Sslrequired
The sslrequired option specifies the conditions when SSL is or is not required when the client logs on to the IBM Spectrum Protect server or storage agents. To actually enable SSL so client-to-server and client-to-storage-agent communications are secure, you must set the client ssl option to yes. When communicating with the IBM Spectrum Protect server V8.1.2 and later levels, and V7.1.8 and later V7 levels, this option no longer applies since SSL is always used.
Supported Clients
This option is supported on all clients.
Options File
Place this option in the client options file or in the GUI, on the Communications tab. You cannot set this option on the command line.
Syntax
Parameters
- Default
- This setting indicates that SSL is required to secure communications between the client and
server, and client and storage agents, if
AUTHENTICATION=LDAP
is set on the server. To secure communications by using SSL, you must also setssl=yes
on the client.
- Yes
- Indicates that SSL is always required to secure communications between the client and server,
and between the client and storage agents.
sslrequired=yes
has no dependency on the server AUTHENTICATION option. If you setsslrequired=yes
on the client, you must also setssl=yes
on the client.
- No
- Indicates that you do not require SSL to be used to secure communications between the client and
server or between the client and storage agents. Choose this option only if you use a virtual
private network or other method to secure your session communications. You can still enable SSL by
setting
ssl=yes
on the client; butsslrequired=no
specifies that SSL is not a prerequisite.
- SERVERonly
- Indicates that SSL is required for client-to-server communications and not for server-to-storage
agent communications. To use SSL for client to server communications, set
sslrequired=serveronly
andssl=yes
. The server setting for the AUTHENTICATION option can be either LOCAL or LDAP.
SSLREQUIRED option (server setting) |
sslrequired option (client setting) |
ssl option (client setting) |
Authentication success or failure |
---|---|---|---|
Yes | Yes | Yes |
Authentication succeeds |
Yes | Yes | No |
Authentication fails; the client rejects the session |
Yes | No | Yes |
Authentication succeeds |
Yes | No | No |
Authentication fails; the server rejects the session |
No | Yes | Yes |
Authentication succeeds |
No | Yes | No |
Authentication fails; the client rejects the session |
No | No | Yes |
Authentication succeeds |
No | No | No |
Authentication succeeds |
The following text describes how setting SSLREQUIRED=DEFAULT
and
SSLREQUIRED=SERVERONLY
on the server affects the ssl option on the
client.
If the server sets SSLREQUIRED=DEFAULT
and AUTHENTICATION=LDAP
,
the client must set ssl=yes
or authentication fails.
If the server sets SSLREQUIRED=DEFAULT
and
AUTHENTICATION=LOCAL
, the client can set ssl=yes
or
ssl=no
.
If the server sets SSLREQUIRED=SERVERONLY
, you must set ssl=yes
on the client. The client lanfreessl option can be set to yes, to
secure communications with a storage agent, or to no if secure communications with
storage agents is not needed.
Examples
- Options file:
-
sslrequired yes sslrequired no sslrequired default sslrequired serveronly
- Command line:
- Not applicable; you cannot set this option on the command line.