Running the ObjectServer in secure mode
You can run the ObjectServer in secure mode. When you specify the -secure command-line option, the ObjectServer authenticates probe, gateway, and proxy server connections by requiring a user name and password.
SecureMode: TRUE # BOOLEAN (Secure authentication)
When a connection request is sent, the ObjectServer issues an authentication message. The probe, gateway, or proxy server must respond with the correct user name and password combination.
If you do not specify the -secure option, probe, gateway, and proxy server connection requests are not authenticated.
- Each probe or proxy server that makes a connection must have the AuthUserName and AuthPassword properties specified in its properties file.For more information, see Common probe properties and command-line options.
- Each unidirectional gateway that uses a properties file must have values specified for the Gate.Writer.Username, Gate.Writer.Password, Gate.Reader.Username, and Gate.Reader.Password properties. Each bidirectional gateway that uses a properties file must have values specified for the Gate.ObjectServerA.Username, Gate.ObjectServerA.Password, Gate.ObjectServerB.Username, and Gate.ObjectServerB.Password properties. Each gateway that uses a configuration file must have values specified for the AUTH_USER and AUTH_PASSWORD commands in the gateway configuration file. For more information, see Unidirectional gateway properties and Bidirectional gateway properties.
If the user name and password combination is incorrect, the ObjectServer issues an error message and rejects the connection.
You can choose any valid user name for the AuthUserName, Gate.Writer.Username, Gate.Reader.Username, Gate.ObjectServerA.Username, or Gate.ObjectServerB.Username property, or the AUTH_USER command.
Password encryption details for running in FIPS 140–2 mode and non-FIPS 140–2 mode are described in the following table.
Mode | Action |
---|---|
FIPS 140–2 mode |
When in FIPS 140–2 mode, passwords can either be specified in plain text or in encrypted format. You can encrypt passwords by using property value encryption, as follows:
|
Non-FIPS 140–2 mode |
When in non-FIPS 140–2 mode, passwords can either be specified in plain text or in encrypted format. However, the client always transmits encrypted login information irrespective of the password encryption that is used in the properties file. You can encrypt passwords by using the nco_g_crypt utility or by using property value encryption, as follows:
|
A password encrypted with nco_g_crypt is specified in the same way as an unencrypted password when connecting to the ObjectServer. The ObjectServer automatically detects an encrypted password and performs the necessary decryption to verify the password during authentication.