Tivoli SecureWay Policy Director ·¢ÐÐËµÃ÷publib.boulder.ibm.com/tividd/td/SW_30/pd37_relnotes/zh... · 2002-11-09 · Policy Director Authorization ADK Developer Reference

Tivoli SecureWayPolicy Director"P5w

f> 3.7/3.7.1

Tivoli SecureWayPolicy Director"P5w

f> 3.7/3.7.1

Tivoli SecureWay Policy Director "P5w

f(yw

© Copyright IBM Corporation 2001. All rights reserved. vI4U Tivoli 53+>m~mI$-i(;V IBM m~mI$-i)9C,r_4U IBM M'-irmI$-iPXD Tivoli z7D=<9C#4- IBM +>BHifmI,{9TNNN=rNNVN(gSD"z5D"E'D"b'D"/'D"K$DHH)T>iDNN?VxP4F"+%"*<,rf"Zlw53Pr-kINNFczoT#IBM +>ZhzFwv)zT:9CDNNzwIAD5D2=4rd|N=4FDP^mI,0aG?vbyD4F7y&XP IBM +>f(yw#4- IBM +

>BHifmI,;Zhf(PDd|({#>D5;G*zz<8D,"RGT0vK4,1

Dy!a)D,;PNNN=D###XKjw\xPX>D5DyP#$,|(JzTMJCZ3X(C>D#$#

@z~.C'^(({ * 9C"4Fr96<*\=k IBM +>)pD GSA ADP =S-iy

f(unD^F#

Lj

IBM" IBM Uj"Tivol i"Tivol i Uj"AIX"Cross -S i te"NetView"OS/2"Plane tTivoli"RS/6000"Tivoli Certified"Tivoli Enterprise"Tivoli Enterprise Console"Tivoli Ready M TMEGzJL5zw+>r Tivoli 53+>Z@zM/rd|zRrXxDLjr"aLj#

Microsoft"Windows"Windows NT M Windows UjG"m+>Z@zM/rd|zRrXxDLj#

UNIX G The Open Group Z@zMd|zRrXxD"aLj#

Java MyPyZ Java DLjG Sun +>Z@zM/rd|zRrXxDLj#

d|+>"z7M~q{FGd|+>DLjr~qjG#

yw

>vfoPya=D Tivoli 53+>r IBM Dz7"Lrr~q";b6Eb)z7"Lrr~q+ZyPP Tivoli 53+>r IBM 5qDzRPa)#NNTb)z7"Lrr~qD}C";5>;\9C Tivoli 53+>r IBM Dz7"Lrr~q#;*;V8 Tivoli 53+>r IBMD*6z(rd|\(I#$DO(({,NN,H&\Dz7"Lrr~q,<ITC4zfya=Dz7"Lrr~q#Zkd|z7aO9C1,}KG)I Tivoli 53+>r IBM w78(Dz7.b,d@@Mi$yIC'TP:p#Tivoli 53+>r IBM I\Qjkr}Zjkk>D5PXDwn({(#a)>D5";m>Jmz9Cb)({#zITCif==+mIi/Dy:IBM Director of Licensing,IBM Corporation,North Castle Drive,Armonk,NewYork 10504-1785,U.S.A.

?<

"P5w * f> 3.7/3.7.1(2001 j 3 B 30 U) . . . . . . . . . . . . . 1

;cE" . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

"P5w^)z7G< . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

(i9C Adobe Acrobat Reader,f> 4.05 . . . . . . . . . . . . . . . . . . . . . . 4

/@ Policy Director PDF D5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

*5M''V . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Policy Director 3.7.1 CD V"(2001 j 3 B 30 U) . . . . . . . . . . . . . . 4

Policy Director D5/ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

'V>cOICDQ^)D5/ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Policy Director +2m~BX3f . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Policy Director 3.7.1 E" . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

XZ Policy Director f> 3.7.1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

+ Policy Director 3.7 }6A 3.7.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

WebSEAL 20ICDB GSKit m~| . . . . . . . . . . . . . . . . . . . . . . . . . . 8

BD LDAP 3.2 db2ldif 5CLr9!Lr. . . . . . . . . . . . . . . . . . . . . . . . 9

Policy Director 'VD Domino "am . . . . . . . . . . . . . . . . . . . . . . . . . 10

X*9dE" . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

BD Base E" . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

ACL ^DD0lQSY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

ivadmin 5CLrv*rBf]Txa) . . . . . . . . . . . . . . . . . . . . . . . . 12

;c8]kV4=h . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

tC Policy Director ~qwA! SSL \?}]bD~ . . . . . . . . . . . . . . 13

Z Windows 2000 O DCE h*/IG<~q . . . . . . . . . . . . . . . . . . . . 14

sFG<q=|D. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Base 208O:BD 5.2.2 Z. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

+ Policy Director ACL &CZBD LDAP s: . . . . . . . . . . . . . . . . . . 17

Policy Director LDAP #= . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

BD WebSEAL E" . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

XhD WebSEAL SSL dC(GSKit _Y:fs!) . . . . . . . . . . . . . . 27

iiiTivoli SecureWay Policy Director "P5w

dC1!D0#$6p16p . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

mb GSKit \?}]bD~`M . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

msp=O$dCDs{. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

t/ junctioncp 5CLr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

AIX i500 @""P5w . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

AIX i500 @""P5w . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

T 2001 j 1 BD5D|} . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

T6208O7D|} . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

msD SSL $iD~{ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

Base 208O:Q^)D 4.4.3 Z . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

T6Base \m8O7D|} . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

?U1d POP tT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

izmI(. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

T6WebSEAL \m8O7D|} . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

|B/, URL D WebSEAL (WebSEAL 6.3.3) . . . . . . . . . . . . . . . . . . . 45

WebSEAL vT/*a (WebSEAL 5.7) . . . . . . . . . . . . . . . . . . . . . . . . . 45

WebSEAL v'V HTTP/1.0 ;f*a . . . . . . . . . . . . . . . . . . . . . . . . . . 45

GSKit a0j6,1N} . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

T6WebSEAL *"_N<s+7D|} . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

?p#e CDAS ~qw(4.4 Z) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

T6XF(\m8O7D|} . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

6\mXF(\m8O7|} . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

m~^F . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

SMP 53O;'V NetSEAL ZK]e . . . . . . . . . . . . . . . . . . . . . . . . . 49

NetSEAL M NetSEAT rBf]T . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

pdadmin &\Z\mXF(O;IC . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

f0+VZV{DoT^F . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

LDAP TC'{;xVs!4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

pdconfig 5CLrZUo HP-UX 53OI\'\ . . . . . . . . . . . . . . . . . 51

\mXF(*zozPD,\ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

Q-kD\mXF(*zozP9CD4-kD< . . . . . . . . . . . . . . . . . 52

iv f> 3.7/3.7.1

Q*Dm~1]0X\k) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

20M}61]0X\k) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

}6 Policy Director 3.6 WebSEAL . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

IBM SecureWay Directory 3.2 h* AIX 4.3.3 9!Lr . . . . . . . . . . . . 57

IBM SecureWay Directory DMT 5CLrt/'\ . . . . . . . . . . . . . . . . 58

Base 1]0X\k) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

Z Solaris OdC\m~qw. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

LDAP 3.1.x A LDAP 3.2 (F}L^) . . . . . . . . . . . . . . . . . . . . . . . . 59

IBM DCE 3.1 9!Lr 3 bvK\m~qwZf9) . . . . . . . . . . . . . . 60

WebSEAL 1]0X\k) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

=S WAP xX'V. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

$tZ WebSEAL _Y:fPDQ>}C'>$ . . . . . . . . . . . . . . . . . . 63

CDSSO D$iO$}p WebSEAL JO . . . . . . . . . . . . . . . . . . . . . . . . 63

NetSEAL 1]0X\k) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

AIX ]e1] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

Solaris 9!Lrhs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

\mXF(1]0X\k) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

\mXF(1]0X\k) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

LDAP 1]0X\k) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

P LDAP dCD WebSEAL adC;H( . . . . . . . . . . . . . . . . . . . . . . 67

vTivoli SecureWay Policy Director "P5w

vi f> 3.7/3.7.1

"P5w * f> 3.7/3.7.1(2001j 3 B 30 U)

>"P5wD5|, Policy Director 3.7(f> 3,"Pf 7,^)f 0)

M Policy Director 3.7.1 (f> 3,"Pf 7,^)f 1)DBDMQ^

)D<uE"#

+(Z9CPX policy Director DnBE"|B>D5#^)z7G<

m(IZ:WHDA;ZPR=)zYKyPT>D5DmSM|D#

?<:

1. ;cE"

2. Policy Director 3.7.1 E"

3. X*9dE"

4. T 2001 j 1 BD5D|}

5. m~^F

6. Q*Dm~1]0X\k)

1

1Tivoli SecureWay Policy Director "P5w

1."

P5

w

;cE"

": g{zG Policy Director \m1,rPX*(AZ113D:X*9

dE";#

¶ "P5w^)z7G<

¶ (i9C Adobe Acrobat Reader,f> 4.05

¶ /@ Policy Director PDF D5

¶ *5M''V

¶ Policy Director 3.7.1 CD V"(2001 j 3 B 30 U)

¶ Policy Director D5/

¶ 'V>cOICDQ^)D5/

¶ Policy Director +2m~BX3f

"P5w^)z7G<TB0^)z7G<1mPvKT>D5Z;N"<UZT4T|yw

DyPmSM|D:

Policy Director 3.7 "P5w^)z7G<

UZ wb

2000 j 12 B 15 U f CD V";pa)DZ;vf>#

2000 j 12 B 16 U ;c8]kV4=h

2000 j 12 B 16 U LDAP 3.1.x A LDAP 3.2 (F}L^)

2000 j 12 B 16 U $tZ WebSEAL _Y:fPDQ>}C'>$

2001 j 1 B 17 U 'V>cOICDQ^)D5/

2001 j 1 B 17 U ivadmin 5CLrv*rBf]Txa)

2001 j 1 B 17 U IBM DCE 3.1 9!Lr 3 bvK\m~qwZf9)

2001 j 3 B 7 U /@ Policy Director PDF D5

2001 j 3 B 7 U Policy Director +2m~BX3f

2001 j 3 B 7 U tC Policy Director ~qwA! SSL \?}]bD~

2001 j 3 B 7 U Z Windows 2000 O DCE h*/IG<~q

2001 j 3 B 7 U sFG<q=|D

2001 j 3 B 7 U Base 208O:BD 5.2.2 Z

2001 j 3 B 7 U + Policy Director ACL &CZBD LDAP s:

2 f> 3.7/3.7.1

Policy Director 3.7 "P5w^)z7G<

UZ wb

2001 j 3 B 7 U dC1!D0#$6p16p

2001 j 3 B 7 U mb GSKit \?}]bD~`M

2001 j 3 B 7 U msp=O$dCDs{

2001 j 3 B 7 U t/ junctioncp 5CLr

2001 j 3 B 7 U msD SSL $iD~{

2001 j 3 B 7 U Base 208O:Q^)D 4.4.3 Z

2001 j 3 B 7 U ?U1d POP tT

2001 j 3 B 7 U izmI(

2001 j 3 B 7 U |B/, URL D WebSEAL (WebSEAL 6.3.3)

2001 j 3 B 7 U WebSEAL vT/*a (WebSEAL 5.7)

2001 j 3 B 7 U WebSEAL v'V HTTP/1.0 ;f*a

2001 j 3 B 7 U ?p#e CDAS ~qw(4.4 Z)

2001 j 3 B 7 U 6\mXF(\m8O7|}

2001 j 3 B 7 U LDAP TC'{;xVs!4

2001 j 3 B 7 U }6 Policy Director 3.6 WebSEAL

2001 j 3 B 7 U IBM SecureWay Directory 3.2 h* AIX 4.3.3 9!Lr

2001 j 3 B 7 U IBM SecureWay Directory DMT 5CLrt/'\

2001 j 4 B 1 U Policy Director 3.7.1 E"

2001 j 4 B 1 U Policy Director LDAP #=

2001 j 4 B 1 U XhD WebSEAL SSL dC(GSKit _Y:fs!)

2001 j 4 B 1 U AIX i500 @""P5w

2001 j 4 B 1 U GSKit a0j6,1N}

2001 j 4 B 1 U pdconfig 5CLrZUo HP-UX 53OI\'\

2001 j 4 B 1 U \mXF(*zozPD,\

2001 j 4 B 1 U Q-kD\mXF(*zozP9CD4-kD<

2001 j 4 B 1 U CDSSO D$iO$}p WebSEAL JO

2001 j 4 B 1 U P LDAP dCD WebSEAL adC;H(


1."

P5

w

(i9C Adobe Acrobat Reader,f> 4.05?R(i9C Adobe® Acrobat® Reader™,f> 4.05 i4Mr! Policy

Director PDF D5#

IS Adobe Web >cbQq! Adobe Acrobat Reader,f> 4.05:

http://www.adobe.com/products/acrobat/readstep2.html

/@ Policy Director PDF D5PDF q=D Policy Director D5CZc]X/@zyhDE"#Policy

Director PDF D~Dm`?~<|,n/D,D>#

+bjF/A,D>xrO1,sjbja|D*0VM8k1<j#

1z%w,D>xr1,PDF S<ax=D5Z?rb?D`&;C#

Policy Director PDF D~DBP?~|,,D>4S:

¶ yPi)(2IT)9MUu)

¶ 0?<1u?

¶ w}3k

¶ URL(T6+D>T>)

¶ Z;f}C(T6+D>T>)

*5M''V;Z http://www.tivoli.com/support/handbook/ D Tivoli Customer

Support Handbook

a)KXZ0Tivoli M''V1Dj{E",|(BPZ]:

¶ "aMO(T

¶ gNy]JbDOXT*5<u'V

¶ g0EkMgSJ~X7(zR(C)

¶ *5<u'V0&CQ/DE"

Policy Director 3.7.1 CD V"(2001 j 3 B 30 U)

Policy Director CD /:

¶ Tivoli SecureWay Policy Director Base AIX f(f> 3.7.1,128 ;)

4 f> 3.7/3.7.1

http://www.adobe.com/products/acrobat/readstep2.html

//www.tivoli.com/support/handbook/

¶ Tivoli SecureWay Policy Director Base Solaris f(f> 3.7.1,128

;)

¶ Tivoli SecureWay Policy Director Base Windows f(f> 3.7.1,128

;)

¶ Tivoli SecureWay Policy Director Base HP-UX f(f> 3.7.1,128

;)

¶ Tivoli SecureWay Policy Director WebSEAL/NetSEAL AIX f"Solaris

fM Windows f(f> 3.7.1,128 ;)

¶ Tivoli SecureWay Policy Director WebSEAL/NetSEAL HP-UX f(f

> 3.7.1,128 ;)

¶ Tivoli SecureWay Policy Director \mXF( Windows f(f>

3.7.1,128 ;)

CD ?<Z]hv:

": )zDX(=(9CD Policy Director CD I\;|,yPb)?

<#

¶ /Doc |, Policy Director Dy><uD5

(Z Tivoli 'V>cO2ITq!>D5M=SD5)#

¶ /Policy_Director |, Policy Director 203s

¶ /GSKIT G SSL D IBM 5V$_#

¶ /Schema |, Policy Director y*sD LDAP #=D~

¶ /SecureWay_Directory |, IBM LDAP 3.2 203s

¶ /Security_Services |, IBM DCE 203s

¶ /Security_Service_Client TZ WebSEAL/NetSEAL CD MXF(

CD G NetSEAT M'z

Policy Director D5/yP Tivoli SecureWay Policy Director D5DnBf>;Z Policy Director

3.7/3.7.1 'V3fO#

208O

6Policy Director Base AIX f208O7

6Policy Director Base HP-UX f208O7


1."

P5

w

6Policy Director Base Solaris f208O7

6Policy Director Base Windows f208O7

6Policy Director WebSEAL 208O7

6Policy Director NetSEAL 208O7

6Policy Director \mXF( Windows f208O7

\m8O

6Policy Director Base \m8O7

6Policy Director WebSEAL \m8O7

6Policy Director NetSEAL \m8O7

6Policy Director \mXF( Windows f\m8O7

*"_N<s+

Policy Director Authorization ADK Developer Reference

Policy Director Authorization API Java Wrappers Developer Reference

6Policy Director WebSEAL *"_N<s+7

Policy Director Administration API Developer Reference

Policy Director CDAS API Developer Reference

Policy Director CDMF API Developer Reference

9dD5

Policy Director Performance Tuning Guide

Policy Director Lotus Domino Registry Supplement

Policy Director Migration Tool Administration Guide

'V>cOICDQ^)D5/Policy Director 3.7/3.7.1 'V>cV|, Policy Director D208O"

\m8OM*"_N<s+DQ^)f>#BD^)ff;K-<

(2000 j 12 B)Policy Director 3.7 CD-ROM y|,DD5#BD^

)fDUZ* 2001 j 1 B#

yP2=4M Policy Director 3.7 DQ-kD5<yZ 2001 j 1 Bf

># Policy Director 3.7.1 CD V"2|,KQ|BD 2001 j 1 BD

5#

Policy Director +2m~BX3fTivoli 'V>cODBP3f|, Policy Director yPf>D9dm~

BX4S:

6 f> 3.7/3.7.1

http://www.tivoli.com/support/secureway/policy_dir/downloads.html


1."

P5

w


Policy Director 3.7.1 E"

¶ XZ Policy Director f> 3.7.1

¶ + Policy Director 3.7 }6A 3.7.1

¶ WebSEAL 20ICDB GSKit m~|

¶ BD LDAP 3.2 db2ldif 5CLr9!Lr

¶ Policy Director 'VD Domino "am

XZ Policy Director f> 3.7.1Policy Director 3.7.1 G0zRoT'V1(NLS) "Pf#>z7'VE

VoTD}]&mM{"T>:w`@o"Bo"(o"bs{o"M

wOQ@o"Uo"+zo"rePDM1ePD#

Tb)oTT>DyP{"I%@DoT|a),b)oT|+<Z

Policy Director Software BX Web 3fO:


+ Policy Director 3.7 }6A 3.7.1¶ Policy Director 3.7.1 CD V";'VSf> 3.7 A 3.7.1 DT/z

k}6#

¶ g{M';kxPXBdCx+VPD 3.7 20}6A 3.7.1 6p,

MXkBX Policy Director 3.7 ^}| 2,"+d20AVPD Policy

Director 3.7 20#KxL+#fyPdC}]#

IS Tivoli 'V>cq!^}| 2:

https://www.tivoli.com/secure/support/patches/

WebSEAL 20ICDB GSKit m~|BPV[JCZ Policy Director 3.7.1 WebSEAL 20#

Policy Director 3.7.1 z7|, GSKit Dm`f>:

¶ GSKit f> 61(Policy Director 3.7.1 Base AIX f CD)

¶ GSKit f> 57(Policy Director 3.7.1 Base Solaris f CD)

8 f> 3.7/3.7.1


http://www.tivoli.com/secure/support/patches

¶ GSKit f> 65(Policy Director 3.7.1 Base HP-UX f CD)

¶ GSKit f> 58(Policy Director 3.7.1 Base Windows f CD)

¶ GSKit f> 126 (Policy Director 3.7.1 WebSEAL CD)

GSKit DnBf> (126) |,KDx WebSEAL T\Dv?&\,"b

vK Solaris 201A LDAP ~qwD SSL ,SJb#Kf>D GSKit

XkkNN WebSEAL ;p209C#

g{;P20 WebSEAL,G4-<=(X(D Base CD D GSKit m

~|TGJCD#

BD LDAP 3.2 db2ldif 5CLr9!Lrn|f Policy Director 3.7.1 CD V";pV"D IBM SecureWay

Directory (LDAP) T\Dx9!Lr,+<B db2ldif LDAP \m5C

Lr'\#4|B db2ldif 5CLrTmbiI1C'f"D}7q=#

?v LDAP ~qw=(DBD db2ldif 9!Lr * ;Z Policy Director

3.7.1 CD D /Patch ?<P * |}KKJb#

m{Z63D:Policy Director +2m~BX3f;#


1."

P5

w

Policy Director 'VD Domino "amv Policy Director 3.7.1 Windows NT f'V Domino "am# Domino

~qw>mIZd'VDNN=(O20,+ Policy Director 3.7.1 Xk

Z Windows NT O20MdC#

Domino "am'V (PDMdata.ntf) yh*D Policy Director *}]}

]b#eI;Z Policy Director 3.7.1 Base CD OD /schema ?<P#

ITZ Policy Director 3.7/3.7.1 'V3fOiR=Q^)D Lotus

Domino Registry Supplement D5#

Policy Director 3.7.1 Windows NT f,1'V Domino 4.6.x M 5.0.x "

Pf#Policy Director 3.7.1 OT Domino "amDdCf0BP Policy

Director m~|:PDRTE"PDMgr M PDWeb#

* Domino "amdCD Policy Directoir 3.7.1 ;'VM'z=$iO

$r0;f Domain %;"a1(CDSSO) &\#

10 f> 3.7/3.7.1

X*9dE"

¶ BD Base E"

¶ BD WebSEAL E"

¶ AIX i500 @""P5w


1."

P5

w

BD Base E"

¶ ACL ^DD0lQSY

¶ ivadmin 5CLrv*rBf]Txa)

¶ ;c8]kV4=h

¶ tC Policy Director ~qwA! SSL \?}]bD~

¶ Z Windows 2000 O DCE h*/IG<~q

¶ sFG<q=|D

¶ Base 208O:BD 5.2.2 Z

¶ + Policy Director ACL &CZBD LDAP s:

¶ Policy Director LDAP #=

ACL ^DD0lQSY+Z 15 kUP,1\Zs%" ACL _T|B&m#

IT(}V$+ notifier-wait-time N}mSAdCD~ ivmgrd.conf P

D [ivmgrd] Z4dC,15(Tk*%;)#}g:

notifier-wait-time = 25

m{ 2001 j 1 B6Tivoli SecureWay Policy Director Base \m8O7

D 6.6.2 Z#

ivadmin 5CLrv*rBf]Txa)Z Policy Director 3.7 PC pdadmin 5CLrzfK ivadmin 5C

Lr#=v5CLrD&\j+`,# Policy Director 3.7 P,ivadmin5CLrv*rBf]Txa)#

5CLr{FD|DGz7{F|DDa{#Z Policy Director (“pd”) .

0,Kz7{F* IntraVerse (“iv”)#

;c8]kV4=h

T Policy Director 8]kV4Dj8=h(#GyZ?vC'xPD,

b!vZ_edC#yP=h<T`,Dy>+=*<:

12 f> 3.7/3.7.1

¶ PX DCE 8]kV4,kND`&D DCE D5#XpG dceback|nN<P5C"bDE"#

BP4ST Transarc DCE (;KE":

http:/ /www.transarc. ibm.com/Library/documentation/dce/1.1/dceback.html

¶ TZ Policy Director,8]w20D~53(UNIX 53OD

/op t /Pol icyDirec tor M Windows NT 53OD \Program

Files\Tivoli\Policy Director)#

¶ 53Lx&mBq1ITxPV4Yw,r*}74FD Policy

Director 73PD_`M_ICTan!/51VQDI\T#

tC Policy Director ~qwA! SSL \?}]bD~

Jb:

g{^(A!CZ LDAP M'zO$D SSL \?}]bD~,Policy

Director '\"^NN4&#

KJbvJCZ\m14(D SSL \?}]bD~#4(KD~G*K

tC IBM SecureWay Directory M'zM IBM SecureWay Directory ~

qw.d SSL (E#

KJb;JCZZdC Policy Director \m~qwM Policy Director

WebSEAL Zd4(D=v SSL \?}]bD~#

5w:

TZk IBM SecureWay Directory LDAP ~qw.dD(E,IBM

SecureWay Directory M'zI!q9C2+WSVc (SSL) (E-i#

Policy Director +b)(EE@w*xPO$MZ(v_xLD;?V#

SSL (EDI&9C@5Z\?}]bD~D9C#K\?}]bD~X

kG Policy Director C'IAD,(#TC' ivmgr KP#1!iv

B,KmI(;G LDAP \m14( LDAP M'zM LDAP ~qw.

d*9CD\?}]bD~18(D#


1."

P5

w

http://www.transarc.ibm.com/Library/documentation/dce/1.1/dceback.html

http://www.transarc.ibm.com/Library/documentation/dce/1.1/dceback.html

bv=8:

SSL \?}]bD~D4(Z?v=(D6Base 208O7DBPZP

Phv:

D5 Z

6Policy Director Base Solaris f208O7 7.3.1,7.4.1

6Policy Director Base AIX f208O7 6.3.1,6.4.1

6Policy Director Base Windows f208O7 7.3.1,7.4.1

6Policy Director Base HP-UX f208O7 6.3.1,7.4.1

Z?v=(D8OP,4(\?}]bD~k$iZP|,S 1 = 10 D

jEDYwnPm5wgNC GUI $_ gsk4ikm 4(\?}]bD

~#g=h 11,+BPD>mSAPm)K:

11. 4(\?}]bD~s,+\?}]bD~DD~yP(|D*

ivmgr#kCJ1DYw53|n|DD~yP(#

}g,Z UNIX Odk:

# chown ivmgr <\?D~>

Z Windows 2000 O DCE h*/IG<~q

Jb:

Z Windows 2000 O20 NetSEAT M Policy Director s,C'^(G

<= DCE %*#

5w:

Windows 2000 }xK{*0/IG<~q1DB~q#*9 DCE G<

I&XktCK~q#

bv=8:

tC0Windows 2000 /IG<~q1#VZ DCE G<I&#

": 0Windows 2000 /IG<~q1k NetSEAT /IG<&\^X#

;&tC NetSEAT /IG<&\#1!ivB NetSEAT /IG<

G;tCD#

14 f> 3.7/3.7.1

sFG<q=|D

": BPE"|BK6Tivoli SecureWay Policy Director Base \m8O7

8.5 M 8.6 ZPDZ]#

-<D XML q=D Policy Director 3.7 sFG<;"bXX49CK

*XjG{F <event>#Z;N9C <event> |,K;j{D0sFB

~1D5#6W9C <event> Gk8>;B~Ywj6#

Z~v*XjG{FVQ|D* <action>#B~G<Df>EQS 1,,

1Q+BDf>EtTmSA <component> *X#


1."

P5

w

n|q=/DB~y>T>gB:

<event rev="1.1"><date>2001-02-22-01:25:54.452+00:00I-----</date><outcome status="0">0</outcome><originator blade="ivmgrd"><componentrev="1.1">azn</component><action>0</action><location>azn_id_get_creds</location></originator><accessor name="unauthenticated"><principal auth="IV_UNAUTH_V3.0">Unauth</principal></accessor><targetresource="3"><object>IV_UNAUTH_V3.0:unauthenticated</object></target><data></data></event>

16 f> 3.7/3.7.1

Base 208O:BD 5.2.2 Z

**:

mS;BDZ 5.2.2 A?v=(D6Policy Director Base 208O7#

mSb)6"P5w7DBPZP|,DD>:

¶ 5.2.2 + ACL mSA Policy Director s:

5w:

?v=(D6Policy Director Base 208O7<|,jb*:dC

Netscape LDAP ~qw;DZ 5 B#KBhvKgN8(k Netscape

LDAP ~qw;p9CD3) Policy Director E"#KBPD8>=h

Z20MdC Policy Director ~qw.04P#

5.2 ZhvK+BDs:mSA Netscape Directory ~qw#4V[0C

JXFm1(ACL) gN&mb)BDs:#

4(BD|,BPD>D 5.2.2 Z:

5.2.2 + ACL mSA Policy Director s:

dC Policy Director 1,*KJm Policy Director 4(M|Bb)s:

ZDC'MiE",Policy Director T/T<+`&D ACL mSA

LDAP ~qwPD?vs:#

;x,TZZu<dC Policy Director .s LDAP \m1mSDNNs

:,XkIdV$mS`&D ACL#

PXZdC Policy Director Ts+`&D ACL mSAs:D8>=h,

kND6Policy Director 3.7 "P5w7DBPZ:

+ Policy Director ACL &CZBD LDAP s:#

+ Policy Director ACL &CZBD LDAP s:

i\

": BPE",1JCZ IBM SecureWay Directory ~qwM Netscape

LDAP ~qw#


1."

P5

w

Zu<dC Policy Director .s LDAP \m1mS LDAP s:1,\

m1Xk&C`&D0CJXFm1(ACL) TJm Policy Director \m

Zb)BDs:P(eDC'Mi#

TZ IBM SecureWay Directory,k9C0?<\m$_1&C ACL#

TZ Netscape LDAP ~qw,k9C0Netscape XF(1#

9CJ1D LDAP \mgf,+BP ACL &CZ?vBD Policy

Director s::

LDAP i CJXF

cn=SecurityGroup,secAuthority=Default

¶ j+CJ

cn=ivacld-servers,cn=SecurityGroup,secAuthority=Default

¶ A

¶ Qw

¶ HO

cn=remote-acl-users,cn=SecurityGroups,secAuthority=Default

¶ A

¶ Qw

¶ HO

\m1QT Policy Director C'"am!q LDAP "R Policy Director

Zu<dCsQ4(BD LDAP 1&Cb)X~#YhzG Policy

Director \m1"R,1l$ Policy Director M LDAP#x;=Yhw

*\m1,zP|B LDAP0?<E"w1DJ1(^#

ZdC Policy Director s,|+T<+`&D ACL &CZK1Z LDAP

~qwPfZD?v LDAP s:#KCJXFJm Policy Director Zb

) LDAP s:Z4("\mC'MiE"#

;x,g{s:GZdC Policy Director Ts4(D,xR Policy

Director Xk\ZTs4("\mKBs:ZDC'MiE",Mh*V

$&C`&DCJXF#;Pb)CJXF,Policy Director ;PJ1D

LDAP mI(4(M\mKBs:Z8(DC'MiE"#

18 f> 3.7/3.7.1

*+J1DCJXF&CZn|4(D LDAP s:,T IBM SecureWay

Directory r Netscape Directory ~qw4PBP=h,b!vZy9C

D LDAP ~qw`M#

k"bb)=hYhn|4(Ds:F* “o=neworg,c=us”#&Cn|

4(D5Js:f;BPhvPDK5#

IBM SecureWay Directory ~qwD=h

TZ0IBM SecureWay Directory ~qw1,*+J1D Policy Director

CJXF&CZn|4(Ds:,kq-TB=h:

1. t/ LDAP0?<\m$_1(DMT)#

Windows:*< > Lr > IBM SecureWay Directory > ?<\m$

_

UNIX:# /usr/bin/dmt

2. I\vVBP/f:

/f:u? o=neworg,c=us ;|,NN}]#

g{vVK/f,m>n|4(Ds:zmDu?;fZ#Z4(

s:zmDu?T0,^(+CJXF&CZn|4(Ds:#

Kv/f"Lx=h 3#+Z=h 6 P4(Bs:P8(Di/u

?#

g{;vVK/f,n|4(Ds:P8(Di/u?QfZ#

Lx=h 3 "x}=h 6#

3. Zsr\W?%w0mS~qw14%#

vV0mS~qw10Z#

4. dkBPVND5:

VN 5 "M

~qw{F: ldap://<wz{> }g,ibm007.ibm.com

KZ: 389 389 G1!KZ

C' DN: cn=root LDAP \m1D DN


1."

P5

w

VN 5 "M

C'Zn: abc123 LDAP \m1DZn

5. %w07(1#

vV0?<\m$_13f#

6. g{n|4(Ds:P8(Di/u?;fZ(4,SU==h 2 P

hvD/f{"),kq-6Tivoli SecureWay Policy Director Base

208O7PD 4.4.2 Z4(u?#

I&4(u?1,x}6Base 208O7PD=h 9 "LxBfD

=h 7#

g{i/u?QfZ,LxBfD=h#

7. S0?<\m$_1Ds0qP!q:

?<w > /@w

8. ZR`D0/@w10qP;vT>n|4(Ds:#

9. %w0q%?D ACL 4%#

s:D100CJXFm1hC!nT>Z0`- LDAP ACL10

ZP#

10. Z0`- LDAP ACL10ZD0wb1xr,dkBP0(P{

F1:


lii0`M1"%w0mS14%#

11. XBT>fe1,!qBPhC!n:

0Z(10mS1SM0>}1u?0(^1#

&TyP02+T1H6Z(yPmI((0A1"041"0Q

w1M0HO1)#

*byv,qX!qm>yP0Z(16pD0A1"041"

0Qw1M0HO1P#

7# DN u?0q%?D0SKu?LPDsz?<w1Q!(#

;)wvKyP!q,%w0qW?D07(1#

12. YNZR`D0/@w10qP;vT>n|4(Ds:#

20 f> 3.7/3.7.1

13. %w0q%?D ACL 4%#

i$GqPvK cn=SecurityGroup,secAuthority=Default iT0

iDhC!nGq}7#k"bi{F;xVs!4#


F1:

cn=ivacld-servers,cn=SecurityGroups,secAuthority=Default

lii0`M1"%w0mS14%#


TZ0mS1DSu?M0>}1u?,0(^1&1*048

(1#

0A1"0Qw1M0HO1mI(;\Z(x0}#2+T1H

6#

*K,;\T0A1"0Qw1M0HO1?PZD0}#2+

T1H6!q0Z(1#

0}#2+T1H6D041mI(&1*048(1#

0tP2+T1M0Yg2+T1H6DyPmI(<&1*04

8(1#



16. YNZR`D0/@w10qP;vT>n|4(Ds:#

17. %w0q%?D ACL 4%#

i$GqPvK cn=SecurityGroup,secAuthority=Default iT0

iDhC!nGq}7#k"bi{F;xVs!4#


F1:


lii0`M1"%w0mS14%#



1."

P5

w

TZ0mS1DSu?M0>}1u?,0(^1&1*048

(1#

0A1"0Qw1M0HO1mI(;\Z(x0}#2+T1H

6#

*K,qXvT0A1"0Qw1M0HO1?PZD0}#2+

T1H6!q0Z(1#

0}#2+T1H6D041mI(&1*048(1#

0tP2+T1M0Yg2+T1H6DyPmI(&1*048

(1#



20. 0CJXFm1|DVQjI#

!q0Kv14%jI0?<\m$_1#

Netscape Directory ~qwD=h

TZ0Netscape Directory ~qw1,*+J1D Policy Director CJX

F&CZn|4(Ds:,kq-TB=h:

1. t/0Netscape Directory XF(1

*< > Lr > Netscape ~qwz7 > Netscape XF(

Z Netscape ~qw20?<P:

# ./startconsole

2. Z0Netscape XF(1G<0ZP,dk\m1j6"ZnM URL

CJ Netscape \m3f#

}g:

C'j6: cn=Directory Manager

Zn: abc123

\m URL: http://ibm007.ibm.com:<KZE>

%w07(14%G<#

3. 9**}Z9CD0Netscape Directory ~qw1dCDrZD~q

w{F#

22 f> 3.7/3.7.1

;s9*0~qwi1";vT>}Z9CD0?<~qw1#

ZR0qP%w0r*14%#

T>m;0Z,dPP;i!n(T>K Directory Server OI\4

PDYw#

4. !q0?<1!n(#

5. g{s0qPvVn|4(Ds:,Lx=h 6#

g{s0qP4vVn|4(Ds: (o=neworg,c=us),m>Bs

:Du?;fZ#Z4(u?.0,CJXF^(JCZn|4(

Ds:#

g{ivgK,Z0Z%?DNq8P!q0Ts1"!q:

B( > d|...

vV0BTs1!q0Z#rBv/";vT>0i/1w*BT

sDu?`M#;s%w07(1#

vV0tT`-w0Z1#Z0i/1VNPn4 “neworg,c=us” "

%w07(1#kG!,b)8>=hYhK;v>}s:#4(

5Js:`&Du?`MM{F#

VS0Z%?DNq8P!q0S<1"!q0"B1#

BDs:u?&vVZs0qP#

6. Zs0qP;vT> neworg u?"!q0Z%?Nq8PD0T

s1#;s%w0hCCJmI(...1

vV0`5 ACI !qLr10Z#

%w0B(14%T>0hCCJmI(10Z#

7. %w0Jm/\x1VN"+dhC*0Jm1#

8. +w0C'/i1VN#vV0!qC'Mi10Z#

+`MhC*0+imSAPm1"dkTBi{F:


%w0mS14%#


1."

P5

w

;s%wfeW?D07(1#

9. XBT>0hCCJmI(10Z1,7#Z0C'/i1VNP

}7PvKi{F,10(^1VNm>0+?1#

10. %w0mSfr14%#T1!5mSm;ufr#

11. Zn|mSDfrZ,%w0Jm/\x1VN"+dhC*0J

m1#



cn=ivacld-servers,cn=SecurityGroups,secAuthority=Default

%w0mS14%#

;s%wfeW?D07(1#


}7PvKi{F#

14. +w0(^1VN";li0A1"0Qw1M0HO1ywCD

(^#;&!qd|yP(^#

;s%w07(1#

15. %w0mSfr14%#T1!5mSm;ufr#

16. Zn|mSDfrZ,%w0Jm/\x1VN"+dhC*0J

m1#




%w0mS14%#

;s%wfeW?D07(1#


}7PvKi{F#

24 f> 3.7/3.7.1

19. +w0(^1VN";li0A1"0Qw1M0HO1y0lD

(^#;&!qyPd|(^#

;s%w07(1#

20. XBT>0hCCJmI(10Z1,&T>yP}vifr#

%wfeW?D07(1#

21. VQmSCJXF#

*Kv0Netscape XF(1,!q(SNq8):

XF( > Kv


1."

P5

w

Policy Director LDAP #=Policy Director 9CyZj<D LDAP #=5VyPC'"am&\#

K#=9 Policy Director ks`}d|yZ LDAP D&CLrDC'M

i\m\&`f]#

r* Policy Director 'Vm`Z(&\,KyZj<D#=D)9GT

(F Policy Director LDAP Ts(eDN=a)D#b)(FTsD#

=Z Policy Director 20ZdZ LDAP ?<P"<,1Td| LDAP

&CLrGI{D#

<{h*^Db)(FTsD#=(e"mSBDTs(e#!\ Policy

Director \Z Policy Director }6Zd~Xb)|D,+Gb)|DT

d|&CLr+;G8wD#rK,;FvZ}=&CLr9C201

a)D(F Policy Director LDAP Ts(e#

TZh*@"Z Policy Director \m$_.b,$Z(E"DZ}=&

CLr,API GICD#kN< Tivoli SecureWay Policy Director

Administration API Developer Reference(IS Policy Director 'V3f

Oq!)#

26 f> 3.7/3.7.1

BD WebSEAL E"

¶ XhD WebSEAL SSL dC(GSKit _Y:fs!)

¶ dC1!D0#$6p16p

¶ mb GSKit \?}]bD~`M

¶ msp=O$dCDs{

¶ t/ junctioncp 5CLr

XhD WebSEAL SSL dC(GSKit _Y:fs!)

30:

1!ivB,WebSEAL SSL _Y:fs!^F*:

¶ 512 u? (SSL V3)

¶ 256 u? (SSL V2)

Ks!TZs`}z7?p<G;;D#

WebSEAL SSL ~qI Policy Director D GSKit i~a)#GSKit SSL

a0_Y:fdz1,WebSEAL \xyPBDyZ SSL DO$#

ITC73d?dC GSKit SSL a0_Y:fDs!#

GSKit SSL a0_Y:fDUdhsw*I=vrSD;%wC7(:

¶ ?kDO$}

KO$HJ<B+u?mSA_Y:f#

¶ a0j6z|Z5(ssl-v2-timeout r ssl-v3-timeout N})

KN}+<BS_Y:fP>}u?#

dC<r:

G S K i t S S L a 0 _ Y : f s !GZ 7 3 d ? P 8 ( D

(GSK_V3_SIDCACHE_SIZE)#ITCTB=(@F_Y:fDnQs

!:

1. 7(?kO$D=yCJHJ,LxB;=


1."

P5

w

2. Z ssl-v2-timeout r ssl-v3-timeout N}PhCJ1Da0j6,

15(;Z secmgrd.conf dCD~P)#

201D1!5:

GSK_V3_SIDCACHE_SIZE = 512(u?)

ssl-v2-timeout = 100(u?)

ssl-v3-timeout = 7200(k,r 2 !1)

WebSEAL a0j6\mf0 GSKit a0j6_Y:fM WebSEAL >

$_Y:f.diOD;%wC#rK,&mbhC WebSEAL >$_

Y:f,1 (ssl-cache-timeout) HZ GSKit ssl-v2-timeout r

ssl-v3-timeout 5#

ssl-cache-timeout N};Z secmgrd.conf dCD~P#201D1!

5:

ssl-cache-timeout = 3600(k,r 1 !1)

BP+=Jmz7( GSKit SSL a0_Y:fDJ1s!:

O$/k * ssl-v3-timeout 5 = _Y:fs!

}g,%@;( WebSEAL ~qwD?kO$HJD#X@F* 40 ?

k#g{#t ssl-v3-timeout N}D1!5 (7200),r_Y:fs!

*:

40 u?/k * 7200 k = 288000 u?

Zt/ Policy Director 0^DKd?:

1. #9 Policy Director:

# iv stop

2. hC GSK_V3_SIDCACHE_SIZE 73d?:

# GSK_V3_SIDCACHE_SIZE=288000

# export GSK_V3_SIDCACHE_SIZE

3. t/ Policy Director:

# iv start

28 f> 3.7/3.7.1

": GSKit zk+ GSK_V3_SIDCACHE_SIZE 5rBakAnS|D 2

DK=#}g,+ 24000 u!A 16384,144000 A 131072,4096

A 4096 HH#

g{XB}< WebSEAL zw,+*'K73d?5"4;I1!5

(512)#*\bKJb,Z iv start E>PekJ1D<v|n#

vs GSKit SSL a0_Y:fs!Da{G WebSEAL xL (secmgrd)

vsDZf9C#s!* 144000 D GSKit SSL a0_Y:fI9

WebSEAL xLZfC?vs< 100MB#ZfC?2T ivmgrd M

ivacld vs,g{|G$tZ,;(zwO#

(}u! ssl-v3-timeout(r ssl-v2-timeout)N}D5(byauL

?v_Y:fu?Dnsz|Z),IT8(|!D_Y:fs!#

'V Internet Explorer DXb"M:

TZ Microsoft Internet Explorer DC'fZ;VXbiv,10mVv

DJbGs<?=VS}pa0XB8P#g{z9C Internet Explorer,

nI\dC WebSEAL {C SSL D HTTP a04, cookie zF

(ssl-cookie-sessions) ,$G<a0#

;x,XB8PDa0j6Lx2k GSKit a0j6_Y:f#gH0

V[D,a0j6,1I ssl-v2-timeout r ssl-v3-timeout N}D5

7(#g{O$HJ_,KN}D;vOs5+<BlYnd_Y:

f#

ZK=8P,I\<G+ ssl-v2-timeout r ssl-v3-timeout N}D5

hC*HZ 3 r 4 VS#b+t\%d Internet Explorer XB8PH

J"CT\b GSKit _Y:fCb)XB8PDa0j6xPnd#

`XJb:

m;v`XJbf0dC WebSEAL SSL >$_Y:fDs!#8(K

5DN}G ssl-cache-max-sessions(;Z secmgrd.conf D~P)#

KN}XFK_Y:fPJmD"P SSL a0D}?#CN}0l SSL

a04(DT\,g;<GKB5;&vsKN}#g{#{|DKN

},k9C;,DhC!nxP;)T\bT#


1."

P5

w

PX\m WebSEAL Da04,Dx;=E",kND6Tivoli SecureWay

Policy Director 3.7 WebSEAL \m8O7D 4.2 Z#

dC1!D0#$6p16pIT(}\m#$6pXF SSL CJXhD1!S\6p#9C iv.conf

dCD~PD=vN}XF1!#$6p\m#

¶ ssl-qop-mgmt

¶ [ssl-qop-mgmt-default] ZPDu?

1. tC#$6p\m:

[wand] ssl-qop-mgmt = yes

30 f> 3.7/3.7.1

2. 8( SSL CJD1!S\6p:

[ssl-qop-mgmt-default]# default = ALL | NONE | cipher-level# ALL (enables all ciphers)# NONE (disables all ciphers and uses an MD5 MAC check sum)# DES-40# DES-56# DES-168# RC2-40# RC2-128# RC4-40# RC4-128default = ALL

k"bz2IT8(!(Dzki:

[ssl-qop-mgmt-default]default = RC4-128default = RC2-128default = DES-168

": ssl-qop-mgmt = yes N}9tC [ssl-qop-mgmt-hosts] M

[ssl-qop-mgmt-networks] ZPDNNhC!n#b)ZJm4X

( D w z / x g / x g Z k I P X 7 D # $ 6 p \ m #

[ssl-qop-mgmt-default] ZPvKyP [ssl-qop-mgmt-hosts] M

[ssl-qop-mgmt-networks] ZP;%dD IP X7y9CDzk#

[ssl-qop-mgmt-hosts] M [ssl-qop-mgmt-networks] ZvTrB

f]Ta)#;FvT Policy Director 3.7 dC9C|G#

mb GSKit \?}]bD~`M

": BPE"vSK6Tivoli SecureWay Policy Director WebSEAL \m

8O72.6 ZPDZ]#

IBM Key Management $_ (iKeyman) 9CBmP\aDtID~`M#

CMS \?}]bI\I;v)9{* .kdb DD~M=vr|`d|D

~iI# .kdb D~G4(BD\?}]b14(D#.kdb D~PD\?

G<ITG$ir$i,,dS\D(C\?E"#


1."

P5

w

.rdb M .crl D~G4(BD$ijk14(D#.rdb D~G{v CA $

ijkxLPXhD#

D~`M hv

.kdb 0\?}]b1D~#f"vK$i"vK$ijkMT)p

$i#}g,1! WebSEAL \?}]bD~G pdsrv.kdb#

.sth 0f"1D~#f"\?}]bZnDS\f>#KD~DJ

I{FkX*D .kdb D~`,#

.rdb 0ks1}]bD~#4( .kdb \?}]bD~1T/4(#

KD~DJI{FkX*D .kdb D~`,#KD~|,4jI

"4S CA UXD$ijk#

$iS CA 5X1,T%dD$ijk(yZ+2\?)Qw

.rdb D~#g{iR=%dn,SU$i"S .rdb D~P>}

`&D$ijk#

g{R;=%dn,\xSU$iDT<#$ijkP|,+

2{F"i/"V@X7Mks18(Dd|E",T0ks

X*D+2\?M(C\?#

.crl 0$i7zPm1D~#KD~(#|,r3;-r!{D$

iPm#;x,iKeyman ;T$i7zPma)NN'V,yT

Pm*U#

.arm ASCII `kD~xFD~#.arm D~|,$iD base-64 `k

D ASCII m>,dP|,d+2\?,+;|,d(C\?#

+-<D~xF$i}]d;* ASCII m>#

C'SU .arm D~q=D$i1,iKeyman bk ASCII m>

"+~xFm>EC=`&D .kdb D~P#,yX,C'S

.kdb D~Pi!$i1,iKeyman +}]S~xF*;* ASCII

"+dECI;v .arm D~q=#

.arm D~PD ASCII }]G$ijkxLZd"MA CA DE

"#

":IT9CNND~`M(}K .arm),;*D~>mG

Base64 `kDD~#

.der 0(P`kfr1D~#.der D~|,$iD~xFm>,|,

d+2\?,+;|,d(C\?#|k .arm D~G#`F,

}Km>G~xFD,xG ASCII#

32 f> 3.7/3.7.1

D~`M hv

.p12 “PKCS 12” D~,dP PKCS zm0+2\?\kuj<

(Public-Key CryptographyStandards)1#.p12 D~|,$iD~x

Fm>,|,d+2\?M(C\?#

;v .p12 D~P2I\|,`v$i;}g,$i""v$i

D CA D$i"CA $iD"v_T0{D"v_HH#r*

.p12 D~|,(C\?,|G\Zn#$D#


1."

P5

w

msp=O$dCDs{iv.conf dCD~ [authentication-levels] ZPp=O$6pDmsdC

<B{C WebSEAL ZDp=&\#Kiva<BbbDO$P*,}

gr\ POP #$DTs"vZnG<3f,xK POP *snF(O$

6p#

^Dp=O$6ps,li secmgrd.log D~PDNNdCms(f#

t/ junctioncp 5CLr

": BPE"|BK6Tivoli SecureWay Policy Director WebSEAL \m

8O75.2.1 ZM C.1 ZPDZ]#

9C junctioncp 5CLr.0,Xk:

1. T root C'r ivmgr C'G<#

junctioncp 5CLrXk\A! ivmgr 5PD secmgrd.conf D~#

2. mb,Xk4P dce_login(UNIX r Windows)r netseat_login(Windows)#

3. ns,wCD5PhvD junctioncp |n#

34 f> 3.7/3.7.1

AIX i500 @""P5w

¶ AIX i500 @""P5w

AIX i500 @""P5w

i\

b)"bBnyZ"}C6Tivoli SecureWay Policy Director 3.7 Base

Solaris f208O7DZ 6 B(dC LiveContent ~qw)#

(} LiveContent(i500) ?<Z AIX O20MhC Policy Director 3.7.1

G;v`=hYw#TBGXh=hD**#

1. Z AIX wzO20 Policy Director 3.7.1 m~|#

2. + i500 X(dCD~4F= i500 wz#

3. 20} PDAcld TbXhD Policy Director 3.7.1 i~#+ PDMgr

dC= i500 ?<.0^(dC PDAcld#

4. +O;=hzzD i500 dC}]D~4F= i500 wzO#

5. C i500 b?E>Z i500 wzO4P i500 ?<DdC#

6. X4=h 3"4"M 5 20 PDAcld ~qwrNNd|~qw

ITX4=h 3"4"M 5 !{NNryP Policy Director 3.7 i~D

dC#

m~hsKV"v'VC Solaris OD i500 ?<Z AIX O20 Policy Director#

y'VD i500 Df>k Policy Director 3.7 D`,:

¶ LiveContent DSA V8.3.1.12

¶ LDAP ~qw V8.2.4.8

Z AIX O20 Policy Director 3.7.1y]6Tivoli SecureWay Policy Director 3.7 Base AIX f208O7M

6 P o l i c y D i r e c t o r " P 5 w 7 2 0 P o l i c y D i r e c t o r # ? <

/opt/PolicyDirectory/i500_external Q4(#K?<PDZ]h**F= i500

~qwOD?<,r*dP|, i500 X(dCD~:


1."

P5

w

<NN i500 wz?<>/i500_external

dC LiveContent ?<

kq-6Tivoli SecureWay Policy Director 3.7 Base Solaris f208O7

PD 6.2 Z#=h 2 PDu~T Policy Director 3.7.1 GI!D#

IT(e73d? I500_DAP_PORT |, DAP KZE#qr,1!

DAP KZ+H LDAP KZE! 1#

0k Policy Director #=


PD 6.3 Z#|,#=D~D?<G:

<NN i500 wz?<>/i500_external/lib

?< i500_external GS AIX 204FD#

dC Policy Director wz53


PD 6.4 Z#Z i500 Solaris wzO4PYw,x;G Policy Director

AIX wz#r* i500 QdC,6.4.1 ZM=h 1 = 5 ;JC#xZ i500

wzO4PBPYw:

¶ 4 F / 7 S $ O D S R E L E A S E / < d s a { F > / o i d s l o c a l A

$ODSRELEASE/scripts#

dC IBM LDAP M'z


PD 6.5 Z#

,= LiveContent #=


PD 6.6 Z# DAC D~ITSBP764F:

/opt/PolicyDirector/i500_external/libr<NN i500 wz?<>/i500_external/lib

36 f> 3.7/3.7.1

Z AIX OdC Policy Directory]6Tivoli SecureWay Policy Director 3.7 Base AIX f208O7P

DZ 7 B,VZIZ AIX zwOdC Policy Director#

} PDAcld TbDyPi~<IZK1dC#}7dC PDAcld .0,

XkZ i500 wzOj+dC PDMgr#

g{dCI&jI,a4(D~ /tmp/aaa_details.cfg#KD~|, Policy

Director 2+TX$LrDZn"rKT “root” v|,AM4mI(#

*LxdC,Xk+KD~*FA i500 wz#

Z i500 wzOdC Policy Director

1. *A?<:

<NN i500 wz?<>/i500_external/bin

2. dkBPod:

Perl i500_ext_config -h <wz{> -p <LDAP KZE> -P<DAP KZE> -D <i500 \m1 DN> -w <i500 \m1Zn>

vVBPK%:

Policy Director i500 b?dC

1. +0CJXFE"1mSA Policy Director DIT2. S Policy Director DIT }%0CJXFE"1

3. +0~qwX$Lr1w*0\mzmLr1mS4. +0~qwX$Lr1w*0\mzmLr1}%5. >} AAA D~6. Kv!qK%u?:

3. !qu? 1. vVBPks:

dk GSO s:D0(P{F1:

4. dk Policy Director dCZdT`,ksdkD GSO s:D{F#

YwjI1,K%XBvV#

5. !qu? 3. vVks:

dk AAA D~D?</D~76:

6. dkS AIX wzO /tmp/aaa_details.cfg 4FDD~{FM76#1

!5G`,DD~76#


1."

P5

w

KD~DZ]GZ AIX zwOdCD~qwD DN MZn#Ywj

I1,K%XBvV#

7. !qu? 5 vVBPks:

dk AAA D~D?</D~76:

8. XBdk aaa_details.cfg D~D{F#

*K2++>}D~#YwjI1,K%XBvV#

9. !qu? 6 KvdC$_#

VZIT2+XZ AIX wzOdC PDAcld rZd|wzOdCd

| Policy Director {P(gh*)#

Z AIX O!{ Policy Director DdC

y]6Tivoli SecureWay Policy Director 3.7 Base AIX f208O7 P

DZ 7 B,ITZ AIX wzO!{ Policy Director DdC#

!{dCI&jI1,a4(D~ /tmp/aaa_details.cfg#*Lx!{dC,

Xk+KD~*FA i500 wz#

38 f> 3.7/3.7.1

Z i500 O!{ Policy Director DhC

1. *A?<:

<NN i500 wz?<>/i500_external/bin

2. dkBPod:

Perl i500_ext_config -h <wz{> -p <LDAP KZE> -P<DAP KZE> -D <i500 \m1 DN> -w <i500 \m1Zn>

vVBPK%:

Policy Director i500 b?dC

1. +0CJXFE"1mSA Policy Director DIT2. S Policy Director DIT }%0CJXFE"1

3. +0~qwX$Lr1w*0\mzmLr1mS4. +0~qwX$Lr1w*0\mzmLr1}%5. >} AAA D~6. Kv!qK%u?:

3. !qu? 2#

YwjI1,K%XBvV#

4. !qu? 4. vVBPks:

dk AAA D~D?</D~76:

5. dkS AIX wzO /tmp/aaa_details.cfg 4FDD~{FM76#1

!5G`,DD~76#

KD~DZ]GZ AIX zwOdCD~qwD DN MZn#Ywj

I1,K%XBvV#

6. !qu? 5. vVBPks:

dk AAA D~D?</D~76:

7. XBdk aaa_details.cfg D~D{F#

*K2++>}D~#YwjI1,K%XBvV#

8. !qu? 6 KvdC$_#

VQ!{K Policy Director r Policy Director NNi~DdC#


1."

P5

w

T 2001 j 1 BD5D|}

¶ T6208O7D|}

¶ T6Base \m8O7D|}

¶ T6WebSEAL \m8O7D|}

¶ T6WebSEAL *"_N<s+7D|}

¶ T6XF(\m8O7D|}

40 f> 3.7/3.7.1

T6208O7D|}

¶ msD SSL $iD~{

¶ Base 208O:Q^)D 4.4.3 Z

msD SSL $iD~{Policy Director 3.7 Base AIX f"Solaris f"HP-UX fM Windows f

208OP|,f" SSL $iDD>D~DmsD~{,b) SSL $

iG200Policy Director \m~qw1Zd4(MdCD#

}7{F*:

pdcacert.b64

xG:

pdacert.b64#

D~Dj{76G:

Solaris"AIX M HP-UX:

/opt/PolicyDirector/ivmgrd/keytabs/pdcacert.b64

Windows:

Base 208O:Q^)D 4.4.3 Z

**:

?v=(D6Policy Director Base 208O74.4.3 ZPDZ]<Q^)#

CTBjbDE"f; 4.4.3 Z:

¶ 4.4.3 + ACL mSA Policy Director s:

5w:

?v=(D6Policy Director Base 208O7<|,jb*:dC IBM

LDAP;DZ 4 B#KBhvKgN8(k IBM SecureWay Directory ~

C:\Program Files\Tivoli\Policy Director\ivmgrd\keytabs\pdcacert.b64


1."

P5

w

qw;p9CD3) Policy Director E"#KBPD8>=hZ20M

dC Policy Director ~qw.04P#

Z 4 B|, 4.4.3 Z0+ Policy Director imSA LDAP ACL1#K

ZhvKgN9 Policy Director I*0LDAP ?<E"w1(DIT) P

Policy Director s:DyP_#

4.4.3 ZPD8>=hQ^)#Policy Director ;XI* Policy Director

s:DyP_#49 Policy Director ;G Policy Director s:DyP_,

|2ITdV{C LDAP#

g{ Policy Director 5Ps:,+4aP LDAP \m'Q#}g,g{

ZS DIT }%s:0}% Policy Director ~qw,LDAP \m1+'

%T#`s:Dj+XF#

CBPD>f;{v 4.4.3 Z:

4.4.3 + ACL mSA Policy Director s:

dC Policy Director s,*KJm Policy Director 4(M|BG)s:

ZDC'MiE",Policy Director T/T<+`&D ACL mSA

LDAP ~qwPD?vs:#

;x,TZ LDAP \m1Zu<dC Policy Director .smSDNNs

:,XkIdV$mS`&D ACL#

PXZdC Policy Director s+`&D ACL mSAs:D8>=h,

kND6Policy Director 3.7 "P5w7DBPZ:

+ Policy Director ACL &CZBD LDAP s:#

42 f> 3.7/3.7.1

T6Base \m8O7D|}

¶ ?U1d POP tT

¶ izmI(

?U1d POP tTBP"MGT6Tivoli SecureWay Policy Director Base \m8O74.2.3

ZD;cNe:

I!D1xN}(zm Policy Director ~qwD1x)1!ivBhC

*>X#

izmI(

": BPE"f;K6Tivoli SecureWay Policy Director Base \m8O7

3.5.3 ZPiR=DD>M<N#,;D5D 3.7.2 Z2&w`&|

D#

iz (T) mI(JCZ WebSEAL VcTsUdPD]wTs#*Kq

!TVcPJ4TsDCJ(,izmI(8( ACL u?Pj6DC'

ri5P(}K]wTsDmI(#izmI(;TK]wTsZ(d

|mI(#TZyksDJ4Ts>m,izmI(;GXhD#;x

ZKJ4TsD8]wTs(?<)OGXhD#

BP>}5wKizmI(GgN$wD#Z ACME s5Z,P;v

Engineering ]wTs(?<),dP9|,;v TechPubs ]wTs(S

?<)#C' kate Gz[?EDI1,h*iz Engineering/TechPubs ?

<T4i"P5wD~#

\m13hi sales TZ Engineering M TechPubs ?<_P T mI(

D ACL u?#!\ Kate Zb=v?<P^d|mI(,+G}IT(

}(iz)b)?<TCJ"P5wD~#r*C' kate TKD~PA

!(^,yT}ITi4D~#


1."

P5

w

IT]WXT3x(]wTsBDVcDCJ(ST^F * ;X4;b

)TsOD%@mI(#;*S`&D ACL u?}%izmI(#}%

?<TsODizmI(#$VcBDyPTs,49b)Ts|,d

|^FT|MD ACL#

}g,g{i sales Z Engineering ?<OîzmI(,Kate M^(

CJ"P5wD~,49}PKD~DA!(^#

< 1. izmI(

44 f> 3.7/3.7.1

T6WebSEAL \m8O7D|}

¶ |B/, URL D WebSEAL (WebSEAL 6.3.3)

¶ WebSEAL vT/*a (WebSEAL 5.7)

¶ WebSEAL v'V HTTP/1.0 ;f*a

¶ GSKit a0j6,1N}

|B/, URL D WebSEAL (WebSEAL 6.3.3)9C dynurlcp 5CLr1,CZ(; WebSEAL ~qwD76{F *

g 2001 j 1 B6Tivoli SecureWay Policy Director WebSEAL \m8O7

6.3.3 ZPyv * GmsD#

+ PolicyDirector ?<|D* intraverse:

dynurlcp -e /.:/subsys/intraverse/secmgr/server/<wz> update

WebSEAL vT/*a (WebSEAL 5.7)HTTP 7d? * Z 2001 j 1 B6Tivoli SecureWay Policy Director

WebSEAL \m8O75.7 ZP8(* HTTP_PD_PORTAL * GmsD#

d?* PD_PORTAL#

mb,5.7.2 Z0"bBn1PDZ~v"M:

0+`,DsK URL 3dAdCD~PD`v.Ts:mI(/Tzz;

vTsD,SPm#1

G;}7D#

WebSEAL v'V HTTP/1.0 ;f*a6Tivoli SecureWay Policy Director WebSEAL \m8O75.1.2 ZPDm

|,y'V-iDms RFC Ek#BPm|,}7D}C:

,S y'V-i RFC Ek

0K(M'zA WebSEAL) HTTP/1.0 M HTTP/1.1 RFC2068

sK(WebSEAL A*aD~q

w)

v HTTP/1.0 RFC1945


1."

P5

w

GSKit a0j6,1N}2001 j 1 B6Tivoli SecureWay Policy Director WebSEAL \m8O7

2.3 Z(0dC,151)msV`"(eK ssl-v2-timeout M

ssl-v3-timeout N}#

b=vN};G HTTP/HTTPS ,SD,1N},xG(e GSKit a0

j6_Y:fPa0j6z|ZDN}#b)N}.;D5/MO$H

J7(K GSKit a0_Y:fndzDYH#b=vN}<;Z

secmgrd.conf dCD~PD [ssl] Z:

Tb)N}DV[|JKZ 4.2 Z:0\ma04,1PxP#

¶ ssl-v2-timeout

TZ SSL v2 (E,KN}(ea0j6\Z GSKit a0_Y:f

P$tD1d$H#1!5* 100(k)#

¶ ssl-v3-timeout

TZ SSL v3 (E,KN}(ea0j6\Z GSKit a0_Y:f

P$tD1d$H#1!5* 7200(k)#

46 f> 3.7/3.7.1

T6WebSEAL *"_N<s+7D|}

¶ ?p#e CDAS ~qw(4.4 Z)

?p#e CDAS ~qw(4.4 Z)

": BPJONeK-<D5PD8>=h#KZk("(FD CDAS

~qwPX#

gB^}6Tivoli SecureWay Policy Director WebSEAL *"_N<s+7

D 4.4 Z(0dC WebSEAL 9C#e CDAS ~qw1):

4.4.1 Z

#e CDAS ~qwv*]>zk#|G2`kD,CT6p cdas_testC'(Zn:“tivoli”)M+KC'3dA Policy Director test-user#

1. q--HD8>=h#

2. q--HD8>=h#

3. 4(yZ default-webseal ACL DbT ACL _T#K ACL _T

&|,Zh T"r M x mI(DbTC'u?#

4. +KbT_T=SA WebSEAL TsUdPD3;Ts#

5. Lx 4.4.2 Z,bT CDAS ~qwCJK\#$TsD\&#

4.4.2 Z

1. q--HD8>=h#

2. *(}CJ\#$TsbT CDAS ~qw,k9C:

C'{:cdas_test

Zn:tivoli

3. #e CDAS ~qw&I&X+KC'3d* test_user Policy Director

m]"JmCJ\#$Ts#


1."

P5

w

T6XF(\m8O7D|}

¶ 6\mXF(\m8O7|}

6\mXF(\m8O7|}0\mXF(1*zoz53|,T0\mXF(1D5D|}Pm#

48 f> 3.7/3.7.1

m~^F

¶ SMP 53O;'V NetSEAL ZK]e

¶ NetSEAL M NetSEAT rBf]T

¶ pdadmin &\Z\mXF(O;IC

¶ f0+VZV{DoT^F

¶ LDAP TC'{;xVs!4

¶ pdconfig 5CLrZUo HP-UX 53OI\'\

¶ \mXF(*zozPD,\

¶ Q-kD\mXF(*zozP9CD4-kD<

SMP 53O;'V NetSEAL ZK]eZ0TF`&mz1(SMP) 53O;'V NetSEAL ZK]e

Z`&mz53OdC PDNet 1;*tCZK]e#

NetSEAL M NetSEAT rBf]TNetSEAL 3.7 ^(kH0f>D NetSEAT M'z;p9C#

pdadmin &\Z\mXF(O;ICBP Policy Director 3.7 &\fZZ pdadmin 5CLrP,xG0\

mXF(1P:

¶ ~qw\m&\

¶ NetSEAL \m

¶ ACL Yw/Ywi\m

¶ TsUdMTs\m

¶ Zn_T\m

¶ /PD\m&\

¶ C'Mi<k|n

f0+VZV{DoT^F

ZG"o73PKP Policy Director 1&CBP^FMu~:


1."

P5

w

¶ S Netscape /@w9C0y>O$==1O$ WebSEAL 1,Xk

+C'{MZn^F*IF2V{/(7 ; US-ASCII)#

TZC'{P|,+VZV{D73,hC WebSEAL T"MM'z

m]E"9CyZq=DG<#

9CyZq=DG<1,CZ4(m%Dzk3XkkdP}ZK

P WebSEAL Dzk3`,#

¶ g{C'}]|,IF2V{/(7 ; US-ASCII)TbDV{,X

k7#yP Policy Director i~9C`,Dzk3KPTZb)i~

P}72m}]#

¶ dC Policy Director ZG"o=(OKP"h*4(GIF2V{/

}]1,v IBM SecureWay Directory ICwC'"am#

¶ C junctioncp 5CLr4(B*a1,Xk+*ac{F^F*IF

2V{/#

T?VGôT<P`vzk/#HTTP 4(eT URL 9CNVz

k/#rK,9CIF2V{/(7 ; US-ASCII)TbDNNV{

zkD URL <Bf]TJb#

50 f> 3.7/3.7.1

LDAP TC'{;xVs!4KE",1JCZ IBM M Netscape LDAP#

Policy Director +C'D{Ff"Z LDAP "am secUser TsD

principalName tTP#

LDAP #=+ principalName tT(e*;v;xVs!4DV{.#

;x,K5u<f"Z LDAP }]bP1,#fC'D{FP8(D-

<s!4V88>#

rK,+ “Test User” M “test user” S*G`,D#

pdconfig 5CLrZUo HP-UX 53OI\'\g{G<A9C ja_JP.SJIS oT73r ja_JP.eucJP oT73D53,T

<dC Policy Director 1 pdconfig I\'\#KJbDX\k)GG

<A9C “C” oT73D53"9C"odC Policy Director#

g{9CKX\k),Policy Director u<O*dKPZ “C” oT73

P#"z"XBG<9C ja_JP.SJIS r ja_JP.eucJP oT73D53s,

Xk#9"XBt/ Policy Director 9d\6p ja_JP.SJIS(r

ja_JP.eucJP)oT73#

vZ HP-UX 53O[b=KJb#

\mXF(*zozPD,\0\mXF(1a)D*zozD5MdPT>D5Jfe/!n(.

dfZ;),\#

Z;`,\Gr0\mXF(1zkPICnBD Java swing `}p

D#*zozP9CDA;%<(.gif D~)GZzk|D.0q!D#

K|DzzDfe/!n(b[|DGN*D"R;a}pNN&\J

brlR#

Z~`,\D"zGr*K0\mXF(1Dzkb*0i~\m

w1#0i~\mw1G;vu<1w*wVz7D3;\mXF(r

\xhFD Tivoli n?#0i~\mw1\mD?vi~<h*;ve

k=r\DJdw#*zozPT>D;)&\fe/!n(9VK


1."

P5

w

0i~\mw1r\Db;e~\&#;x,0\mXF(1>m5J

G Policy Director JdwDa{";\a)k Policy Director `XD&

\#

Q-kD\mXF(*zozP9CD4-kD<0\mXF(1*zoz(HTML D~)Mzk9CD{"<-kIEV

oT#;x,Q-kD*zozP9CD<P4-k#10,9CDG

"oD<#

52 f> 3.7/3.7.1

Q*Dm~1]0X\k)

¶ 20M}61]0X\k)

¶ Base 1]0X\k)

¶ WebSEAL 1]0X\k)

¶ NetSEAL 1]0X\k)

¶ \mXF(1]0X\k)

¶ LDAP 1]0X\k)


1."

P5

w

20M}61]0X\k)

¶ }6 Policy Director 3.6 WebSEAL

¶ IBM SecureWay Directory 3.2 h* AIX 4.3.3 9!Lr

¶ IBM SecureWay Directory DMT 5CLrt/'\

}6 Policy Director 3.6 WebSEAL

": KJb"zZ Solaris"AIX M HP-UX 53O#Z Windows 53

O;"zKJb#

Jb:

}6 Policy Director 3.6 ZddC Policy Director 3.7 WebSEAL ~q

w1,WebSEAL ~qwI\^(t/#I\vVBPvmE":

{E IV_URAF:R;=}CD{E

5w:

g{ Policy Director 3.7 WebSEAL T<t/1TP Policy Director 3.6

~qwxLZKP,BD WebSEAL ~qwI\CJQ0kZfD Policy

Director 3.6 2mb#

Policy Director 3.6 2mb;|, Policy Director 3.7 WebSEAL ~qw

h*DyPb}L#b\bKt/BD WebSEAL ~qw#

g{ Policy Director 3.7 WebSEAL ~qwT<t/1,TP Policy

Director 3.60Z( API M'z1LrZKP,2a"zKJb#

X\k):

g{Z Policy Director 3.7 WebSEAL ~qwdCZdv=Kms,jI

BP=h:

1. !q “x” Kv0Policy Director dC1K%#

2. !q “x” Kv0Policy Director 201K%#

3. #9yP9C0Policy Director 3.6 Z( API1D Policy Director ~

qwMM'zLr#*#9 Policy Director ~qw,dkBP|n:

¶ AIX

54 f> 3.7/3.7.1

# /etc/iv/iv stop

¶ Solaris

# /etc/init.d/iv stop

¶ HP-UX

# /sbin/init.d/iv stop

4. i$Gq20K Policy Director 3.6 Z(b,"+d}%:

¶ AIX

# ls -l /usr/lib/libivauthzn.a

# rm -f /usr/lib/libivauthzn.a

¶ Solaris

# ls -l /usr/lib/libivauthzn.so

# rm -f /usr/lib/libivauthzn.so

¶ HPUX

# ls -l /usr/lib/libivauthzn.sl

# rm -f /usr/lib/libivauthzn.sl

5. 4(BD Policy Director 3.7 Z(bD{E4S:

¶ AIX

¶ Solaris

¶ HPUX

6. XBt/ Policy Director ~qw(MNN0Z( API1M'z):

¶ AIX

# /etc/iv/iv start

# ln –s /opt/PolicyDirector/lib/libivauthzn.a /usr/lib/libivauthzn.a

# ln –s /opt/PolicyDirector/lib/libivauthzn.so /usr/lib/libivauthzn.so

# ln –s /opt/PolicyDirector/lib/libivauthzn.sl /usr/lib/libivauthzn.sl


1."

P5

w

¶ Solaris

# /etc/init.d/iv start

¶ HP-UX

# /sbin/init.d/iv start

7. t/ Policy Director dC5CLr:

# pdconfig

8. !q Policy Director dC#

9. !q Policy Director WebSEAL (PDWeb) dC#

10. 4a>jI WebSEAL dC#

bv=8:

*\bKJb"z,Z<8+ Policy Director 3.6 53}6A Policy

Director 3.7 1V$#9 Policy Director 3.6 WebSEAL ~qw#

8] Policy Director 3.6 ACL }]bM WebSEAL *a}]b.s4P

KYw#

": g{ Policy Director 3.6 53P NetSEAL ~qw,Z#9d| Policy

Director 3.6 ~qw.0}% NetSEAL ~qw#

*Z AIX 53O#9 WebSEAL ~qw,ZbGLra>&dkBP|

n:

# /etc/iv/iv stop

*Z Solaris 53O#9 WebSEAL ~qw,ZbGLra>&dkBP

|n:

# /etc/init.d/iv stop

*Z HP-UX 53O#9 WebSEAL ~qw,ZbGLra>&dkB

P|n:

# /sbin/init.d/iv stop

56 f> 3.7/3.7.1

IBM SecureWay Directory 3.2 h* AIX 4.3.3 9!Lr

Jb:

vZ AIX 53O,IBM SecureWay Directory 3.2 20r420X8D

AIX Yw53m~x'\#

5w:

Policy Director 3.7 'V LDAP C'"am# Policy Director C'I!

q20 IBM SecureWay Directory f> 3.2 Ta) LDAP C'"am

'V# Policy Director Base CD P|, SecureWay Directory f> 3.2#

vZ AIX O,SecureWay Directory f> 3.2 StZm` AIX Yw5

39!Lr,b)9!Lr;G20 AIX 4.3.3 Zd1!ivB20D

D~/PD?~#g{1YNNb)`XLr,SecureWay Directory f

> 3.2 20M+'\#

bv=8:

1. Z20 SecureWay Directory f> 3.2 .0,9C smit 5CLri

$Gq20KBP5CLr:

¶ X11.Dt.lib 4.3.3.2

¶ X11.Dt.rte 4.3.3.3

¶ X11.adt.motif 4.3.3.1

¶ X11.base.lib 4.3.3.2

¶ X11.base.rte 4.3.3.2

¶ X11.compat.lib.X11R5 4.3.3.2

¶ X11.motif.lib 4.3.3.2

¶ X11.motif.mwm 4.3.3.1

¶ bos.adt.include 4.3.3.1

¶ bos.adt.prof 4.3.3.3

¶ bos.net.tcp.client 4.3.3.3


1."

P5

w

¶ bos.rte.libpthreads 4.3.3.3

¶ bos.sysmgt.serv_aid 4.3.3.2

¶ bos.mp 4.3.3.3

¶ bos.up 4.3.3.3

2. 9C smit 20NN1YD9!Lr#

IBM SecureWay Directory DMT 5CLrt/'\

Jb:

=(:v AIX

C'Z;NdC IBM SecureWay Directory f> 3.2 1,0?<\m$

_1(DMT) I\t/'\#KJOh9|BXFC'"amD LDAP

ACL#6Tivoli SecureWay Policy Director Base AIX f208O74.4.1

ZM A.7.3 ZPhvKKdC=h#

5w:

DMT 5CLrG IBM SecureWay Directory f> 3.2 D?~#Policy

Director 3.7 Base AIX f CD P|, IBM SecureWay Directory##{

9C LDAP C'"amD Policy Director C'-#20 IBM SecureWay

Directory w* Policy Director DX8m~#

DMT 5CLr!vZ AIX 4.3.3 Yw53D~/ X11.adt.lib#8(X

hm~`XT(D~/)D SecureWay Directory .TOC D~P;|,

X11.adt.lib D~/#by,MjIK IBM SecureWay Directory f> 3.2

20,!\1Y;vm~`XT#

bv=8:

1. 9C smit 5CLr20 AIX 4.3.3 D~/ X11.adt.lib#

2. XBt/ DMT 5CLr#

58 f> 3.7/3.7.1

Base 1]0X\k)

¶ Z Solaris OdC\m~qw

¶ LDAP 3.1.x A LDAP 3.2 (F}L^)

¶ IBM DCE 3.1 9!Lr 3 bvK\m~qwZf9)

Z Solaris OdC\m~qw

Jb:

KJbvkT Solaris#LDAP ~qwZ,;(wzO1,T SSL dCD

Policy Director \m~qw (ivmgrd) t/'\#

* } 7 Z S S L O O $ , 0 \ m ~ q w 1 X k \ A !

/opt/ibm/gsk4/bin/ldapsslclient.kdb \?}]bD~#u<4(KD~D rootC'TKD~vPA/4mI(#0\m~qw1t/1,|TC'

ivmgr Dm]KP#ivmgr C'ZKD~OÂ!(^#

X\k):

+ ldapsslclient.kdb D~DyP(|D*C' ivmgr#

LDAP 3.1.x A LDAP 3.2 (F}L^)KE"V[VP IBM SecureWay Directory (LDAP) D5DJb,r*b

)D5k+ Policy Director 3.6 }6A Policy Director 3.7 DxLPX#

boV[Dw*JbG#f LDAP #=#

": KV[yZ Windows NT =(#;x,yhvDJbM|}T UNIX

=(2GJCD#

1. 0LDAP ~qwf> 3.2 TvD518(Khv LDAP 3.1.1.5 (

FA LDAP 3.2 DD5#

2. KD5jb* Directory version 3.2 Installation and Configuration

Guide for Windows NT ";Z IBM 'V>c:

http://www-4.ibm.com/software/network/directory/library/

3. %wjb*020"dCM(F1DZ#?0Dj{4S*:

ht tp : / /www-4. ibm.com/sof tware /network/di rec tory/ l ibrary/

publications/ldap32in/wparent.htm


1."

P5

w

http://www-4.ibm.com/software/network/directory/library/

http://www-4.ibm.com/software/network/directory/library/publications/ldap32in/wparent.htm

http://www-4.ibm.com/software/network/directory/library/publications/ldap32in/wparent.htm

4. 9*KZD?<"%w0(F1#

5. rBv/Ajb*0,VPD#=M#fD}]b;p(F1D

Z#S Policy Director 3.6 (FA 3.7 1h*K}L#

6. =h 1 M 2 G}7D##9 LDAP M DB2 5}#

7. =h 5 ;PXZ4}7Nr#91>DE"#

9&5w LDAP 3.2 GZ 3.1.1.5 O1S20D#

8. =h 6 .sDNd(i0#=Z]Q|B1#

Ka[kZjb0,VPD#=M#fD}]b;p(F1e;#

B5O,ZDd#=.s Policy Director ;$w#rK,BP=S

=hGXhD(yZBPZ0S V3.1 (FA V3.21=h 3 PD4

F|n):

9. CBP|nV4#=:

MSDOS> copy<20?<>\etc\ldapV31\V3.modifiedschema<20?<>\etc

10. C DMT $_i$}]ZQ|BD LDAP PGqTIC#

"M:

¶ KV[vkT Windows#;x,TZ UNIX,JbI\G`,D#

¶ Solaris =(D}]XkV$#f#

IBM DCE 3.1 9!Lr 3 bvK\m~qwZf9)

Jb:

k IBM DCE 3.1 ;p9C1,BPJbJCZ Solaris OD Policy

Director 3.7#

9C}g pdadmin r0\mXF(1H\m$_^D_TaZ0\m~

qw1(ivmgrd) P}pZf9)#

bv=8:

IT+9!Lr20A IBM DCE 3.1 T^}Zf9)#* IBM DCE 3.1

q!"209!Lr 3 (IDCE31-03)#

60 f> 3.7/3.7.1

IBM DCE m~w3:

http://www-4.ibm.com/software/network/dce/

9!Lr/ 3:

http://www-4.ibm.com/software/network/dce/support/patches/dce310/patchsummary_current.html


1."

P5

w

http://www-4.ibm.com/software/network/dce/



WebSEAL 1]0X\k)

¶ =S WAP xX'V

¶ $tZ WebSEAL _Y:fPDQ>}C'>$

¶ CDSSO D$iO$}p WebSEAL JO

=S WAP xX'V9C WebSEAL (CXkm;zm~qwrxX~qw(E1,IT{

C WebSEAL 'VD SSL O$=(OD HTTP#

K=(I\\PC,}g,#{Z WAP 73Pa)Z(~q1#

1. Z iv.conf dCD~D [wand] ZPdkBPdCN}:

use-http-auth-for-ssl = yes

2. dC enable-http-auth-forms N}8(9C0y>O$==1ry

Zq=DG<#

9C iv.conf dCD~D [http-auth-headers] Z8(CwO$}]

DXb HTTP 7#

TK==hC WebSEAL 1,WebSEAL +vT SSL a0j6x9Cj

<D HTTP a0\mzF#PXb)O$zFDj8E",kND

6Tivoli SecureWay Policy Director WebSEAL \m8O7#

62 f> 3.7/3.7.1

$tZ WebSEAL _Y:fPDQ>}C'>$

Jb:

SC'"am(DCE r LDAP)>}C'1,;}% WebSEAL >$_

Y:f(g{fZ)PC'D>$#

": _Y:fD?DG^FTC'"amDwC#

g{>}J'1C'Pn/D/@wa0,C'ITyZ4>}D>$

Lx/@#

>}C'1v0l"am#Zn/D/@wa0P,g{PKC'DI

CO(>$,r"am;GXhD#"ami/(9VQ>}J')v

"zZBG<r10>$''1#

X\k):

;)C'"z/@wa0,e}_Y:fPD>$#

g{w*2+\m1,zh*"4#z2+rPDC'n/,IT+u

?mSA8(C'D1! WebSEAL ACL _T,,1}%iz (T) m

I(#

CDSSO D$iO$}p WebSEAL JO

Jb:

Z CDSSO 73P,(}M'z=$iO$r A ;s$nAr B D4

S,rZf9)"z secmgrd (WebSEAL) xLD}Hv$#

X\k):

#{{C CDSSO &\DC';&(}M'z=$iO$u<r#}g,

0y>O$==1MyZq=DG<GIS\DO$=(#

C Tivoli 'Vli+Jm(}M'z=$iO$D^}|#


1."

P5

w

NetSEAL 1]0X\k)

¶ AIX ]e1]

¶ Solaris 9!Lrhs

AIX ]e1]AIX ZK]eP;vTx1]#^(dC NetSEAL 6qL]KZ(}

g,6' 1025-5000 ZDKZ)#

g{dC NetSEAL 6qL]KZ,yPb"xg,S'\,4~qw^

C#

Solaris 9!LrhsNetSEAL ]eh* Solaris On|D O/S 9!Lr#

O/S 9!Lr;Z:

http://sunsolve.Sun.COM

{ Sunsolve BDZ],“Recommended and Security patches”.

64 f> 3.7/3.7.1

http://sunsolve.Sun.COM

\mXF(1]0X\k)

¶ \mXF(1]0X\k)

\mXF(1]0X\k)KP Policy Director \mXF( Windows f1&CBP^FMu~:

¶ TZ LDAP C'"am,Account Manager ^(+C'S0C'1

]wri4F"3yAm;i#

X\k)GOEC'#

¶ TZ LDAP "am,Account Manager S< * Z04( GSO J

4i1r0GSO J4itT1S<P"%w “...” 4%1 * &vV

0GSO J41S<#;x,0GSO J41S<;PvNNJ4#

KJbDX\k)GS0GSO J41]wOEJ4#

¶ TZ DCE "am,vV0mI(1S<1 DCE SecRgy S<<B

0\mXF(1l#U9#!q0i1r0we1,R|%w"%

w0mS12a<B0\mXF(1l#U9#

mb,P)ozD5*'r4|B (not re-branded)#

¶ 0"B14%h*Td!(;v]wTsTzzwC#qr,+;

4P"BYw#

¶ TZ DCE "am,0u?1M0Ts1!n(k0`-we1S<

PD`,#

¶ &{C Account Manager S<PD0Ts1B-K%#;a)KS<

DNNK%!qn#H0,vPv;'VD"Q}%D0(F|

n1!n#

¶ Z0TsUd1S<P+ ACL r POP =SATsrSTspk

ACL 1,0XF(1I\P9#YwI&jI#P9DX\k)GX

Bt/0XF(1#

¶ t/s0\mXF(1P1"4l#U9#X\k)G"z"XB

G<#

¶ *i4Ywi|D(}gmSr}%mI(;),XkXBt/

0\mXF(1#


1."

P5

w

¶ g{XBdC PDRTE 9Cm;vC'"am`M(}g,S DCE

C'"am*;* LDAP C'"am),rXkXB200\mXF

(1#

66 f> 3.7/3.7.1

LDAP 1]0X\k)

¶ P LDAP dCD WebSEAL adC;H(

P LDAP dCD WebSEAL adC;H(

30:

TZ IBM LDAP,Policy Director (};Z iv.conf dCD~ [ldap] Z

PD auth-using-compare N}'VDxDO$T\D!n#

K!n;k Netscape LDAP ;p$w"rK; WebSEAL vT#

6Tivoli SecureWay Policy Director T\w{74.2 ZPvVKN}DD

5#

auth-using-compare D1!5*0G1#P IBM LDAP D WebSEAL

Ig$ZD9CKN}"4P#

Jb:

;x,auth-using-compare hC*0q11,P IBM LDAP D

WebSEAL ZAXDO$:XBadC;H(#

mb,!\vTK auth-using-compare N},C Netscape LDAP d

C Policy Director 1`,D1]a9 WebSEAL ZAXDO$:XBd

C;H(#

+2Jbf0 Policy Director 9CD IBM LDAP M'z#

X\k):

;*C IBM LDAP + auth-using-compare hC*0q1#

TZ Netscape LDAP ^X\k)#

Z;CD+4aP9!LrBX#


1."

P5

w

68 f> 3.7/3.7.1

Pz!"

GB84-0413-00

Documents

Tivoli SecureWay Policy Director ·¢ÐÐËµÃ÷publib.boulder.ibm.com/tividd/td/SW_30/pd37_relnotes/zh... · 2002-11-09 · Policy Director Authorization ADK Developer Reference