e-docs > Tuxedo > Using Security in ATMI Applications |
Using Security in ATMI Applications |
Operating System (OS) Security
Authentication Plug-in Architecture
Understanding Delegated Trust Authentication
Getting Authorization and Auditing Tokens
Replacing Client Tokens with Server Tokens
Implementing Custom Authentication
Authorization Plug-in Architecture
How the Authorization Plug-in Works
Implementing Custom Authorization
How the Auditing Plug-in Works
Encryption Key Size Negotiation
Interoperating with Release 6.5 BEA Tuxedo Software
Interoperating with Pre-Release 6.5 BEA Tuxedo Software
WSL/WSH Connection Timeout During Initialization
LLE Installation and Licensing
Supported Algorithms for Public Key Security
Public Key Installation and Licensing
Message-based Digital Signature
Implementing Custom Public Key Security
Default Public Key Implementation
Default Authentication and Authorization
Interoperating with Pre-Release 7.1 Software
Interoperability for Link-Level Encryption
Interoperability for Public Key Security
Mixing Default/Custom Authentication and Authorization
Mixing Default/Custom Authentication and Auditing
Compatibility Issues for Public Key Security
Compatibility/Interaction with Data-dependent Routing
Compatibility/Interaction with Threads
Compatibility/Interaction with the EventBroker
Compatibility/Interaction with /Q
Compatibility/Interaction with Transactions
Compatibility/Interaction with Domain Gateways
Compatibility/Interaction with Other Vendors' Gateways
What Administering Security Means
Setting the BEA Tuxedo Registry
Purpose of the BEA Tuxedo Registry
Configuring an ATMI Application for Security
Editing the Configuration File
Using the BEA Administration Console
Setting Up the Administration Environment
Administering Operating System (OS) Security
Recommended Practices for OS Security
How System Processes Acquire Credentials
Why System Processes Need Credentials
Example UBBCONFIG Entries for Principal Names
Mandating Interoperability Policy
Establishing an Identity for an Older Client
How the WSH Establishes an Identity for an Older Client
How the Domain Gateway Establishes an Identity for an Older Client
How the Server Establishes an Identity for an Older Client
Summarizing How the CLOPT -t Option Works
Example UBBCONFIG Entries for Interoperability
Establishing a Link Between Domains
Example DMCONFIG Entries for Establishing a Link
Impersonating the Remote Domain Gateway
Example DMCONFIG Entries for ACL Policy
Administering Link-Level Encryption
Understanding min and max Values
Verifying the Installed LLE Version
How to Configure LLE on Workstation Client Links
How to Configure LLE on Bridge Links
How to Configure LLE on tlisten Links
How to Configure LLE on Domain Gateway Links
Administering Public Key Security
Recommended Practices for Public Key Security
Assigning Public-Private Key Pairs
Setting Digital Signature Policy
Setting a Postdated Limit for Signature Timestamps
Setting a Predated Limit for Signature Timestamps
Enforcing the Signature Policy for Incoming Messages
How the EventBroker Signature Policy Is Enforced
How the /Q Signature Policy Is Enforced
How the Remote Client Signature Policy Is Enforced
Enforcing the Encryption Policy for Incoming Messages
How the EventBroker Encryption Policy Is Enforced
How the /Q Encryption Policy Is Enforced
How the Remote Client Encryption Policy Is Enforced
Initializing Decryption Keys Through the Plug-ins
Failure Reporting and Auditing
Digital Signature Error Handling
Administering Default Authentication and Authorization
Establishing Security by Editing the Configuration File
Establishing Security by Changing the TM_MIB
Establishing Security by Using the BEA Administration Console
Configuring the Authentication Server
How to Enable Application Password Security
How to Enable User-Level Authentication Security
Setting Up the User and Group Files
Converting System Security Data Files to BEA Tuxedo User and Group Files
Adding, Modifying, or Deleting Users and Groups
Enabling Access Control Security
How to Enable Optional ACL Security
How to Enable Mandatory ACL Security
What Programming Security Means
Programming an ATMI Application with Security
Setting Up the Programming Environment
Writing Security Code So Client Programs Can Join the ATMI Application
Transferring the Client Security Data
Calling a Service Request Before Joining the ATMI Application
Writing Security Code to Protect Data Integrity and Privacy
ATMI Interface for Public Key Security
Recommended Uses of Public Key Security
Sending and Receiving Signed Messages
Writing Code to Send Signed Messages
Step 1: Opening a Key Handle for Digital Signature
Step 2 (Optional): Getting Key Handle Information
Step 3 (Optional): Changing Key Handle Information
Step 4: Allocating a Buffer and Putting a Message in the Buffer
Step 5: Marking the Buffer for Digital Signature
Step 7: Closing the Signer's Key Handle
How the System Generates a Digital Signature
How a Signed Message Is Received
Verifying and Transmitting an Input Buffer's Signatures
Replacing an Output Buffer's Signatures
Sending and Receiving Encrypted Messages
Writing Code to Send Encrypted Messages
Step 1: Opening a Key Handle for Encryption
Step 2 (Optional): Getting Key Handle Information
Step 3 (Optional): Changing Key Handle Information
Step 4: Allocating a Buffer and Putting a Message in the Buffer
Step 5: Marking the Buffer for Encryption
Step 7: Closing the Encryption Key Handle
How the System Encrypts a Message Buffer
Writing Code to Receive Encrypted Messages
Step 1: Opening a Key Handle for Decryption
Step 2 (Optional): Getting Key Handle Information
Step 3 (Optional): Changing Key Handle Information
Step 4: Closing the Decryption Key Handle
How the System Decrypts a Message Buffer
Examining Digital Signature and Encryption Information
What Happens When an Originating Process Calls tpenvelope
What Happens When a Receiving Process Calls tpenvelope
Understanding the Composite Signature Status
Externalizing Typed Message Buffers
How to Create an Externalized Representation
How to Convert an Externalized Representation
Example Code for tpexport and tpimport
Implementing Single Point Security Administration
What Single Point Security Administration Means
Single Point Security Administration Tasks
Setting up LAUTHSVR as the Authentication Server
LAUTHSVR Command Line Interface
Setting Up the LAUTHSVR Configuration File
Sample UBBCONFIG Using LAUTHSVR
Using Multiple Network Addresses for High Availability
Configuring the Database Search Order
Using tpmigldap to Migrate User Information to WebLogic Server
Assigning New Passwords for the tpusr File
tpmigldap Command Line Options
Adding New Tuxedo User Information
Adding New User Information in tpusr or tpgrp
Adding New User Information Using the WebLogic Administration Console