com.tivoli.mts
Class SvrSslCfg

java.lang.Object
  |
  +--com.tivoli.mts.SvrSslCfg

public final class SvrSslCfg
extends java.lang.Object

This program configures this machine for participation with Policy Director in resolving Java security checks that involve the PDPermission class or subclasses thereof.

The output of a successful run of this program will be a set of properties in a file named PdPerm.properties and a Java Keystore that has been initialized to both recognize the certificate that Policy Director is currently using and to securely store a client certificate that allows PDPermission to make authenticated usage of Policy Director services to check authorization.

Author:
Bruce Rich

Constructor Summary
SvrSslCfg()
           
 
Method Summary
static void main(java.lang.String[] argv)
           This routine will configure this machine for use with Policy Director.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

SvrSslCfg

public SvrSslCfg()
Method Detail

main

public static void main(java.lang.String[] argv)

This routine will configure this machine for use with Policy Director.

To illustrate how this configuration might be done, imagine the following set of admin commands had been run on the ivmgrd server (assume it's timon.i.com):

 pdadmin -a sec_master -p xxxpassword
 user create PdPermission9993 cn=PdPermission/gordo,o=myCompany PdPermission/gordo PdPermission somePW9993
 user modify PdPermission9993 account-valid yes
 group modify remote-acl-users add PdPermission9993
 
(This example assumes that the LDAP root for the users is anchored at o=myCompany, and uses the convention that the "distinguishing" part of the distinguished name will in fact be the hostname of the machine, which in this example is "gordo".)

The command that could be issued now on gordo is:

 java com.tivoli.mts.SvrSslCfg cn=PdPermission/gordo,o=myCompany xxxpassword timon.i.com rafiki.i.com
 
(which is taking the default SSL port numbers for ivacld and ivmgrd, and configuring gordo to use the ivacld on rafiki.i.com).
Parameters:
dn - The distinguished name of the principal that this machine is to use.
pw - The password for sec_master.
ivmgrd-hostname - The name of the machine that is running ivmgrd.
ivacld-hostname - The name of the machine that is running the instance of ivacld that this machine is to communicate with.
ivmgrd-port - The SSL port number for ivmgrd, if other than the default (7135).
ivacld-port - The SSL port number for ivacld, if other than the default (7136).
Throws:
java.lang.IllegalArgumentException - if it seems like bad data was passed in.
java.lang.IllegalStateException - if this request could not be processed.