter Remote Domain Password:foo1
      Reenter Remote Domain Password:foo1

Once passwords have been created on both domains, a connection can be established and services can be invoked on the remote domain.

Setting Application Security to NONE and Domains Security to DM_PW

On the initiator side, the pertinent attributes in UBBCONFIG and DMCONFIG are set as follows:

 
UBBCONFIG
 SECURITY=NONE
 
DMCONFIG
 *DM_LOCAL_DOMAINS
 DOM1
 DOMAINID=DOM1
  SECURITY=DM_PW
 
 *DM_REMOTE_DOMAINS
 DOM2 DOMAINID="DOM2"

On the responder side, the pertinent attributes in UBBCONFIG and DMCONFIG are set as follows:

 
UBBCONFIG
 SECURITY=NONE
 
DMCONFIG
 *DM_LOCAL_DOMAINS
 DOM2
  DOMAINID=DOM2
  SECURITY=DM_PW
 
 *DM_REMOTE_DOMAINS
 DOM1 DOMAINID="DOM1"

After the required attributes have been set in the TUXCONFIG and BDMCONFIG files, boot the applications on DOM1 and DOM2:

 
On DOM1:
     dmadmin
      passwd DOM1 DOM2
      Enter Local Domain Password:foo1
      Reenter Local Domain Password:foo1
      Enter Remote Domain Password:foo2
       Reenter Remote Domain Password:foo2
 
On DOM2:
     dmadmin
      passwd DOM2 DOM1
      Enter Local Domain Password:foo2
      Reenter Local Domain Password:foo2
      Enter Remote Domain Password:foo1
      Reenter Remote Domain Password:foo1

Once passwords have been created on both domains, a connection can be established and services can be invoked on the remote domain.

Example 2: Setting Security to APP_PW

If the SECURITY parameter in the UBBCONFIG is set to APP_PW or higher, then SECURITY in the DMCONFIG can be set to NONE, APP_PW, or DM_PW. Because you can define multiple views of a domain in one DMCONFIG file (one view per local domain definition), you can assign a different type of security mechanism to each of those views.

Note: If SECURITY is set to APP_PW for a local domain access point in the DMCONFIG, then SECURITY in the UBBCONFIG must be set to APP_PW or higher.

Setting Security to APP_PW for Both Application and Domains

 
DOM1: SECURITY in UBBCONFIG set to APP_PW
      SECURITY in DMCONFIG set to APP_PW
 
DOM2: SECURITY in UBBCONFIG set to APP_PW
      SECURITY in DMCONFIG set to APP_PW

In this example, both DOM1 and DOM2 enforce APP_PW security.

On the initiator side, the pertinent attributes in UBBCONFIG and DMCONFIG are set as follows:

 
UBBCONFIG
 SECURITY=APP_PW
 
DMCONFIG
 *DM_LOCAL_DOMAINS
DOM1
  DOMAINID=DOM1
  SECURITY=APP_PW
 
 *DM_REMOTE_DOMAINS
DOM2 DOMAINID="DOM2"

On the responder side, the pertinent attributes in UBBCONFIG and DMCONFIG are set as follows.

 
UBBCONFIG
 SECURITY=APP_PW
 
DMCONFIG
 *DM_LOCAL_DOMAINS
DOM2
  DOMAINID=DOM2
  SECURITY=APP_PW
 
 *DM_REMOTE_DOMAINS
DOM1 DOMAINID="DOM1"

After the TUXCONFIG and BDMCONFIG files have been created, boot the applications on DOM1 and DOM2.

 

back to top previous page next page

 

Copyright © 2001 BEA Systems, Inc. All rights reserved.
Required browser: Netscape 4.0 or higher, or Microsoft Internet Explorer 4.0 or higher.