Siebel Security Guide > Security Adapter Authentication > Security Adapter Deployment Options >

Configuring Checksum Validation

The checksum validation option verifies that the security adapter loaded by the authentication manager is the correct version. It is recommended that you use checksum validation to make sure that the appropriate security adapter provides user credentials to the authentication manager for all users who request access.

Checksum validation for security adapters can be implemented in the following authentication strategies:

• Security adapter authentication: LDAP, ADSI, custom (not database authentication)
• Web SSO authentication

You can implement checksum validation with the Siebel checksum utility that is included when you install your Siebel application.

Checksum validation supports the following principles:

• A CRC (cyclical redundancy check) checksum value for the security adapter library file (such as the DLL file on Windows) is stored as a configuration parameter value for the security adapter.
• When a security adapter provides a user identity and database account to the Application Object Manager, a checksum value is calculated for that security adapter.
• The user is granted access if the two checksum values are equal.

The following procedure outlines the steps in implementing checksum validation.

To configure checksum validation

1. Enter and run the following command at a command prompt, using the required security adapter library file name (such as the DLL file on Windows) as the argument:

   checksum -f filename

   The utility returns the checksum value.

   For example, if you are using an LDAP security adapter, then the following command:

   checksum -f sscforacleldap.dll

   returns something similar to:

   CRC checksum for file 'sscforacleldap.dll' is f49b2be3

   NOTE:  You must specify a different DLL file if you are using the IBM LDAP Client instead of the Oracle Database Client, or if you are using an ADSI security adapter or a custom security adapter.

2. For the security adapter you are using, set the CRC configuration parameter to the checksum value that is calculated in Step 1.

   For information about setting Siebel Gateway Name Server configuration parameters, see Siebel Gateway Name Server Parameters. For Developer Web Client, define these parameters in the corresponding section in the application configuration file, such as uagent.cfg for Siebel Call Center. For Gateway Name Server authentication, define these parameters in the gateway.cfg file.

   In previous Siebel CRM releases, the CRC checksum value was set using the Security Adapter CRC system preference, rather than a configuration parameter.

NOTE:  The checksum value in this procedure is an example only. You must run the checksum utility as described to generate the value that is valid for your implementation. In addition, you must recalculate the CRC checksum value and update the CRC parameter value each time you upgrade your Siebel Business Applications, including each time you apply a Siebel quick fix or fix pack.