Secure mode for probes

You can run the ObjectServer in secure mode. When you start the ObjectServer using the -secure command-line option, the ObjectServer authenticates probe, gateway, and proxy server connections by requiring a user name and password.

When a connection request is sent, the ObjectServer issues an authentication message. The probe, gateway, or proxy server must respond with the correct user name and password combination.

If the ObjectServer is not running in secure mode, probe, gateway, and proxy server connection requests are not authenticated.

Before running a probe that connects to a secure ObjectServer or proxy server, ensure that the AuthUserName and AuthPassword properties are set in the probe properties file, with values for the user name and password. If the user name and password combination is incorrect, the ObjectServer issues an error message and rejects the connection.

When in FIPS 140–2 mode, the password can either be specified in plain text, or can be encrypted with the nco_aes_crypt utility. If you are encrypting passwords by using nco_aes_crypt in FIPS 140–2 mode, you must specify AES_FIPS as the encryption algorithm.

When in non-FIPS 140–2 mode, the password can be encrypted with the nco_g_crypt or nco_aes_crypt utilities. If you are encrypting passwords by using nco_aes_crypt in non-FIPS 140–2 mode, you can specify either AES_FIPS or AES as the encryption algorithm. Use AES only if you need to maintain compatibility with passwords that were encrypted using the tools provided in versions earlier than Tivoli Netcool/OMNIbus V7.2.1.

For further information about using the nco_aes_crypt utility, see the IBM Tivoli Netcool/OMNIbus Installation and Deployment Guide.