Configuring Configuration Tool Security

3.1 Configuring Configuration Tool Security

No Security: Without configuring SECURITY in the "*RESOURCES" section of the UBBCONFIG file or configuring it with a value of "NONE", no security is used for accessing the SALT Configuration Tool. Anyone who knows the URL of the tool can access it. The following example shows a UBBCONFIG file "*RESOURCES" section example.

Example 3-1 No Security UBBCONFIG *RESOURCES Section

*RESOURCES
IPCKEY 15301
DOMAIN mydomain
MASTER machine1
MAXACCESSERS 50
MAXSERVERS 10
MAXSERVICES 40
MODEL SHM
LDBAL N

Application Password Security: Configuring SECURITY in the "*RESOURCES" section with a value of APP_PW causes Oracle Tuxedo application password security to be enabled. Users who want to access the SALT configuration tool are requested to present this password; failure to do so results in denied access. The following example shows a UBBCONFIG file "*RESOURCES" section example.

Example 3-2 Application Password Security UBBCONFIG *RESOURCES Section

*RESOURCES
IPCKEY 15301
DOMAIN mydomain
MASTER machine1
MAXACCESSERS 50
MAXSERVERS 10
MAXSERVICES 40
MODEL SHM
LDBAL N
SECURITY APP_PW

User Authentication Security: Configuring SECURITY in the "*RESOURCES" section with a value of USER_AUTH causes Oracle Tuxedo user authentication security to be enabled. To access the SALT configuration tool users are requested to present a valid Oracle Tuxedo user name and password; failure to do so results in denied access. The following example shows a UBBCONFIG file "*RESOURCES" section example.

Example 3-3 User Authentication Security UBBCONFIG *RESOURCES Section

*RESOURCES
IPCKEY 15301
DOMAIN mydomain
MASTER machine1
MAXACCESSERS 50
MAXSERVERS 10
MAXSERVICES 40
MODEL SHM
LDBAL N
SECURITY USER_AUTH

A user can be added using the "tpusradd" command. The following example adds user "tom" to the group with group id 1000 in the Oracle Tuxedo application domain.

$ tpusradd -u 2503 -g 1000 tom

Access Control List Security: Configuring SECURITY in the "*RESOURCES" section with a value of ACL causes Oracle Tuxedo access control list security to be enabled. Anyone who wants to access the SALT configuration tool is requested to present a valid Oracle Tuxedo user name and password that belongs to the group(s) allowed to access the Web Console; failure to do so results in denied access. The following example shows a UBBCONFIG file "*RESOURCES" section example.

Example 3-4 Access Control List Security UBBCONFIG *RESOURCES Section

*RESOURCES
IPCKEY 15301
DOMAIN mydomain
MASTER machine1
MAXACCESSERS 50
MAXSERVERS 10
MAXSERVICES 40
MODEL SHM
LDBAL N
SECURITY ACL

Access control to the configuration tool can be added using the "tpacladd" command. The following example adds Configuration Tool service "SALTWEBCONSOLE" to the access control list in an Oracle Tuxedo application domain.

$ tpacladd -g 1000 SALTWEBCONSOLE

If the service is not added to the Oracle Tuxedo access control security data file, any user with a valid Oracle Tuxedo user name and password can access the SALT Web Console.

Mandatory Access Control List Security: Configuring SECURITY in the "*RESOURCES" section with a value of MANDATORY_ACL causes Oracle Tuxedo access control list security to be enabled. Anyone who wants to access the SALT configuration tool is requested to present a valid Oracle Tuxedo user name and password that belongs to the group(s) allowed to access the configuration tool; failure to do so results in denied access. The following example shows a UBBCONFIG file "*RESOURCES" section example.

Example 3-5 Mandatory Access Control List Security UBBCONFIG *RESOURCES Section

*RESOURCES
IPCKEY 15301
DOMAIN mydomain
MASTER machine1
MAXACCESSERS 50
MAXSERVERS 10
MAXSERVICES 40
MODEL SHM
LDBAL N
SECURITY MANDATORY_ACL

Access control to the configuration tool can be added using the "tpacladd" command. The following example adds the configuration tool service "SALTWEBCONSOLE" to the access control list in the Oracle Tuxedo application domain.

$ tpacladd -g 1000 SALTWEBCONSOLE

If the service is not added to the Oracle Tuxedo access control security data file, then you cannot access the SALT Web Console.