Upload
others
View
10
Download
0
Embed Size (px)
Citation preview
IBM Tivoli Access Manager for e-business
Web Security 208O
f> 5.1
S152-0808-00
���
IBM Tivoli Access Manager for e-business
Web Security 208O
f> 5.1
S152-0808-00
���
"b
Z9C>JO0d'VDz7.0,kDAZ 445 3D:yw;PDE"#
Z;f(2003 j 11 B)
>f>JCZ IBM Tivoli Access Manager V5.1.0(z7E 5724-C08)T0yPsx"PfM^)f,1=ZBf>P
mPyw*9#
© Copyright International Business Machines Corporation 2001, 2003. All rights reserved.
?<
0T . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi>8ODA_ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi>8ODZ] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xivfo . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii
"PE" . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiiiBase E" . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiiiWeb security E" . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii*"_N< . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv<u9d . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv`Xvfo . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvZ_CJvfo . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xviii
(z!n . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xviii*5m~'V . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xviii>iP9CD<( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xviii
Ve<( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xviiiYw53xp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix
Z 1 ?V f.20 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Z 1 B 20Ev . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3f.?p . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42+rEv . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Tivoli Access Manager 20i~ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Tivoli Access Manager Base i~ . . . . . . . . . . . . . . . . . . . . . . . . . . . 6Tivoli Access Manager Web Security i~ . . . . . . . . . . . . . . . . . . . . . . . . . 9X8z7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Tivoli Access Manager 53D`M . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13Tivoli Access Manager Base 53 . . . . . . . . . . . . . . . . . . . . . . . . . . . 13Tivoli Access Manager Web Security 53 . . . . . . . . . . . . . . . . . . . . . . . . 18
20=( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2220r< . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22>z205CLr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
20}L . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Z 2 B 53hs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25\'VD"am . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
IBM Tivoli Directory Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25IBM Security Server for OS/390 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27IBM z/OS Security Server LDAP Server . . . . . . . . . . . . . . . . . . . . . . . . . 28Lotus Domino . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28Microsoft Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28Netscape iPlanet M Sun ONE Directory Server . . . . . . . . . . . . . . . . . . . . . . . 28Novell eDirectory. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
ELUdMZfhs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30Tivoli Access Manager Base i~ . . . . . . . . . . . . . . . . . . . . . . . . . . . 31Tivoli Access Manager Web Security i~ . . . . . . . . . . . . . . . . . . . . . . . . 32
\'VD=((|(Xh9!) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33rBf]T . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 392~SY('V . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
© Copyright IBM Corp. 2001, 2003 iii
Z 3 B zJ/ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41oT'VEv . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4220oT'V| . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4320 IBM Tivoli Directory Server oT| . . . . . . . . . . . . . . . . . . . . . . . . . 456XoT'V| . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47oT73d? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
UNIX 53OD LANG d? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48Windows 53OD LANG d? . . . . . . . . . . . . . . . . . . . . . . . . . . . . 499CoT73de . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
{"`? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50D>`k(zk/)'V . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
zk/D~D;C . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Z 2 ?V Base 5320 . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Z 4 B 20"am~qw . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5520 IBM Tivoli Directory Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
200*s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 569C20r<20 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 589C>z5CLr20 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
20 IBM z/OS Security Server M IBM OS/390 Security Server . . . . . . . . . . . . . . . . . . 77|B#=D~ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77mSs: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77dC Tivoli Access Manager for LDAP . . . . . . . . . . . . . . . . . . . . . . . . . 79>zO$C'\m . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
20 Lotus Domino . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81* Domino 4( Tivoli Access Manager \mC' . . . . . . . . . . . . . . . . . . . . . . 81Z Domino Server O20 Lotus Notes M'z . . . . . . . . . . . . . . . . . . . . . . . 82
20 Microsoft Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84Active Directory "bBn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 844( Active Directory r . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84,S Active Directory r . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 854( Active Directory \mC' . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88Active Directory 4F . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
20 Novell eDirectory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 909C Novell eDirectory 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
20 Sun ONE Directory Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Z 5 B 20 policy server . . . . . . . . . . . . . . . . . . . . . . . . . . . 979C20r<20 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 979C>z5CLr20 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
AIX:20 policy server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98HP-UX:20 policy server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99Linux:20 policy server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100Solaris:20 policy server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102Windows:20 policy server . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
Z 6 B 20 authorization server . . . . . . . . . . . . . . . . . . . . . . . 1059C20r<20 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1059C>z5CLr20 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
AIX:20 authorization server . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106HP-UX:20 authorization server . . . . . . . . . . . . . . . . . . . . . . . . . . . 107Linux:20 authorization server . . . . . . . . . . . . . . . . . . . . . . . . . . . 108Solaris:20 authorization server . . . . . . . . . . . . . . . . . . . . . . . . . . . 109Windows:20 authorization server . . . . . . . . . . . . . . . . . . . . . . . . . . 110
iv IBM Tivoli Access Manager for e-business: Web Security 208O
Z 7 B 20 Development(ADK)53 . . . . . . . . . . . . . . . . . . . . . 1119C20r<20 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1119C>z5CLr20 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
AIX:20 Development(ADK)53 . . . . . . . . . . . . . . . . . . . . . . . . . 112HP-UX:20 Development(ADK)53 . . . . . . . . . . . . . . . . . . . . . . . . 113Linux:20 Development(ADK)53 . . . . . . . . . . . . . . . . . . . . . . . . . 114Solaris:20 Development(ADK)53 . . . . . . . . . . . . . . . . . . . . . . . . 115Windows:20 Development(ADK)53 . . . . . . . . . . . . . . . . . . . . . . . . 115
Z 8 B 20 Java runtime environment 53 . . . . . . . . . . . . . . . . . . 1179C20r<20 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1179C>z5CLr20 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
AIX:20 Java runtime environment 53 . . . . . . . . . . . . . . . . . . . . . . . . 118HP-UX:20 Java runtime environment 53 . . . . . . . . . . . . . . . . . . . . . . . 118Linux:20 Java runtime environment 53 . . . . . . . . . . . . . . . . . . . . . . . 119Solaris:20 Java runtime environment 53 . . . . . . . . . . . . . . . . . . . . . . . 120Windows:20 Java runtime environment 53 . . . . . . . . . . . . . . . . . . . . . . 121
Z 9 B 20 policy proxy server . . . . . . . . . . . . . . . . . . . . . . . 1239C20r<20 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1239C>z5CLr20 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
AIX:20 policy proxy server . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124HP-UX:20 policy proxy server . . . . . . . . . . . . . . . . . . . . . . . . . . . 125Linux:20 policy proxy server . . . . . . . . . . . . . . . . . . . . . . . . . . . 126Solaris:20 policy proxy server . . . . . . . . . . . . . . . . . . . . . . . . . . . 127Windows:20 policy proxy server . . . . . . . . . . . . . . . . . . . . . . . . . . 128
Z 10 B 20 runtime 53 . . . . . . . . . . . . . . . . . . . . . . . . . . 1299C20r<20 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1299C>z5CLr20 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
AIX:20 runtime 53 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130HP-UX:20 runtime 53 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131Linux:20 runtime 53 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131Solaris:20 runtime 53 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132Windows:20 runtime 53 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
Z 11 B 20 Web Portal Manager 53 . . . . . . . . . . . . . . . . . . . . 1359C20r<20 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1359C>z5CLr20 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
AIX:20 Web Portal Manager 53 . . . . . . . . . . . . . . . . . . . . . . . . . 137HP-UX:20 Web Portal Manager 53 . . . . . . . . . . . . . . . . . . . . . . . . 139Linux:20 Web Portal Manager 53 . . . . . . . . . . . . . . . . . . . . . . . . . 141Solaris:20 Web Portal Manager 53 . . . . . . . . . . . . . . . . . . . . . . . . . 142Windows:20 Web Portal Manager 53 . . . . . . . . . . . . . . . . . . . . . . . . 144
Z 3 ?V Web Security 5320 . . . . . . . . . . . . . . . . . . . . . . 147
Z 12 B 20 Attribute Retrieval Service . . . . . . . . . . . . . . . . . . . . 1499C20r<20 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1499C>z5CLr20 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
AIX:20 Attribute Retrieval Service . . . . . . . . . . . . . . . . . . . . . . . . . 150HP-UX:20 Attribute Retrieval Service . . . . . . . . . . . . . . . . . . . . . . . . 151Linux:20 Attribute Retrieval Service . . . . . . . . . . . . . . . . . . . . . . . . . 152Solaris:20 Attribute Retrieval Service . . . . . . . . . . . . . . . . . . . . . . . . . 153Windows:20 Attribute Retrieval Service . . . . . . . . . . . . . . . . . . . . . . . . 154
?< v
Z 13 B 20 plug-in for Edge Server . . . . . . . . . . . . . . . . . . . . . 155200*s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155AIX:20 Tivoli Access Manager plug-in for Edge Server . . . . . . . . . . . . . . . . . . . 156Red Hat Enterprise Linux 2.1:20 Tivoli Access Manager plug-in for Edge Server . . . . . . . . . . . 157Solaris:20 Tivoli Access Manager plug-in for Edge Server . . . . . . . . . . . . . . . . . . . 158Windows:20 Tivoli Access Manager plug-in for Edge Server . . . . . . . . . . . . . . . . . . 159Kb plug-in for Edge Server dC . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
~qwdC#M . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161&CD~qwdCEn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162TsUddC#M . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164%cG<dC#M . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165E(DdC}L . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
Z 14 B 20 plug-in for Web Servers . . . . . . . . . . . . . . . . . . . . . 167200*s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1679C20r<20 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1689C>z5CLr20 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
20 plug-in for Apache Web Server . . . . . . . . . . . . . . . . . . . . . . . . . . 16920 plug-in for IBM HTTP Server . . . . . . . . . . . . . . . . . . . . . . . . . . 17220 plug-in for Internet Information Services . . . . . . . . . . . . . . . . . . . . . . . 17520 plug-in for Sun ONE Web Server . . . . . . . . . . . . . . . . . . . . . . . . . 176
Z 15 B 20 Tivoli Access Manager for WebLogic . . . . . . . . . . . . . . . 179200*s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1809C20r<20 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1809C>z5CLr20 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182
AIX:20 Tivoli Access Manager for WebLogic . . . . . . . . . . . . . . . . . . . . . . 182HP-UX:20 Tivoli Access Manager for WebLogic . . . . . . . . . . . . . . . . . . . . . 184Solaris:20 Tivoli Access Manager for WebLogic . . . . . . . . . . . . . . . . . . . . . 186Windows:20 Tivoli Access Manager for WebLogic . . . . . . . . . . . . . . . . . . . . 188
* startWebLogic |nhC CLASSPATH . . . . . . . . . . . . . . . . . . . . . . . . . 190dC Tivoli Access Manager for WebLogic . . . . . . . . . . . . . . . . . . . . . . . . . 191
9C Console Extension Web &CLr . . . . . . . . . . . . . . . . . . . . . . . . . 1919C|nP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
4( Tivoli Access Manager r . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1929C Console Extension Web &CLr . . . . . . . . . . . . . . . . . . . . . . . . . 1939C|nP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
dC BEA WebLogic Server %;"a . . . . . . . . . . . . . . . . . . . . . . . . . . 195bTdC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
Z 16 B 20 Tivoli Access Manager for WebSphere . . . . . . . . . . . . . . 199200*s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1999C20r<20 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2009C>z5CLr20 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
AIX:20 Tivoli Access Manager for WebSphere . . . . . . . . . . . . . . . . . . . . . 201HP-UX:20 Tivoli Access Manager for WebSphere . . . . . . . . . . . . . . . . . . . . 202Linux:20 Tivoli Access Manager for WebSphere . . . . . . . . . . . . . . . . . . . . . 203Solaris:20 Tivoli Access Manager for WebSphere . . . . . . . . . . . . . . . . . . . . . 204Windows:20 Tivoli Access Manager for WebSphere . . . . . . . . . . . . . . . . . . . . 206
<kVPDC'Mi . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207* WebSphere 4( Tivoli Access Manager \mC' . . . . . . . . . . . . . . . . . . . . . 207tC WebSphere 2+T . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208
tC WebSphere V4.0.6 2+T . . . . . . . . . . . . . . . . . . . . . . . . . . . 208tC WebSphere V5.0.2 r 5.1 2+T . . . . . . . . . . . . . . . . . . . . . . . . . 209
dC Tivoli Access Manager for WebSphere . . . . . . . . . . . . . . . . . . . . . . . . 210(F WebSphere 2+ThC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
vi IBM Tivoli Access Manager for e-business: Web Security 208O
(F WebSphere V4.0.6 2+ThC . . . . . . . . . . . . . . . . . . . . . . . . . . 211(F WebSphere V5.0.2 r 5.1 2+ThC . . . . . . . . . . . . . . . . . . . . . . . 213
Z 17 B 20 WebSEAL development(ADK)53. . . . . . . . . . . . . . . . 2159C20r<20 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2159C>z5CLr20 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216
AIX:20 WebSEAL development(ADK)53 . . . . . . . . . . . . . . . . . . . . . . 216HP-UX:20 WebSEAL development(ADK)53 . . . . . . . . . . . . . . . . . . . . . 217Linux:20 WebSEAL development(ADK)53 . . . . . . . . . . . . . . . . . . . . . 218Solaris:20 WebSEAL development(ADK)53 . . . . . . . . . . . . . . . . . . . . . 219Windows:20 WebSEAL development(ADK)53 . . . . . . . . . . . . . . . . . . . . 220
Z 18 B 20 WebSEAL server . . . . . . . . . . . . . . . . . . . . . . . . 2239C20r<20 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2239C>z5CLr20 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224
AIX:20 WebSEAL Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224HP-UX:20 WebSEAL server . . . . . . . . . . . . . . . . . . . . . . . . . . . 225Linux:20 WebSEAL Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226Solaris:20 WebSEAL Server . . . . . . . . . . . . . . . . . . . . . . . . . . . 227Windows:20 WebSEAL Server . . . . . . . . . . . . . . . . . . . . . . . . . . . 228
Z 4 ?V N<E" . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231
Z 19 B 20X8z7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23320 Global Security Kit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233
AIX:20 Global Security Kit . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233HP-UX:20 Global Security Kit . . . . . . . . . . . . . . . . . . . . . . . . . . . 233Linux:20 Global Security Kit . . . . . . . . . . . . . . . . . . . . . . . . . . . 234Solaris:20 Global Security Kit . . . . . . . . . . . . . . . . . . . . . . . . . . . 235Windows:20 Global Security Kit . . . . . . . . . . . . . . . . . . . . . . . . . . 235hC GSKit iKeyman 5CLr. . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
20 IBM Tivoli Directory Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238AIX:20 IBM Tivoli Directory Client . . . . . . . . . . . . . . . . . . . . . . . . . 238HP-UX:20 IBM Tivoli Directory Client . . . . . . . . . . . . . . . . . . . . . . . . 238Linux:20 IBM Tivoli Directory Client . . . . . . . . . . . . . . . . . . . . . . . . 239Solaris:20 IBM Tivoli Directory Client . . . . . . . . . . . . . . . . . . . . . . . . 239Windows:20 IBM Tivoli Directory Client . . . . . . . . . . . . . . . . . . . . . . . 240
20 IBM JRE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241AIX:20 IBM JRE V1.3.1.5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241HP-UX:20 IBM JRE V1.3.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . 241Linux:20 IBM JRE V1.3.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242Solaris:20 IBM JRE V1.3.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243Windows:20 IBM JRE V1.3.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . 243
20 WebSphere Application Server . . . . . . . . . . . . . . . . . . . . . . . . . . . 245AIX:20 WebSphere Application Server . . . . . . . . . . . . . . . . . . . . . . . . 245HP-UX:20 WebSphere Application Server . . . . . . . . . . . . . . . . . . . . . . . 247Linux:20 WebSphere Application Server . . . . . . . . . . . . . . . . . . . . . . . . 248Solaris:20 WebSphere Application Server . . . . . . . . . . . . . . . . . . . . . . . 250Windows:20 WebSphere Application Server. . . . . . . . . . . . . . . . . . . . . . . 252
20 Web Administration Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255AIX:20 Web Administration Tool . . . . . . . . . . . . . . . . . . . . . . . . . . 255HP-UX:20 Web Administration Tool . . . . . . . . . . . . . . . . . . . . . . . . . 256Linux:20 Web Administration Tool . . . . . . . . . . . . . . . . . . . . . . . . . 257Solaris:20 Web Administration Tool . . . . . . . . . . . . . . . . . . . . . . . . . 257Windows:20 Web Administration Tool . . . . . . . . . . . . . . . . . . . . . . . . 258+ Web Administration Tool 0k WebSphere . . . . . . . . . . . . . . . . . . . . . . . 259
?< vii
Z 20 B 6Xi~ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261!{dC Tivoli Access Manager i~ . . . . . . . . . . . . . . . . . . . . . . . . . . 261!{dC IBM Tivoli Directory Server . . . . . . . . . . . . . . . . . . . . . . . . . . 262!{dC Tivoli Access Manager for WebSphere . . . . . . . . . . . . . . . . . . . . . . . 262AIX:}%m~| . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263HP-UX:}%m~| . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264Linux:}%m~|. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264Solaris:}%m~| . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265Windows:}%m~| . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266
Z 21 B 20r<&C!O . . . . . . . . . . . . . . . . . . . . . . . . . . . 2679C install_ldap_server r< . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268
200*s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268install_ldap_server &C!O . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269
9C install_ammgr r< . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
Z 22 B 20r<!n . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287Access Manager Runtime(LDAP) . . . . . . . . . . . . . . . . . . . . . . . . . . . 288Access Manager Runtime(Active Directory) . . . . . . . . . . . . . . . . . . . . . . . . 290Access Manager Runtime(Domino) . . . . . . . . . . . . . . . . . . . . . . . . . . . 293install_amacld . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294install_amadk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296install_amjrte . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297install_ammgr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298install_amproxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300install_amrte . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301install_amwas. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302install_amweb . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304install_amwebadk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306install_amwebars. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308install_amwls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309install_amwpi_apache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311install_amwpi_ihs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312install_amwpi_iis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313install_amwpi_iplanet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314install_amwpm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315install_ldap_server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316
Z 23 B pdconfig !n . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319Access Manager Runtime — LDAP . . . . . . . . . . . . . . . . . . . . . . . . . . . 320Access Manager Runtime — Active Directory . . . . . . . . . . . . . . . . . . . . . . . . 321Access Manager Runtime — Domino . . . . . . . . . . . . . . . . . . . . . . . . . . . 323Access Manager Attribute Retrieval Service . . . . . . . . . . . . . . . . . . . . . . . . . 324Access Manager Authorization Server . . . . . . . . . . . . . . . . . . . . . . . . . . . 325Access Manager Java Runtime Environment . . . . . . . . . . . . . . . . . . . . . . . . . 326Access Manager Plug-in for Edge Server. . . . . . . . . . . . . . . . . . . . . . . . . . 327UNIX OD Access Manager Plug-in for Web Servers . . . . . . . . . . . . . . . . . . . . . 328Windows OD Access Manager Plug-in for Web Servers . . . . . . . . . . . . . . . . . . . . 330Access Manager Policy Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331Access Manager Policy Proxy Server . . . . . . . . . . . . . . . . . . . . . . . . . . . 332Access Manager Web Portal Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . 333Access Manager WebSEAL Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . 334
Z 24 B tC2+WSVc . . . . . . . . . . . . . . . . . . . . . . . . . . . 335dC IBM Tivoli Directory Server TxP SSL CJ . . . . . . . . . . . . . . . . . . . . . . 335
4(\?}]bD~M$i . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336
viii IBM Tivoli Access Manager for e-business: Web Security 208O
SO$PDq!vK$i . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3374(Mi!T)p$i . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337tC SSL CJ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338
dC IBM z/OS M OS/390 2+~qwTxP SSL CJ . . . . . . . . . . . . . . . . . . . . 340hC2+!n . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3404(\?}]bD~ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 341
dC Microsoft Active Directory TxP SSL CJ . . . . . . . . . . . . . . . . . . . . . . 342Z Active Directory ~qwO<v$i . . . . . . . . . . . . . . . . . . . . . . . . . 342Z LDAP M'z53O<k$i . . . . . . . . . . . . . . . . . . . . . . . . . . . 342bT SSL CJ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343
dC Novell eDirectory Server TxP SSL CJ . . . . . . . . . . . . . . . . . . . . . . . 3444(i/DO$PDTs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3444(T)p$i . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345* LDAP ~qw4(~qw$i . . . . . . . . . . . . . . . . . . . . . . . . . . . 345tC SSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345mST)p CA $i= IBM \?D~ . . . . . . . . . . . . . . . . . . . . . . . . . 346
dC Sun ONE Directory Server TxP SSL CJ . . . . . . . . . . . . . . . . . . . . . . 346q!~qw$i . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34720~qw$i . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347tC SSL CJ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 348
dC IBM Tivoli Directory Client TxP SSL CJ . . . . . . . . . . . . . . . . . . . . . . 3494(\?}]bD~ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 349mS)p_$i . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350bT SSL CJ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350
dC LDAP ~qwMM'zO$ . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3514(\?}]bD~ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351SO$PDq!vK$i . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3524(Mi!T)p$i . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 352mS)p_$i . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353bT SSL CJ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 354
Z 25 B AIX:208C policy server. . . . . . . . . . . . . . . . . . . . . . 355200*s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 356HACMP 73&C!O . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 357
>} HACMP dC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3594(8C policy server 73 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 366
E>:*w53M8C53hC UID . . . . . . . . . . . . . . . . . . . . . . . . . . 371E>:4Sw53ODD~M?< . . . . . . . . . . . . . . . . . . . . . . . . . . . 373>}:i$w~qwD?<"m4SMmI( . . . . . . . . . . . . . . . . . . . . . . . 374E>:S AIX 53D~4S=8C53OD2m?< . . . . . . . . . . . . . . . . . . . . 376>}:i$8C~qwD?<"m4SMmI( . . . . . . . . . . . . . . . . . . . . . . 377
Z 26 B Tivoli Access Manager 5CLr. . . . . . . . . . . . . . . . . . . . 379amwebcfg . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 381AMWLSConfigure –action config . . . . . . . . . . . . . . . . . . . . . . . . . . . . 386AMWLSConfigure –action unconfig . . . . . . . . . . . . . . . . . . . . . . . . . . . 388AMWLSConfigure –action create_realm . . . . . . . . . . . . . . . . . . . . . . . . . . 389AMWLSConfigure –action delete_realm . . . . . . . . . . . . . . . . . . . . . . . . . . 391amwpmcfg . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 392ivrgy_tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 395migrateEAR4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 397migrateEAR5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 400pdbackup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 403pdconfig . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 411pdjrtecfg . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 412pd_start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 416
?< ix
pdwascfg . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 417pdweb . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 421pdwebpi . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 423pdwebpi_start. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 424pdwpi-version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 426pdwpicfg –action config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 427pdwpicfg –action unconfig . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 429wesosm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 431wslstartwte . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 433wslstopwte . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 434
Z 27 B 9Cl&D~ . . . . . . . . . . . . . . . . . . . . . . . . . . . . 435l&D~#e . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 436
yw . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 445OpenSSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 446XML Parser Toolkit License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 449Pluggable Authentication Module License. . . . . . . . . . . . . . . . . . . . . . . . . . 449Apache Axis Servlet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 450JArgs command line option parsing suite for Java . . . . . . . . . . . . . . . . . . . . . . . 451Java DOM implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 451Alfalfa Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 452Kerberos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 453InfoZip. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 453gSOAP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 454Apache Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 455Lj . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 456
Jcm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 457
w} . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463
x IBM Tivoli Access Manager for e-business: Web Security 208O
0T
IBM® Tivoli® Access Manager(Tivoli Access Manager)GKP Access Manager z7
W~PD&CLryhDy!m~#|'V Access Manager &CLrD/I,bya
)Ks6'DZ(M\mbv=8#w*/Ibv=8v[Db)z7,|Ga)K
;VCJXF\mbv=8,bVbv=89xgM&CLr2+_T/P/TCZ
gSLq&CLr#
":IBM Tivoli Access Manager GH0"PDF* Tivoli SecureWay® Policy Director
m~DB{F#,y,TZl$ Tivoli SecureWay Policy Director m~MD5DC
',uo\m~qwVZF* policy server#
6IBM Tivoli Access Manager for e-business Web Security 208O75wgN20M
dC Tivoli Access Manager for e-business,|( Base M Web Security 53#
>8ODA_
>8Ofr:p20M?p IBM Tivoli Access Manager D53\m1#
A_&l$TBZ]:
v PC M UNIX® Yw53
v }]be5a9MEn
v 2+\m
v rXx-i,|( HTTP"TCP/IP"D~+d-i(FTP)M Telnet
v a?6?<CJ-i(LDAP)M?<~q
v O$MZ(
g{tC2+WSVc(SSL)(E,9&l$ SSL -i"\?;;(+CM(C)"
}V){"\kc(MO$PD#
>8ODZ]
Z 1 ?V, :f.20;|,TBBZ:
v Z 3 3DZ 1 B, :20Ev;
a)XZ9C20r<r>z205CLr420 Tivoli Access Manager m~DE
v#
v Z 25 3DZ 2 B, :53hs;
PvI&20 Tivoli Access Manager m~yXhDm~M2~hs#
v Z 41 3DZ 3 B, :zJ/;
8>gN20oT|TZG"o73PtC Tivoli Access Manager#
Z 2 ?V, :Base 5320;|,TBBZ:
v Z 55 3DZ 4 B, :20"am~qw;
hvgN20MdC\'VD"amTk Tivoli Access Manager ;p9C#
© Copyright IBM Corp. 2001, 2003 xi
Z 5 - 11 Ba)XZgN20MdC Tivoli Access Manager i~MX8z7T
20 Tivoli Access Manager Base 53D8>E"#*20r<M>z|nP5CL
r<a)K8>E"#
v Z 97 3DZ 5 B, :20 policy server;
v Z 105 3DZ 6 B, :20 authorization server;
v Z 111 3DZ 7 B, :20 Development(ADK)53;
v Z 117 3DZ 8 B, :20 Java runtime environment 53;
v Z 123 3DZ 9 B, :20 policy proxy server;
v Z 129 3DZ 10 B, :20 runtime 53;
v Z 135 3DZ 11 B, :20 Web Portal Manager 53;
Z 3 ?V, :Web Security 5320;|,8>gN20MdC Tivoli Access Manager
i~MX8z7T20 Tivoli Access Manager Web Security 53DBZ#*20r<
M>z|nP5CLr<a)K8>E"#
v Z 149 3DZ 12 B, :20 Attribute Retrieval Service;
v Z 155 3DZ 13 B, :20 plug-in for Edge Server;
v Z 167 3DZ 14 B, :20 plug-in for Web Servers;
v Z 179 3DZ 15 B, :20 Tivoli Access Manager for WebLogic;
v Z 199 3DZ 16 B, :20 Tivoli Access Manager for WebSphere;
v Z 215 3DZ 17 B, :20 WebSEAL development(ADK)53;
v Z 223 3DZ 18 B, :20 WebSEAL server;
Z 4 ?V, :N<E";|,TBBZ:
v Z 233 3DZ 19 B, :20X8z7;
hvgN20X( Tivoli Access Manager 53OyXhDX8z7#z7|( Global
Security Kit(GSKit)"IBM Tivoli Directory Client"IBM JRE"IBM WebSphere
Application Server M IBM Tivoli Directory Server Web Administration Tool#
v Z 261 3DZ 20 B, :6Xi~;
a)PX!{dCM}%X8z70 Tivoli Access Manager m~|D8>E"#
v Z 267 3DZ 21 B, :20r<&C!O;
a)PXZ9C20r<1arza>DdC!nD&C!OMhv#
v Z 287 3DZ 22 B, :20r<!n;
a)PXZ9C20r<xP Tivoli Access Manager dC1arza>DdC!n
Dhv#
v Z 319 3DZ 23 B, :pdconfig !n;
a)PXZ9C pdconfig 5CLrxP Tivoli Access Manager dC1arza>
DdC!nDhv#
v Z 335 3DZ 24 B, :tC2+WSVc;
5wgN*"am~qwM IBM Tivoli Directory Client .dD2+(ExtC SSL
}]S\#
v Z 355 3DZ 25 B, :AIX:208C policy server;
hvgN208C policy server T@"z53JO(vZ AIX® O)#K&\*sn
bDm~M2~,|(_ICT:/`&m(HACMP)m~#
xii IBM Tivoli Access Manager for e-business: Web Security 208O
v Z 379 3DZ 26 B, :Tivoli Access Manager 5CLr;
a)XZZ20 Tivoli Access Manager 531y9CDdC5CLrDN<E"#
v Z 435 3DZ 27 B, :9Cl&D~;
a)PXgN9Cl&D~,1Z`vzwO20`vz7D8>E"#
vfo
4iT Tivoli Access Manager JOb"X8vfoT0`XvfoDhv47(zI
\O*D)vfoPyoz#Z7(zh*Dvfo.s,kN<PXZ_CJvf
oD8>E"#
XZ IBM Tivoli Access Manager for e-business z7>mD=SE"IZTBX7R
=:
http://www.ibm.com/software/tivoli/products/access-mgr-e-bus/
Tivoli Access Manager JOb;i/*TB`p:
v :"PE";
v :Base E";
v :Web security E";
v Z xiv 3D:*"_N<;
v Z xv 3D:<u9d;
"PE"
v 6IBM Tivoli Access Manager for e-business kHDA7 (G152-0804-00)
a)9C Tivoli Access Manager xP20"*<9CDE"#
v 6IBM Tivoli Access Manager for e-business "P5w7 (G152-0805-00)
a)ngm~V^"d(=(MD5|BDnBE"#
Base E"
v 6IBM Tivoli Access Manager Base 208O7 (S152-0806-00)
5wgN20MdC Tivoli Access Manager base m~,|( Web Portal Manager
SZ#CiG6IBM Tivoli Access Manager for e-business Web Security 208O7
D;vS/,<Zkd| Tivoli Access Manager z7(g IBM Tivoli Access Manager
for Business Integration M IBM Tivoli Access Manager for Operating Systems);
p9C#
v 6IBM Tivoli Access Manager Base \m8O7 (S152-0807-00)
hv9C Tivoli Access Manager ~qDEnM}L#a)S Web Portal Manager g
fT0(}9C pdadmin |n4PNqD8>E"#
Web security E"
v 6IBM Tivoli Access Manager for e-business Web Security 208O7 (S152-0808-00)
a)PX Tivoli Access Manager base m~T0 Web Security i~D20"dCM
}%D8>E"#CiG6IBM Tivoli Access Manager Base 208O7D,/#
0T xiii
v 6IBM Tivoli Access Manager for e-business WebSEAL \m8O7 (S152-0809-00)
a)9C WebSEAL \m2+ Web rPJ4D30JO"\m}LM<uN<E
"#
v 6IBM Tivoli Access Manager for e-business IBM WebSphere Application Server /
I8O7 (S152-0810-00)
a)PX+ Tivoli Access Manager k IBM WebSphere® Application Server xP/
ID20"}%M\mD8>E"#
v IBM Tivoli Access Manager for e-business IBM WebSphere Edge Server Integration
Guide (SC32-1367-00)
a)PX+ Tivoli Access Manager k IBM WebSphere Edge Server &CLrxP
/ID20"}%M\mD8>E"#
v 6IBM Tivoli Access Manager for e-business Plug-in for Web Servers /I8O7
(S152-0813-00)
a)9C Plug-in for Web Servers #$ Web r2+D208>E""\m}LM
<uN<E"#
v 6IBM Tivoli Access Manager for e-business BEA WebLogic Server /I8O7
(S152-0811-00)
a)CZ+ Tivoli Access Manager k BEA WebLogic Server xP/ID20"}
%M\mD8>E"#
v IBM Tivoli Access Manager for e-business IBM Tivoli Identity Manager Provisioning
Fast Start Guide (SC32-1364-00)
a)k+ Tivoli Access Manager k Tivoli Identity Manager xP/I`XDNqD
Ev,"5wgN9CM20 Provisioning Fast Start /O#
*"_N<
v IBM Tivoli Access Manager for e-business Authorization C API Developer Reference
(SC32-1355-00)
a)hvgN9C Tivoli Access Manager Z( C API k Tivoli Access Manager ~
qe~SZ+ Tivoli Access Manager 2+TmS=&CLrPDN<JO#
v IBM Tivoli Access Manager for e-business Authorization Java Classes Developer Reference
(SC32-1350-00)
a)9CZ( API D Java™ oT5V'V&CLr9C Tivoli Access Manager 2
+TDN<E"#
v IBM Tivoli Access Manager for e-business Administration C API Developer Reference
(SC32-1357-00)
a)XZ9C\m API 'V&CLr4P Tivoli Access Manager \mNqDN<
E"#>D5hv\m API D C 5V#
v IBM Tivoli Access Manager for e-business Administration Java Classes Developer
Reference (SC32-1356-00)
a)9C\m API D Java oT5V'V&CLr4P Tivoli Access Manager \m
NqDN<E"#
v IBM Tivoli Access Manager for e-business Web Security Developer Reference
(SC32-1358-00)
xiv IBM Tivoli Access Manager for e-business: Web Security 208O
a)PXgrO$~q(CDAS)"gr3dr\(CDMF)T0\kS?#iD\
mM`LE"#
<u9d
v IBM Tivoli Access Manager Upgrade Guide (SC32-1369-00)
5wgN+ Tivoli Access Manager for e-business 53}6A V5.1 6p#
v IBM Tivoli Access Manager for e-business Command Reference (SC32-1354-00)
a)XZ Tivoli Access Manager a)D|nP5CLrME>DE"#
v IBM Tivoli Access Manager Error Message Reference (SC32-1353-00)
a) Tivoli Access Manager yzz{"D5wMFvDYw#
v IBM Tivoli Access Manager for e-business Problem Determination Guide (SC32-1352-00)
a) Tivoli Access Manager DJb7(E"#
v 6IBM Tivoli Access Manager for e-business T\w{8O7 (S152-0812-00)
a)PXT IBM Directory Server *C'"amD Tivoli Access Manager y9ID
73DT\w{E"#
`Xvfo
>ZPvk Tivoli Access Manager JOb`XDvfo#
Tivoli Software Library a)`V Tivoli vfo,}gW$i"}]m"]>"Redbooks
Myw/#Tivoli Software Library ITSTB Web >cOq!:
http://www.ibm.com/software/tivoli/library/#
Tivoli Software Glossary |,m`k Tivoli m~`XD<uuoD(e#Tivoli Software
Glossary(v"of)IS(}TB Tivoli Software Library Web 3fOs_D Glossary4Sq!:http://www.ibm.com/software/tivoli/library/#
IBM Global Security KitTivoli Access Manager (}9C IBM Global Security Kit(GSKit)V7 a)}]S\#
GSKit |,ZT&ZzX(=(D IBM Tivoli Access Manager Base CD OT0 IBM
Tivoli Access Manager Web Security CD"IBM Tivoli Access Manager Web Administration
Interfaces CD M IBM Tivoli Access Manager Directory Server CD O#
GSKit m~|a) iKeyman \?\m5CLr gsk7ikm,|CZ4(\?}]b"+
C-(C\?TT0$iks#TBD5IS Tivoli Information Center Web >cOk
IBM Tivoli Access Manager z7D5`,D?VPR=:
v IBM Global Security Kit Secure Sockets Layer and iKeyman User’s Guide (SC32-1363-00)
*F.Zd Tivoli Access Manager 73PtC SSL (EDxgr532+\m1
a)E"#
IBM Tivoli Directory ServerIBM Tivoli Directory Server V5.2 |,ZT&Zy*Yw53D IBM Tivoli Access
Manager Directory Server CD O#
":IBM Tivoli Directory Server GH0"PD{FgBDm~DB{F:
v IBM Directory Server(V4.1 M V5.1)
0T xv
v IBM SecureWay Directory Server(V3.2.2)
IBM Directory Server V4.1"IBM Directory Server V5.1 M IBM Tivoli Directory Server
V5.2 <\= IBM Tivoli Access Manager V5.1 D'V#
XZ IBM Tivoli Directory Server D=SE"IZTBX7R=:
http://www.ibm.com/software/network/directory/library/
IBM DB2 (C}]bIBM DB2® (C}]b™s5~qwff> 8.1 Z IBM Tivoli Access Manager Directory
Server CD Oa),"k IBM Tivoli Directory Server m~;p20#Z+ IBM Tivoli
Directory Server"z/OS™ r OS/390® LDAP ~qwCw Tivoli Access Manager DC
'"am1,DB2 GXhD#
XZ DB2 D=SE"IZTBX7R=:
http://www.ibm.com/software/data/db2/
IBM WebSphere Application ServerIBM WebSphere Application Server V5.0.2 |,ZT&Zy*Yw53D IBM Tivoli
Access Manager Web Administration Interfaces CD O#WebSphere Application Server
tCT Web Portal Manager SZ"attribute retrieval service M IBM Tivoli Directory
Server Web Administration Tool D'V#
XZ IBM WebSphere Application Server D=SE"IZTBX7R=:
http://www.ibm.com/software/webservers/appserv/infocenter.html
IBM Tivoli Access Manager for Business IntegrationIBM Tivoli Access Manager for Business Integration w*I%@):Dz7xa),*
IBM MQSeries® V5.2 MCZ V5.3 {"D IBM WebSphere MQ a)K2+Tbv=
8#IBM Tivoli Access Manager for Business Integration 'V WebSphere MQSeries &
CLr(}9Ck"MMSU&CLrX*D\?=\X"Rj{X"M}]#s
WebSEAL M IBM Tivoli Access Manager for Operating Systems ;y,IBM Tivoli Access
Manager for Business Integration G9C IBM Tivoli Access Manager ~qDJ4\m
w.;#
XZ IBM Tivoli Access Manager for Business Integration D=SE"IZTBX7R
=:
http://www.ibm.com/software/tivoli/products/access-mgr-bus-integration/
TBk IBM Tivoli Access Manager for Business Integration V5.1 `X*DD5IZ
Tivoli Information Center Web >cOR=:
v 6IBM Tivoli Access Manager for Business Integration \m8O7(S152-0085-01)
v 6IBM Tivoli Access Manager for Business Integration Jb7(8O7(G152-0676-00)
v 6IBM Tivoli Access Manager for Business Integration "P5w7(G152-0518-00)
v 6IBM Tivoli Access Manager for Business Integration kHDA7(G152-0675-00)
xvi IBM Tivoli Access Manager for e-business: Web Security 208O
IBM Tivoli Access Manager for WebSphere BusinessIntegration BrokersIBM Tivoli Access Manager for WebSphere Business Integration Brokers w* IBM Tivoli
Access Manager for Business Integration D;?Vxa),* WebSphere Business
Integration Message Broker V5.0 M WebSphere Business Integration Event Broker V5.0
a)K2+Tbv=8#IBM Tivoli Access Manager for WebSphere Business Integration
Brokers (}a)yZ\kM>$DO$"/P(eDZ(T0sF~q4k Tivoli
Access Manager -,KPT#$ JMS "</$)&CLr#
XZ IBM Tivoli Access Manager for WebSphere Integration Brokers D=SE"IZ
TBX7R=:
http://www.ibm.com/software/tivoli/products/access-mgr-bus-integration/
TBk IBM Tivoli Access Manager for WebSphere Integration Brokers V5.1 `X*D
D5IZ Tivoli Information Center Web >cOR=:
v 6IBM Tivoli Access Manager for WebSphere Business Integration Brokers \m8O7
(S152-0793-00)
v 6IBM Tivoli Access Manager for WebSphere Business Integration Brokers "P5w7
(G152-0794-00)
v 6IBM Tivoli Access Manager for Business Integration kHDA7(G152-0675-00)
IBM Tivoli Access Manager for Operating SystemsIBM Tivoli Access Manager for Operating Systems w*%@I):Dz7a),}K
a)>zYw53ya)DZ(_T.b,9Z UNIX 53Oa);cZ(_Tv?#
IBM Tivoli Access Manager for Operating Systems s WebSEAL M IBM Tivoli Access
Manager for Business Integration ;y,G9C IBM Tivoli Access Manager ~qDJ
4\mw.;#
XZ IBM Tivoli Access Manager for Operating Systems D=SE"IZTBX7R=:
http://www.ibm.com/software/tivoli/products/access-mgr-operating-sys/
TBk IBM Tivoli Access Manager for Operating Systems V5.1 `X*DD5IS Tivoli
Information Center Web >cOR=:
v 6IBM Tivoli Access Manager for Operating Systems 208O7(S152-0190-00)
v 6IBM Tivoli Access Manager for Operating Systems \m8O7(S152-0571-00)
v 6IBM Tivoli Access Manager for Operating Systems Jb7(8O7(S152-0179-00)
v 6IBM Tivoli Access Manager for Operating Systems "P5w7(G152-0185-00)
v 6IBM Tivoli Access Manager for Operating Systems kHDA7(G152-0186-00)
IBM Tivoli Identity ManagerIBM Tivoli Identity Manager V4.5 w*I%@):Dz7xa),9zIT/P\mC
'(gC'j6M\k)M)&(a)r7zT&CLr"J4rYw53DCJ)#
Tivoli Identity Manager IT(}9C Tivoli Access Manager zmLrxk Tivoli Access
Manager /IZ;p#k*5zD IBM M'zmTq!XZ:rCzmLrD|`E
"#
0T xvii
XZ IBM Tivoli Identity Manager D=SE"IZTBX7R=:
http://www.ibm.com/software/tivoli/products/identity-mgr/
Z_CJvfo
TB Tivoli Software Library PZ_a)>z7DIF2D5q=(PDF)M/r,D
>jGoT(HTML)q=Dvfo:http://www.ibm.com/software/tivoli/library
*ZbP(;z7vfo,k%wb3fs`D Product manuals 4S#;sZ Tivoli
Software Information Center 3fO(;"%wz7{F#
z7vfo|("P5w"208O"C'8O"\m18OT0*"_N<s+#
":*7#\}7r! PDF vfo,kZ Adobe Acrobat r!0Z(I(}%wD~
→ r!4T>C0Z)P!qJO3f4!r#
(z!n
(z!n&\ozG)mePO(}gP/;crS&O-)DC'I&X9Cm~
z7#TZ>z7,zIT9C(z<uv}r/@gf#2I9C|L!zsj4
Yw<NC'gfDyP&\#
*5m~'V
ZM3;Jb*5 IBM Tivoli m~'V.0,k%w;ZTB Web >cD Tivolisupport 4STCJ IBM Tivoli m~'V>c: http://www.ibm.com/software/support/
g{h*d|oz,rk(}9CTB Web >cD IBM Software Support Guide Py
hvD=(4*5m~'V: http://techsupport.services.ibm.com/guides/handbook.html
C8Oa)KTBE":
v SU'VyhD"aMJqhs
v g0Ek(y]zyZDzRMXx)
v *5M''V.0&U/D;5PE"
>iP9CD<(
>N<TX(uoMYwT0@5ZYw53D|nM769CKtI<(#
Ve<(
>N<P9CKTBVM<(:
Ve QTk\'D>"X|V"N}"!n"Java `{T0TsxVD!4|nr
s!4lO|nyTVeVT>#
1e d?"vfojbM&C?wDXb%JrLoyT1eVT>#
HmVM
QTk\'D>"53{""C'XkdkDD>T0Td?r|n!nD5
xPxVDzk>}"|nP"A;dvT0D~{M?<{yTHmVMT
>#
xviii IBM Tivoli Access Manager for e-business: Web Security 208O
Yw53xp
>iTZ8(73d?M?<{E9CK UNIX <(#9C Windows |nP1,TZ
73d?kC %variable% f; $variable,"+?<76PD?v}1\(/)f;*4
1\(\)#g{Z Windows 53O9C bash bGLr,rIT9C UNIX <(#
0T xix
xx IBM Tivoli Access Manager for e-business: Web Security 208O
Z 1 ?V f.20
Z 1 B 20Ev . . . . . . . . . . . . 3f.?p . . . . . . . . . . . . . . . . 42+rEv . . . . . . . . . . . . . . . 5Tivoli Access Manager 20i~ . . . . . . . . 6
Tivoli Access Manager Base i~ . . . . . . 6Access Manager Application Development Kit . . 6Access Manager Authorization Server. . . . . 6Access Manager Java Runtime Environment . . 6Access Manager Policy Proxy Server . . . . . 7Access Manager Policy Server . . . . . . . 7Access Manager Runtime . . . . . . . . 7Access Manager Web Portal Manager . . . . 8Provisioning Fast Start . . . . . . . . . 8
Tivoli Access Manager Web Security i~ . . . . 9Access Manager Attribute Retrieval Service. . . 9Access Manager for WebLogic Server . . . . 9Access Manager for WebSphere ApplicationServer . . . . . . . . . . . . . . . 9Access Manager Plug-in for Edge Server . . . 9Access Manager Plug-in for Web Server . . . 10Access Manager Web Security Runtime . . . 10Access Manager WebSEAL ApplicationDevelopment Kit . . . . . . . . . . . 10Access Manager WebSEAL Server . . . . . 10
X8z7 . . . . . . . . . . . . . . 11IBM Global Security Kit . . . . . . . . 11IBM Java Runtime Environment(JRE) . . . 11IBM Tivoli Directory Client . . . . . . . 11IBM Tivoli Directory Server . . . . . . . 11IBM Tivoli Directory Server WebAdministration Tool . . . . . . . . . . 11IBM WebSphere Application Server . . . . . 12
Tivoli Access Manager 53D`M . . . . . . . 13Tivoli Access Manager Base 53 . . . . . . 13Tivoli Access Manager Web Security 53 . . . 18
20=( . . . . . . . . . . . . . . . 2220r< . . . . . . . . . . . . . . 22>z205CLr . . . . . . . . . . . 23
20}L . . . . . . . . . . . . . . . 24
Z 2 B 53hs . . . . . . . . . . . . 25\'VD"am . . . . . . . . . . . . . 25
IBM Tivoli Directory Server . . . . . . . . 25IBM Tivoli Directory Server WebAdministration Tool . . . . . . . . . . 26
IBM Security Server for OS/390 . . . . . . . 27IBM z/OS Security Server LDAP Server . . . . 28Lotus Domino . . . . . . . . . . . . . 28Microsoft Active Directory . . . . . . . . . 28Netscape iPlanet M Sun ONE Directory Server . . 28Novell eDirectory. . . . . . . . . . . . 29
ELUdMZfhs . . . . . . . . . . . 30Tivoli Access Manager Base i~ . . . . . . 31Tivoli Access Manager Web Security i~ . . . 32
\'VD=((|(Xh9!) . . . . . . . . 33rBf]T . . . . . . . . . . . . . . 392~SY('V . . . . . . . . . . . . . 40
Z 3 B zJ/ . . . . . . . . . . . . . 41oT'VEv . . . . . . . . . . . . . . 4220oT'V| . . . . . . . . . . . . . 4320 IBM Tivoli Directory Server oT| . . . . 456XoT'V| . . . . . . . . . . . . . 47oT73d? . . . . . . . . . . . . . . 48
UNIX 53OD LANG d? . . . . . . . . 48Windows 53OD LANG d? . . . . . . . 499CoT73de . . . . . . . . . . . 49
{"`? . . . . . . . . . . . . . . . 50D>`k(zk/)'V . . . . . . . . . . 51
zk/D~D;C . . . . . . . . . . . 51
© Copyright IBM Corp. 2001, 2003 1
2 IBM Tivoli Access Manager for e-business: Web Security 208O
Z 1 B 20Ev
Z4(K?pF..s,zMQ<8CITZV<=73PD53O20 Tivoli Access
Manager m~#g{zQ-20K Tivoli Access Manager m~,k|BzH0D?p
F."q- IBM Tivoli Access Manager Upgrade Guide Pa)DTB8>E"#
":PXn|D"PfE"(|(Q*1]MV^),kN<6IBM Tivoli Access
Manager for e-business "P5w7#
>B|,BP?V:
v Z 4 3D:f.?p;
v Z 5 3D:2+rEv;
v Z 6 3D:Tivoli Access Manager 20i~;
v Z 13 3D:Tivoli Access Manager 53D`M;
v Z 22 3D:20=(;
v Z 24 3D:20}L;
© Copyright IBM Corp. 2001, 2003 3
f.?p
Z5VX(D Tivoli Access Manager bv=8.0,Xk7(zDxgyXhDX(
2+TM\m\&#
f. Tivoli Access Manager 2+73?pDZ;=G(eFc73D2+Ths#(
e2+Thsb6E7(Xk&CZC'"LrM}]D5q_T#b|((eTB
n:
v *#$DTs
v ?vTsOyJmDYw
v qJ4PYwDC'
5)2+_Th*zKb-}xgXKDCJksw#b|(*@p="7IwMS
x6p}7DG+M;C#?p Tivoli Access Manager 2+739h*6pxgPD
nQcTCZ20TBm~,b)m~ICZ@@C'CJks"Zhr\xyks
DCJ#
2+_TD5Vh*zKbxgXk'VDC'"}]MLB?D}?#zXk@@
T\Xw"IluTMTJO*F\&Dhs#9Xk<G+IDm~"}]bM&
CLrk Tivoli Access Manager m~xP/I#
ZzKbKk*?pD&\?~.s,M\v(I+D) Tivoli Access Manager 53
M blade iOp4TnQX5V2+_T#
PXPCDf.D5(|(5J5q&C!O),kND;ZTB Web >cD9dz
7E":
http://www.ibm.com/redbooks/
http://www.ibm.com/software/sysmgmt/products/support/Field_Guides.html
20Ev
4 IBM Tivoli Access Manager for e-business: Web Security 208O
2+rEv
Tivoli Access Manager ZdP5)O$"Z(MCJXFD2+_TDFc73;F*
2+r#1z20MdCTB531,+4(F*\mrDu<2+r:
Policy server*\mr,$wZ(}]b#Kb,||BZ(}]b1>",$XZd|
Tivoli Access Manager ~qwD;CE"#
"am a) Tivoli Access Manager Q*DC'm]D}]b#|9ITm>kC'`
X*D Tivoli Access Manager G+i#
TZ Tivoli Access Manager,XkfZb)KD53E\4Py>Yw,gJmr\x
C'T\#$Ts(J4)DCJ#yPd| Tivoli Access Manager ~qMi~<Z
Ky!O9(#
zITZ`v53O?p Tivoli Access Manager r20yPXhDm~TZ;v@"
53OdCM9C\mr#v1*?p("-Mr*"MbT&CLr1,%53h
CEGPCD#
ZdCK policy server M"am~qw.s,zITZ\mrP20=SD53,g
authorization server r&CLr*"53#9IT4(=SD2+r(g{9C LDAP
"am);Sx+}]2+XVx=wT@"D_-ViP#PX4(`vrDE
",kND6IBM Tivoli Access Manager Base \m8O7#
20Ev
Z 1 B 20Ev 5
Tivoli Access Manager 20i~
>Zi\ Tivoli Access Manager i~,b)i~;c#{ZyP Tivoli Access Manager
20#9Cb)20i~420Z 13 3D:Tivoli Access Manager 53D`M;PP
vD Tivoli Access Manager 53#
|,TBBZ:
v :Tivoli Access Manager Base i~;
v Z 9 3D:Tivoli Access Manager Web Security i~;
v Z 11 3D:X8z7;
Tivoli Access Manager Base i~
Tivoli Access Manager Base |,TB20i~#b)i~ZT&Z\'V=(D IBM
Tivoli Access Manager Base CD Oa),+ Web Portal Manager i~}b,|GZ
IBM Tivoli Access Manager Web Administration Interfaces CD Oa)D#9Cb)2
0i~420Z 13 3D:Tivoli Access Manager Base 53;PPvD Base 53#
Access Manager Application Development KitAccess Manager Application Development Kit a)by;V*"73:9zIT`4Z
}=&CLrDzkTi/ authorization server 4q!Z(v_#C$_d|,TZ(
M\m&\,19C C API M Java™ `D'V#*KP Java Lrr`kMKPzT
:D Java Lr,zXk20MdC Java Runtime Environment 53#
Access Manager Authorization ServerAccess Manager Authorization Server a)TT6L_Y:f==9C Tivoli Access
Manager Z( API DZ}=&CLrDZ(~qDCJ#authorization server 9d1U
>G<MsFU/~qwTf"~qwn/DG<#
Access Manager Java Runtime EnvironmentAccess Manager Java Runtime Environment *Z Tivoli Access Manager 2+rP*"
M?p Java &CLra)KI?D73#9C|rBDrVPD Java &CLrmS
Tivoli Access Manager Z(M2+~q#
zIT9C pdjrtecfg |n+Ci~dCI9Cz53OD}7 JRE#2IT+Ci~
dCI,;53OD8v;, JRE(g{PKhs)#
k"b,g{zF.20 Web Portal Manager SZ,Ci~MGXhD#g{zG9
C Tivoli Access Manager Java runtime environment `D*"_,rCi~TZ Access
Manager Application Development Kit i~2GXhD#PX|`E",kND IBM
Tivoli Access Manager for e-business Administration Java Classes Developer Reference
M IBM Tivoli Access Manager for e-business Authorization Java Classes Developer
Reference#
20Ev
6 IBM Tivoli Access Manager for e-business: Web Security 208O
Access Manager Policy Proxy ServerAccess Manager Policy Proxy Server CZ20zm~qw,xzm~qwd1O;IE
k|*IEDxg.dDPi#C~qw7#2+T"a)\mXFM_Y:f~
q#|k+s5xgkb?xgVt*DxX~qwr#$s5xg;\b?VkD
@p=~qw`X*,r_Gd;?V#Z Tivoli Access Manager 73P,zm~q
wzm policy server KPx(}?DZ(&CLrM\m&\,g pdadmin |n#
Access Manager Policy ServerAccess Manager Policy Server *\mr,$wZ(}]bT0,$kzI\v(4(D
d|2+r`X*D_T}]b#C~qwG&mCJXF"O$MZ(ksDX
|#|9|BZ(}]b1>",$XZd| Tivoli Access Manager ~qwD;CE
"#
I!X,zITdC8C~qwZ53JOrbb#zDivBS\ policy server &
\#1 policy server 1z1,8C policy server ad1w policy server,1Aw policy
server VP#Kd-4DG+#SE,8C policy server +X4*8CG+#ZNNx
(1L,;P;vn/D policy server R;P;v_T}]b2m1>#
Tivoli Access Manager 'VZ\'VD AIX =(O9C;v8C policy server#Kb,
?p8C policy server h*20"dC_ICT:/`&m(HACMP)m~ - Cm
~G;V:/bv=8,hF*(}i~_`M&CLrJO*Fa)TX|5q}
]M&CLrD_ICTCJ#
Access Manager RuntimeAccess Manager Runtime |,&CLrIC4CJ Tivoli Access Manager ~qwDK
P1bM'VD~#
zXkZKP Tivoli Access Manager D?v53(Web Portal Manager M Java runtime
environment 53}b)O20MdC Access Manager Runtime i~#
20Ev
Z 1 B 20Ev 7
Access Manager Web Portal ManagerAccess Manager Web Portal Manager GCZ Tivoli Access Manager \mDyZ Web
D<NC'gf(GUI)#k pdadmin |nPSZ`F,C GUI a)TC'"i"G
+"mI("_TMd| Tivoli Access Manager NqD\m#X|EFZZzIT6
L4Pb)Nq,x^hNNXbxgdC#
Web Portal Manager SZ9|(;i/I\m~q,bi~q9s5IT+C'\m"
iMG+\m"2+\mT0&CLrCJ)&/Ix5q53PDNk_(Sr)#
b)SrITx;=+K*M\m/Ix\dXFDIESr#
Ci~%@Z IBM Tivoli Access Manager Web Administration Interfaces CD Oa)#
Web Portal Manager gfD'V/@wgB:
v Netscape Navigator 4.7x M 7.0
v Microsoft Internet Explorer 5.5 M 6.0
Provisioning Fast StartProvisioning Fast Start Installer ZT&Z AIX M Windows =(D Tivoli Access Manager
Base CD Oa)#9CC20Lr420ITozz+ Tivoli Access Manager k Tivoli
Identity Manager(bG%@):D IBM z7)/IZ;pD Provisioning Fast Start 5
CLr/O#b)5CLry'VDNq|(:
v Z Tivoli Identity Manager ~qwO4( Tivoli Access Manager ~qM)&_T
v dC Tivoli Identity Manager Tk WebSEAL %;"a;p9C
v +C'}]<k Tivoli Identity Manager "TdxP,=
v 4( Web gfTcC Tivoli Identity Manager xPC'\m
PX|`E",kND IBM Tivoli Access Manager for e-business IBM Tivoli Identity
Manager Provisioning Fast Start Guide#
20Ev
8 IBM Tivoli Access Manager for e-business: Web Security 208O
Tivoli Access Manager Web Security i~
Tivoli Access Manager Web Security |,TB20i~#b)i~ZT&Z\'V=
(D IBM Tivoli Access Manager Web Security CD Oa),+ attribute retrieval service
}b,|;Z IBM Tivoli Access Manager Attribute Retrieval Service CD O#9Cb
)20i~420Z 18 3D:Tivoli Access Manager Web Security 53;PPvD Web
Security 53#
Access Manager Attribute Retrieval ServiceAccess Manager Attribute Retrieval Service k WebSEAL DZ(v_E"(ADI)&\
?~-,9C#C~qa) WebSEAL Z(~qbkZ(v_E"Db?a)Lr.d
D(EMq=*;~q#
attribute retrieval service %@b0ZT&ZX(=(D IBM Tivoli Access Manager
Attribute Retrieval Service CD O#PX|`E",kND6IBM Tivoli Access Manager
for e-business WebSEAL \m8O7#
Access Manager for WebLogic ServerAccess Manager for WebLogic Server )9 IBM Tivoli Access Manager T'V* BEA
WebLogic Server `4D&CLr#
(}9C BEA WebLogic Server Security Service Provider Interface,Access Manager
for WebLogic Server MIT9C Tivoli Access Manager \mDC'"am4O$C'#
C'"amPDi1m]ITC40l WebLogic Server wvDZ(v_#
z9IT20 WebSEAL r Access Manager Plug-in for Web Server 4)9 Access
Manager for WebLogic Server D2+&\?~Ta)TnUC'%;"aD'V#Ci
~9 WebLogic Server &CLrIT9C Tivoli Access Manager 2+Tx^hNN`
kr?p|D#PX|`E",kND6IBM Tivoli Access Manager for e-business BEA
WebLogic Server /I8O7#
Access Manager for WebSphere Application ServerAccess Manager for WebSphere Application Server (}* IBM WebSphere Application
Server &CLra)yZ]wDZ(M/P_T\m,Sx)9K Tivoli Access
Manager#Ci~Ik WebSphere Application Server /IZ;p,":pG+=wer
iDyP3d#
Tivoli Access Manager for WebSphere 9a)ICZ+0G+=we1r0G+=i1
D3dS Java 2 Enterprise Edition(J2EE)?phv{<k= Tivoli Access Manager
2+#=D(F5CLr#C5CLrITS9uDr)9D WebSphere Enterprise
Archive(EAR)D~(F}]#PX|`E",kND6IBM Tivoli Access Manager for
e-business IBM WebSphere Application Server /I8O7#
Access Manager Plug-in for Edge ServerAccess Manager Plug-in for Edge Server +O$MZ(&\mS= IBM WebSphere Edge
Server z7#1Ke~w*2+rPDZ(~q5V1,|IT*CrZDJ4a)%
;"abv=8#PX|`E",kND IBM Tivoli Access Manager for e-business IBM
WebSphere Edge Server Integration Guide#
20Ev
Z 1 B 20Ev 9
Access Manager Plug-in for Web ServerAccess Manager Plug-in for Web Server (}d1M'zk2+ Web Ud.dDxX
4\myZ Web DJ4D2+T#Ce~5VI#$ Web TsUdD2+_T#C
e~ITa)%;"abv=8,'V Web ~qww*ibwzKP,"+ Web &
CLr~qwJ4O"=d2+_TP#PX|`E",kND6IBM Tivoli Access
Manager for e-business Plug-in for Web Servers /I8O7#
Access Manager Web Security RuntimeAccess Manager Web Security Runtime |,CZ Web Security 53(g Access Manager
WebSEAL M Plug-in for Web Servers)D2mO$bD~#
Access Manager WebSEAL Application Development KitAccess Manager WebSEAL ADK |,CZ Tivoli Access Manager grO$~q
(CDAS)"Tivoli Access Manager gr3dr\(CDMF)M Tivoli Access Manager
\k?H#iD*" API#
Access Manager WebSEAL ServerAccess Manager WebSEAL GCZyZ Web DJ4D2+T\mw#WebSEAL G_
T\"`_LD Web ~qw,|+8#H2+_T&CZ\#$D Web TsUd#
WebSEAL ITa)%;"abv=8,"+sK Web &CLr~qwJ4O"=d
2+T_TP#
20Ev
10 IBM Tivoli Access Manager for e-business: Web Security 208O
X8z7
Tivoli Access Manager |,TBX8z7#b)z7f Tivoli Access Manager ;pa
),RZ20X(D Tivoli Access Manager 531GXhD#PX20 Tivoli Access
Manager 53yXhDX820i~DPm,kNDZ 14 3Dm 1#
IBM Global Security KitIBM Global Security Kit(GSKit)a)K Tivoli Access Manager 53M\'VD"a
m~qw.dD2+WSVc(SSL)}]S\# GSKit m~|920 iKeyman \?
\m5CLr(gsk7ikm),C5CLr9z\;4(\?}]b"+C-(C\?
TT0$iks#
zXkZ20s`}d| Tivoli Access Manager i~.0H20 GSKit# GSKit G
Access Manager Runtime i~DX8m~,xs_GyP Tivoli Access Manager 53
(Java Runtime Environment"Web Portal ManagerM Attribute Retrieval Service 53
}b)OyXhD#PX9CC5CLrTT\'VD"am~qwtC SSL DE",
kNDZ 335 3DZ 24 B, :tC2+WSVc;,rN< IBM Global Security Kit
Secure Sockets Layer and iKeyman User’s Guide#
":OpenSSL |,Z GSKit P,RITCZ\kYw(y] OpenSSL mI$-i)#
IBM Java Runtime Environment(JRE)
120 Access Manager Java Runtime Environment i~MoT'V|r_9C Tivoli
Access Manager 20r<1,IBM JRE GXhD#
IBM Tivoli Directory ClientIBM Tivoli Directory Client ZT&Z\'VD AIX"HP-UX"Linux"Solaris M Windows
=(D IBM Tivoli Access Manager Directory Server CD Of IBM Tivoli Directory Server
a)#
XkZ?vKP Tivoli Access Manager D=(O20 IBM Tivoli Directory Client,
+TBiv}b:
v Tivoli Access Manager 53G,S= Active Directory rD\'VD Windows 53#
v }Z20 Java Runtime Environment"Web Portal Manager r attribute retrieval service
53#
v }+ Lotus Domino Cw"am~qw#
IBM Tivoli Directory ServerIBM Tivoli Directory Server V5.2 ZT&Z\'VD AIX"HP-UX"Linux"Sun Solaris
Operating Environment M Windows =(D IBM Tivoli Access Manager Directory Server
CD Oa)#zIT+C~qwCw Tivoli Access Manager "am~qwr9CZ 25
3D:\'VD"am;PPvD"am~qw.;#Ca?6?<CJ-i
(LDAP)?<w*@"X$xLxKP#|Ta)T LDAP ~qwDM'zCJDM
'z/~qw#M*y!#IBM Tivoli Directory Server a);VZPD;C,$?<
E"T)f""|B"lwM;;Drc=(#
IBM Tivoli Directory Server Web Administration ToolIBM Tivoli Directory Server V5.2 a) Web Administration Tool - ;VI%@20
D GUI,KPZ&CLr~qw(g IBM WebSphere Application Server)O#9C Web
20Ev
Z 1 B 20Ev 11
Administration Tool T IBM Tivoli Directory ~qwxP>Xr6L\m#zIT20
%v Web \mXF(4\m`v IBM Tivoli Directory ~qw,|( V4.1"5.1 M 5.2
~qw#
Web Administration Tool Z IBM Tivoli Access Manager Web Administration Interfaces
CD O%@a)#PX53hs(|(\'VD/@w),kNDZ 26 3D:IBM Tivoli
Directory Server Web Administration Tool;#
IBM WebSphere Application ServerIBM WebSphere Application Server 5.0.2 CZ20 Web Portal Manager SZ"attribute
retrieval service M Web Administration Tool#IBM WebSphere Application Server Z
T&Z\'V=(D IBM Access Manager Web Administration Interfaces CD Oa)#
k"b,IBM Tivoli Directory Server V5.2 (#a) WebSphere Application Server —
Express f>Tkd Web Administration Tool ;p9C#Z Tivoli Access Manager V5.1
P,b;r/D Web ~qw&CLr; IBM WebSphere Application Server V5.0.2(y
Z Java 2 Enterprise Edition(J2EE)M Web ~q<uDw*&CLr=(,|a)K
WzVIIzzD&CLr~qwPD;v,CZ*/,gSLqfh&dx?ps
5 Web ~qbv=8)f;#
20Ev
12 IBM Tivoli Access Manager for e-business: Web Security 208O
Tivoli Access Manager 53D`M
>ZPvzITZ2+rP20D53`M#a)K?v53`MDXh20i~M
\'V=(#
(iz+ policy server M"am~qw20Z;,53O#;},d|53`M;XG
%z53#}g,zITZk policy server `,D53O20 Web Portal Manager S
Z#
>Z|,TBZ]:
v :Tivoli Access Manager Base 53;
v Z 18 3D:Tivoli Access Manager Web Security 53;
Tivoli Access Manager Base 53
Z 14 3Dm 1 Pv Tivoli Access Manager Base 53D`M#
":
1. XkZ?vKP Tivoli Access Manager D=(O20 IBM Tivoli Directory Client
V5.2,+TBiv}b:
v Tivoli Access Manager 53G,S= Active Directory rD\'VD Windows 5
3#
v }Z20 Java runtime environment r Web Portal Manager 53#
v Domino G"am~qw#
2. g{}Z9C20r<420MdC Tivoli Access Manager 53,r IBM JRE 1.3.1
2GXhD#
3. SuSE Linux GDvOwoi+>.;,dz7yyZ UnitedLinux 1.0;d|+>*
SCO Group"Turbolinux M Conectiva#1 SuSe Linux Enterprise Server(SLES)
Pw\'VDz71,r5>d|Owoi+>DyZ UnitedLinux 1.0 'VDz7
2,y\'V#PX|`E",kN<;ZTBX7D UnitedLinux Web >c:
http://www.unitedlinux.com
20Ev
Z 1 B 20Ev 13
m 1. Tivoli Access Manager Base 53 - Xhi~M\'VD=(
53`M 20i~ \'VD=(
Authorization server v Global Security Kit
V7
v IBM Tivoli Directory Client
V5.21
v Access Manager Runtime V5.1
v Access Manager Authorization Server V5.1
v AIX 5.1.0 M 5.2.0
v HP-UX 11.0 M 11i
v Red Hat Enterprise Linux 3.0
v SuSE SLES8 for IA32
v SuSE SLES8 for S/390 and zSeries(31
;53),x Service Pack 2
v SuSE SLES8 for zSeries(64 ;53,31
;f]T==),x Service Pack 2
v SuSE SLES8 for pSeries and iSeries
v Solaris 8 M 9
v Windows 2000 Server M Advanced
Server,x Service Pack 3
v Windows 2003 Standard Server M
Enterprise Server
Development(ADK) v Global Security Kit
V7
v IBM Tivoli Directory Client
V5.21
v Access Manager Runtime V5.1
v Access Manager Application Development
Kit V5.1
v AIX 4.3.3"5.1.0 M 5.2.0
v HP-UX 11.0 M 11i
v Red Hat Enterprise Linux 3.0
v SuSE SLES8 for IA32
v SuSE SLES8 for S/390 and zSeries(31
;53),x Service Pack 2
v SuSE SLES8 for zSeries(64 ;53,31
;f]T==),x Service Pack 2
v Solaris 7"8 M 9
v Windows NT 4.0,x Service Pack 6a
v Windows 2000 Server M Advanced
Server,x Service Pack 3
v Windows 2003 Standard Server M
Enterprise Server
v Windows XP Pro
20Ev
14 IBM Tivoli Access Manager for e-business: Web Security 208O
m 1. Tivoli Access Manager Base 53 - Xhi~M\'VD=( (x)
53`M 20i~ \'VD=(
IBM Tivoli Directory Server g{zF.+ IBM Tivoli Directory Server
w* Tivoli Access Manager "am420,
rTBi~GXhD:
v Global Security Kit
V7
v IBM Tivoli Directory Client
V5.21
v IBM DB2 V8.1
v IBM Tivoli Directory Server
V5.2
v AIX 5.1.0 M 5.2.0
v Red Hat Enterprise Linux 3.0
v SuSE SLES8 for IA32
v SuSE SLES8 for S/390 and zSeries(31
;53),x Service Pack 2
v SuSE SLES8 for zSeries(64 ;53,31
;f]T==),x Service Pack 2
v SuSE SLES8 for pSeries and iSeries
v Solaris 8 M 9
v Windows NT 4.0,x Service Pack 6a
v Windows 2000 Server M Advanced
Server,x Service Pack 3
v Windows 2003 Standard Server M
Enterprise Server
Java runtime environment v Access Manager Java Runtime Environment
V5.1
v IBM JRE V1.3.1 r|_f>
v AIX 4.3.3"5.1.0 M 5.2.0
v HP-UX 11.0 M 11i
v Red Hat Enterprise Linux 3.0
v SuSE SLES8 for IA32
v SuSE SLES8 for S/390 and zSeries(31
;53),x Service Pack 2
v SuSE SLES8 for zSeries(64 ;53,31
;f]T==),x Service Pack 2
v SuSE SLES8 for pSeries and iSeries
v Solaris 7"8 M 9
v Windows NT,x Service Pack 6a
v Windows 2000 Server M Advanced
Server,x Service Pack 3
v Windows 2003 Standard Server M
Enterprise Server
20Ev
Z 1 B 20Ev 15
m 1. Tivoli Access Manager Base 53 - Xhi~M\'VD=( (x)
53`M 20i~ \'VD=(
Policy proxy server v Global Security Kit
V7
v IBM Tivoli Directory Client
V5.21
v Access Manager Runtime V5.1
v Access Manager Policy Proxy Server V5.1
v AIX 5.1.0 M 5.2.0
v HP-UX 11.0 M 11i
v Red Hat Enterprise Linux 3.0
v SuSE SLES8 for IA32
v SuSE SLES8 for S/390 and zSeries(31
;53),x Service Pack 2
v SuSE SLES8 for zSeries(64 ;53,31
;f]T==),x Service Pack 2
v SuSE SLES8 for pSeries and iSeries
v Solaris 8 M 9
v Windows 2000 Server M Advanced
Server,x Service Pack 3
v Windows 2003 Standard Server M
Enterprise Server
Policy server v Global Security Kit
V7
v IBM Tivoli Directory Client
V5.21
v Access Manager Runtime V5.1
v Access Manager Policy Server V5.1
v AIX 5.1.0 M 5.2.0
v HP-UX 11.0 M 11i
v Red Hat Enterprise Linux 3.0
v SuSE SLES8 for IA32
v SuSE SLES8 for S/390 and zSeries(31
;53),x Service Pack 2
v SuSE SLES8 for zSeries(64 ;53,31
;f]T==),x Service Pack 2
v Solaris 8 M 9
v Windows 2000 Server M Advanced
Server,x Service Pack 3
v Windows 2003 Standard Server M
Enterprise Server
Runtime v Global Security Kit
V7
v IBM Tivoli Directory Client
V5.21
v Access Manager Runtime V5.1
v AIX 4.3.3"5.1.0 M 5.2.0
v HP-UX 11.0 M 11i
v Red Hat Enterprise Linux 3.0
v SuSE SLES8 for IA32
v SuSE SLES8 for S/390 and zSeries(31
;53),x Service Pack 2
v SuSE SLES8 for zSeries(64 ;53,31
;f]T==),x Service Pack 2
v Solaris 7"8 M 9
v Windows NT 4.0,x Service Pack 6a
v Windows 2000 Server M Advanced
Server,x Service Pack 3
v Windows 2003 Standard Server M
Enterprise Server
20Ev
16 IBM Tivoli Access Manager for e-business: Web Security 208O
m 1. Tivoli Access Manager Base 53 - Xhi~M\'VD=( (x)
53`M 20i~ \'VD=(
Web Portal Manager v IBM WebSphere Application Server V5.0.2
v Access Manager Web Portal Manager V5.1
v Access Manager Java Runtime Environment
V5.1
v AIX 5.1.0 M 5.2.0
v HP-UX 11.0 M 11i
v SuSE SLES8 for IA32
v SuSE SLES8 for S/390 and zSeries(31
;53),x Service Pack 2
v SuSE SLES8 for zSeries(64 ;53,31
;f]T==),x Service Pack 2
v SuSE SLES8 for pSeries and iSeries
v Solaris 8 M 9
v Windows 2000 Server M Advanced
Server,x Service Pack 3
v Windows 2003 Standard Server M
Enterprise Server
20Ev
Z 1 B 20Ev 17
Tivoli Access Manager Web Security 53
m 2 PvzITZ2+rP20D Web Security 53`M#b)53D20i~ZT
&ZX(=(D IBM Tivoli Access Manager Web Security CD Oa),+ attribute
retrieval service }b,|;Z%@D IBM Tivoli Access Manager Attribute Retrieval Service
CD O#
":
1. XkZ?vKP Tivoli Access Manager D=(O20 IBM Tivoli Directory Client
V5.2,+TBiv}b:
v Tivoli Access Manager 53G,S= Active Directory rD\'VD Windows 5
3#
v }Z20 attribute retrieval service 53#
v Domino G"am~qw#
2. BEA * BEA WebLogic Server a)s? service pack#service pack D6pZ BEA
'VD;,Yw53"PfOITPy;,#*7(?vYw53D}7 service
pack,kN< BEA WebLogic Web >cOD BEA =(O$m#
3. g{}Z9C20r<420MdC Tivoli Access Manager 53,r IBM JRE 1.3.1
2GXhD#
m 2. Tivoli Access Manager Web Security 53 - Xhi~M\'VD=(
53`M 20i~ \'VD=(
Attribute Retrieval Service IBM WebSphere Application Server
V5.0.2v AIX 5.1.0 M 5.2.0
v HP-UX 11.0 M 11i
v SuSE SLES8 for IA32
v SuSE SLES8 for S/390 and zSeries(31
;53),x Service Pack 2
v SuSE SLES8 for zSeries(64 ;53,
31 ;f]T==),x Service Pack 2
v Solaris 8 M 9
v Windows 2000 Server M Advanced
Server,x Service Pack 3
v Windows 2003 Standard Server M
Enterprise Server
20Ev
18 IBM Tivoli Access Manager for e-business: Web Security 208O
m 2. Tivoli Access Manager Web Security 53 - Xhi~M\'VD=( (x)
53`M 20i~ \'VD=(
WebSEAL Server v Global Security Kit
V7
v IBM Tivoli Directory Client V5.21
v Access Manager Runtime V5.1
v Access Manager Web Security
Runtime V5.1
v Access Manager WebSEAL Server
V5.1
v AIX 5.1.0 M 5.2.0
v HP-UX 11.0 M 11i
v Red Hat Enterprise Linux 3.0
v SuSE SLES8 for IA32
v SuSE SLES8 for S/390 and zSeries(31
;53)
x Service Pack 2
v SuSE SLES8 for zSeries(64 ;53,
31 ;f]T==),x Service Pack 2
v Solaris 8 M 9
v Windows 2000 Server M Advanced
Server
x Service Pack 3
v Windows 2003 Standard Server M
Enterprise Server
WebSEAL development(ADK) v Global Security Kit
V7
v IBM Tivoli Directory Client V5.21
v Access Manager Runtime V5.1
v Access Manager Web Security
Runtime V5.1
v Access Manager WebSEAL Server
V5.1
v Access Manager Appl ica t ion
Development Kit V5.1
v A c c e s s M a n a g e r W e b S E A L
Application Development Kit V5.1
v AIX 5.1.0 M 5.2.0
v HP-UX 11.0 M 11i
v Red Hat Enterprise Linux 3.0
v SuSE SLES8 for IA32
v SuSE SLES8 for S/390 and zSeries(31
;53),x Service Pack 2
v SuSE SLES8 for zSeries(64 ;53,
31 ;f]T==),x Service Pack 2
v Solaris 8 M 9
v Windows 2000 Server M Advanced
Server
x Service Pack 3
v Windows 2003 Standard Server M
Enterprise Server
Tivoli Access Manager for WebLogic v BEA WebLogic Server V7(x
Service Pack 2)r V8.1
(x Service Pack 12)
v Access Manager Java Runtime
Environment V5.1
v Access Manager for WebLogic Server
v AIX 5.1.0
v Solaris 8 M 9
v HP-UX 11.0 M 11i(vTZ BEA
WebLogic Server V7.0)
v Windows 2000 Server M Advanced
Server
x Service Pack 3
20Ev
Z 1 B 20Ev 19
m 2. Tivoli Access Manager Web Security 53 - Xhi~M\'VD=( (x)
53`M 20i~ \'VD=(
Tivoli Access Manager for WebSphere v IBM WebSphere Application Server
V4.0.6"5.0.2 r 5.1,r_ IBM
WebSphere Application Server
Advanced Single Server V4.0.6
v Access Manager Java Runtime
Environment V5.1
v Access Manager for WebSphere
Application Server V5.1
v AIX 5.1.0 M 5.2.0
v HP-UX 11.0 M 11i
v SuSE SLES8 for IA32
v SuSE SLES8 for S/390 and zSeries(31
;53)
x Service Pack 2
v SuSE SLES8 for zSeries(64 ;53,
31 ;f]T==),x Service Pack 2
v Solaris 8 M 9
v Windows 2000 Server M Advanced
Server
x Service Pack 3
v Windows 2003 Standard Server M
Enterprise Server
Plug-in for Apache Web Server v x mod SSL D Apache Web Server
(Z L i n u x o n z S e r i e s O*
V 1 . 3 . 2 6 – 3 6/Z S o l a r i s O*
V1.3.27)
v Global Security Kit
V7
v IBM Tivoli Directory Client V5.2
v Access Manager Runtime V5.1
v Access Manager Web Security
Runtime V5.1
v Access Manager Plug-in for Web
Servers V5.1
v Access Manager Plug-in for Apache
Web Server
v SuSE SLES8 for S/390 and zSeries(31
;53)
x Service Pack 2
v Solaris 8 r 9
Plug-in for Edge Server v IBM WebSphere Edge Server V5.1
v Global Security Kit
V7
v IBM Tivoli Directory Client V5.2
v Access Manager Runtime V5.1
v Access Manager Web Security
Runtime V5.1
(Z Linux O}b)
v Access Manager Plug-in for Edge
Server V5.1
v AIX 5.1.0 M 5.2.0
v Solaris 8 M 9
v Red Hat Enterprise Linux 2.1
v Microsoft Windows 2000 Server M
Advanced Server
x Service Pack 3
20Ev
20 IBM Tivoli Access Manager for e-business: Web Security 208O
m 2. Tivoli Access Manager Web Security 53 - Xhi~M\'VD=( (x)
53`M 20i~ \'VD=(
Plug-in for IBM HTTP Server v IBM HTTP Server V1.3.26
v Global Security Kit
V7
v IBM Tivoli Directory Client V5.2
v Access Manager Runtime V5.1
v Access Manager Web Security
Runtime V5.1
v Access Manager Plug-in for Web
Servers V5.1
v Access Manager Plug-in for IBM
HTTP Server
v AIX 5.1.0 r 5.2.0
v SuSE SLES8 for IA32
v SuSE SLES8 for S/390 and zSeries(31
;53)
x Service Pack 2
v SuSE SLES8 for zSeries(64 ;53,
31 ;f]T==),x Service Pack 2
v Solaris 8 r 9
Plug-in for Internet Information Services v Internet Information Services V5.0 r
6.0
v Global Security Kit
V7
v IBM Tivoli Directory Client V5.2
v Access Manager Runtime V5.1
v Access Manager Web Security
Runtime V5.1
v Access Manager Plug-in for Web
Servers V5.1
v Internet Information Services V5.0(Z
Windows 2000 Server M Advanced
Server O)
x Service Pack 3
v Internet Information Services V6.0(Z
Windows 2003 Standard Server M
Enterprise Server O)
Plug-in for SUN One Web Server v Sun ONE Web Server
V6.0
v Global Security Kit
V7
v IBM Tivoli Directory Client V5.2
v Access Manager Runtime V5.1
v Access Manager Web Security
Runtime V5.1
v Access Manager Plug-in for Web
Servers V5.1
v Access Manager Plug-in for Sun
ONE Web Server
v AIX 5.1.0 M 5.2.0
v Solaris 8 r 9
20Ev
Z 1 B 20Ev 21
20=(
IT4TB==20MdC Tivoli Access Manager m~:
v :20r<;
v Z 23 3D:>z205CLr;
20r<
9C20r<4r/ Tivoli Access Manager 53D20MdC#ITKP%vLr4
20wV Tivoli Access Manager 53PD;v53#X8m~Mz79!a4J1D
3rT/20#
m 3 MZ 23 3Dm 4 PvKICZy>53`MD Base M Web Security 20r<#
Tivoli Access Manager Base 53D20r<;Z IBM Tivoli Access Manager Base CD
ODy?<B,+TBn}b:
v install_ldap_server ;Z IBM Tivoli Access Manager Directory Server CD O#
v install_amwpm ;Z IBM Tivoli Access Manager Web Administration Interfaces CD
O#
Tivoli Access Manager Web Security 53D20r<;Z IBM Tivoli Access Manager
Web Security CD ODy?<B,+TBn}b:
v install_amwebars ;Z IBM Tivoli Access Manager Attribute Retrieval Service CD
O#
":PXb)53`MPD?;vD20i~M\'V=(DPm,kNDZ 13 3D
:Tivoli Access Manager 53D`M;#
m 3. Base 53D20r<
20r< Base 53`M
install_ldap_server IBM Tivoli Directory Server
install_ammgr Policy server
install_amacld Authorization server
install_amadk Development(ADK)53
install_amjrte Java Runtime Environment 53
install_amproxy Policy proxy server
install_amrte Runtime 53
install_amwpm Web Portal Manager 53
install_ampfs1 Provisioning Fast Start1install_ampfs r<CZ20 Provisioning Fast Start 5CLr/O,C5CLr/OIozz
+ Tivoli Access Manager k Tivoli Identity Manager /IZ;p#PX|`E",kND IBM
Tivoli Access Manager for e-business IBM Tivoli Identity Manager Provisioning Fast Start Guide#
20Ev
22 IBM Tivoli Access Manager for e-business: Web Security 208O
m 4. Web Security 53D20r<
20r< Web Security 53`M
install_amwas Tivoli Access Manager for WebSphere
install_amweb WebSEAL Server
install_amwebadk WebSEAL development(ADK)53
install_amwebars Attribute Retrieval Service
install_amwls Tivoli Access Manager for WebLogic
install_amwpi_apache Plug-in for Apache Web Server
install_amwpi_ihs Plug-in for IBM HTTP Server
install_amwpi_iis Plug-in for Internet Information Services
install_amwpi_iplanet Plug-in for Sun ONE Web Server
>z205CLr
zIT9CX(Z=(D5CLr(g Solaris Operating Environment OD pkgadd)
420 Tivoli Access Manager i~#kT/r<;,,zXkTJ1D3rV$20
?vi~MNNX8m~#
g{ Access Manager Runtime i~Q20Z53O,rIT9C pdconfig 5CLr
4dC Tivoli Access Manager i~#g{420 Access Manager Runtime i~,r
Xk9CX(Zi~D5CLr,gCZdC Access Manager Java Runtime Environment
i~D pdjrtecfg MCZdC Access Manager Web Portal Manager i~D pdwpmcfg
":PXb)5CLrD|`E",kNDZ 379 3DZ 26 B, :Tivoli Access Manager
5CLr;#
20Ev
Z 1 B 20Ev 23
20}L
*4( Tivoli Access Manager \mr,kq-TBy>=h:
1. f. Tivoli Access Manager ?p#k7#zKb?p Tivoli Access Manager y@
]D5q2+hs#
2. v(zk*20D Tivoli Access Manager 53DiO#\'VD"amM policy
server 53GhCu<\mryXhD#
3. k7# Tivoli Access Manager 53zcZ 25 3DZ 2 B, :53hs;PPvD
yPm~M2~hs#
4. +"amhC*k Tivoli Access Manager ;p9C#`X8>E",kNDZ 55
3DZ 4 B, :20"am~qw;#
5. 20MdC Tivoli Access Manager policy server 53#`X8>E",kNDZ
97 3DZ 5 B, :20 policy server;#g{zF.9C HACMP m~208C
policy server,kNDZ 355 3DZ 25 B, :AIX:208C policy server;PD8
>E"#
6. 20d|`MD Tivoli Access Manager Base 53(4h*)#}g,zIT20;
vr`vTB53:
Authorization server Z 105 3
Development(ADK)53 Z 111 3
Java Runtime Environment 53 Z 117 3
Policy Proxy Server Z 123 3
Runtime 53 Z 129 3
Web Portal Manager 53 Z 135 3
7. 20 Tivoli Access Manager Web Security 53(4h*)#}g,zIT20;v
r`vTB53:
Attribute Retrieval Service Z 149 3
Plug–in for Edge Server Z 155 3
Plug–in for Web Servers Z 167 3
Tivoli Access Manager for WebLogic Z 179 3
Tivoli Access Manager for WebSphere Z 199 3
WebSEAL development(ADK)53 Z 215 3
WebSEAL server Z 223 3
":g{Q-20MdC Tivoli Access Manager i~"h*XB20|,rXkW
H!{dC"}%|#
8. (iz9C4TO$PD(CA)D$iZ\'VD"am~qwM IBM Tivoli
Directory Client .dtC SSL (E#*K,zXk(} GSKit iKeyman 5CLr
zI$iksr<k(C$i#PX9C iKeyman 5CLrD|`E",kND
IBM Global Security Kit Secure Sockets Layer and iKeyman User’s Guide#*hC
iKeyman 5CLr,kNDZ 235 3D:hC GSKit iKeyman 5CLr;PD8>
E"#
20Ev
24 IBM Tivoli Access Manager for e-business: Web Security 208O
Z 2 B 53hs
>Zhvz&CQ20DnMz76p#PXQ*Jb"V^MnBE",kND
6IBM Tivoli Access Manager for e-business "P5w7#
|,TBwZ:
v :\'VD"am;
v Z 30 3D:ELUdMZfhs;
v Z 33 3D:\'VD=((|(Xh9!);
v Z 39 3D:rBf]T;
v Z 40 3D:2~SY('V;
\'VD"am
Tivoli Access Manager 'VTBC'"am"d'VYw53MNNXhDX8m~#
IBM Tivoli Directory ServerTivoli Access Manager 'V9C IBM Tivoli Directory Server V4.1"5.1 M 5.2#
":IBM Tivoli Directory Server V5.2 f Tivoli Access Manager V5.1 ;pa)#Z
53O,1;\fZ%vf>D IBM Directory Server,"RIZ IBM Tivoli Access
Manager V5.1 9C V5.2 Directory client w* LDAP "am,yTz&Z9C V4.1
r 5.1 DivB+ IBM Tivoli Directory Server 20Z;,D53O#
\'VD=(gB:
v AIX =(:
– AIX 5.1
– AIX 5.2
":Z AIX 5.1 O,Xk20 AIX ,$| 4 r|_6p#Z AIX 5.2 O,zX
k20 AIX ,$| 1 r|_6p#
v HP-UX =(:
– HP-UX 11
– xTB9!D HP-UX 11i:
- 2001 j 12 BD GOLDBASE11i &sm~
- 2001 j 12 BD GOLDAPPS11i &sm~
- 9! PHSS_26560
v Linux on xSeries =(:
– x Service Pack 2 D UnitedLinux 1.0
– SuSE Linux Enterprise Server 8
– Red Hat Enterprise Linux 3.0
v Linux on zSeries =(:
© Copyright IBM Corp. 2001, 2003 25
– SuSE Linux Enterprise Server 8
– Red Hat Enterprise Server 3.0
v Linux on pSeries and iSeries =(:
– Red Hat Enterprise Server 3.0
– SuSE Linux Enterprise Server 8
v Solaris =(:
– Solaris Operating Environment V8 M V9 m~
– Trusted Solaris V8
v Windows =(:
– Windows 2000
– Windows 2003 Standard Server r Enterprise Server
– x Service Pack 6 r|_f>D Windows NT 4.0;Windows NT D~53
(NTFS)G2+'VyXhD#
"b:
v g{zPk*CZ Tivoli Access Manager DVP IBM Directory Server,k7#+
~qw}6=\'VD6p#PX}68>E",kND IBM Tivoli Access Manager
Upgrade Guide#
v g{zS IBM TbD)&L&qC LDAP $HfZDf>,r&CZ20 IBM
Tivoli Directory Server .0+Cf>}%#g{Z;}%d|)&LDf>DivB
"T20 IBM Tivoli Directory Server,rzzDD~{e;I\9Ov=vf>P
DNN;v^(}#$w#
IBM Tivoli Directory Server Web Administration ToolIBM Tivoli Directory Server 'V9C IBM Tivoli Directory Server Web Administration
Tool V5.2# ITZxr;x IBM Tivoli Directory Server M'zr~qwDFczO
20 Web Administration Tool#Web Administration Tool ITC4\mTB`MD LDAP
~qw:
v IBM Tivoli Directory Server V5.2
v IBM Directory Server V5.1
v IBM Directory Server V4.1
v OS/400 V5R3
v z/OS™ R4
":TZ z/OS R4,;PTBhC\ Web Administration Tool 'V:
– %v TDBM sK
– %v SDBM sK
– ;v TDBM M SDBM sK
Web Administration Tool ZTB=(OG\'VD:
v AIX =(:
– AIX 4.3.3
– AIX 5.1
– AIX 5.2
53hs
26 IBM Tivoli Access Manager for e-business: Web Security 208O
v HP-UX =(:
– HP-UX 11
– HP-UX 11i
v Linux on xSeries =(:
– UnitedLinux 1.0
– SuSE Linux Enterprise Server 7 M 8
– Red Hat Advanced Server 2.1
v Linux on zSeries =(:
– SuSE Linux Enterprise Server 8.0
v Linux on pSeries and iSeries =(:
– UnitedLinux 1.0
– SuSE Linux Enterprise Server 8.0
v Solaris =(:
– Solaris Operating Environment V7"V8 M V9 m~
– Trusted Solaris V8
v Windows =(:
– Windows 2000
– Windows XP
– Windows 2003 Standard Server r Enterprise Server
– x Service Pack 6 r|_f>D Windows NT 4.0
*9C Web Administration Tool,9h*TBwn:
v TB&CLr~qw.;:
– WebSphere Application Server — Express V5.0 r|_f>D6kf>#
– IBM WebSphere Application Server V5.0 r|_f>#IBM WebSphere Application
Server V5.0.2 f Tivoli Access Manager V5.1 ;pa)#
v 9C Web Administration Tool DFczOPTB Web /@w.;#(bITG20
K Web Administration Tool DFcz,2IT;G):
– AIX =(:Mozilla 1.3 r 1.4
– HP-UX =(:Mozilla 1.3 r 1.4
– Linux on xSeries =(: Mozilla 1.3 r 1.4
– Linux on iSeries, pSeries, and zSeries =(:;PICD/@w'V#zX
k9Cm;534CJb) Linux =(OD Web Administration Tool#
– Solaris =(:Mozilla 1.3 r 1.4
– Windows =(:Internet Explorer V6.0
IBM Security Server for OS/390Tivoli Access Manager 'V9C IBM Security Server for OS/390® V2R10#PXz7
E",kND;ZTBX7D OS/390 rXxJOb Web >c:
http://www.s390.ibm.com/os390/bkserv/
53hs
Z 2 B 20Ev 27
IBM z/OS Security Server LDAP ServerTivoli Access Manager 'V9C IBM z/OS Security Server LDAP Server V1R2 r|
_f>#PXz7E",kND;ZTBX7D z/OS rXxJOb Web >c:
http://www.ibm.com/servers/eserver/zseries/zos/bkserv/
M'9ITZ z/OS: Collection, SK3T-4269 bv CD-ROM OqCm=4vfo#
Lotus DominoWindows =(OD Tivoli Access Manager 'V+ Lotus® Domino V5.0.10 M V6.0 C
wC'"am#Domino Server ITZ Tivoli Access Manager V5.1 'VDNN=(O
KP#
"b:1 Lotus Domino Cw"am1:
v IBM Tivoli Directory Client ;GXhD#
v Z20 Access Manager Runtime i~.0Xk20 Lotus Notes® client#Tivoli Access
Manager 'V Lotus Notes Client V5.0.10 M V6.0 r|_f>#
Microsoft Active DirectoryTivoli Access Manager 'V+CZ Windows 2000 M Windows 2003 D Active Directory
CwC'"am#
Z Tivoli Access Manager D0"PfP,Active Directory 'VvZ Windows 2000
Advanced Server =(Oa)#V5.1 DB|DZZ,Active Directory C'ITZ Tivoli
Access Manager z710'VDyP Windows M UNIX =(OKP Tivoli Access
Manager(+ Windows NT }b)#
UNIX =({C IBM Tivoli Directory Client k Active Directory (E#Z policy server
rk>Xwz{Dr;,DivB,29CK LDAP M'z#
k"b,Tivoli Access Manager policy server vZ Windows 2000 M 2003 53OG
\'VD#
Netscape iPlanet M Sun ONE Directory ServerTivoli Access Manager 'V+ Netscape iPlanet Directory Server V5.1 M Sun ONE
Directory Server V5.2 CwC'"am#
PX20E",kN< iPlanet r Sun ONE Directory Server =xDz7D5#
"b:
v g{zPk*CZ Tivoli Access Manager DVP iPlanet r Sun ONE Directory
Server,k7#+~qw}6=\'VD6p#PX}68>E",kND;ZTB
Web X7D Sun D5:
http://docs.sun.com/db/prod/s1dirsrv
v iPlanet M Sun ONE Directory Server PZCD SSL &\#v1 Access Manager
Runtime i~20Z`,D53O1,EXk*+ GSKit 20=?<~qw53O#
53hs
28 IBM Tivoli Access Manager for e-business: Web Security 208O
Novell eDirectoryTivoli Access Manager 'V+ Novell eDirectory 8.6.2 M 8.7 CwC'"am#
PX20E",kN< Novell eDirectory ~qw=xDz7D5#ISTBX7q!
Novell eDirectory z7D5:
http://www.novell.com/documentation/a-z.html
b)z7DnB9!IZTBX7q!:
http://support.novell.com/filefinder/5069/index.html
"b:
v g{zPk*CZ Tivoli Access Manager DVP Novell eDirectory ~qw,k7#
+~qw}6=\'VD6p#
v Novell eDirectory ~qwPZCD SSL &\#v1 Access Manager Runtime i~
20Z`,D53O1,EXk*+ GSKit 20=?<~qw53O#
53hs
Z 2 B 20Ev 29
ELUdMZfhs
Tivoli Access Manager ~xFMbI\h*s?ELUd#z&7#*20b)D~D
D~53PPc;DELUd#fE?v Tivoli Access Manager i~r53mS=2
+r,rKh*=SDELUd#k7#Pc;ICDELUd4JmTs20 Tivoli
Access Manager m~#
>Z|,TBZ]:
v Z 31 3D:Tivoli Access Manager Base i~;
v Z 32 3D:Tivoli Access Manager Web Security i~;
":b)mvTZ Tivoli Access Manager i~PvELUdMZfhs#kG!,z
9Xk<G=ShsrX,gYw53r Web ~qw@c(g{*20e~)#
53hs
30 IBM Tivoli Access Manager for e-business: Web Security 208O
Tivoli Access Manager Base i~
m 5. Base i~ - ELUdMZfhs
i~ nMEL
Ud
(MB)
(iELU
d(MB)
CZ ACL}]bDE
LUd
(MB)
*U>D~
mSELU
d(MB)
nMZf
(MB)
(iZf
(MB)
?v=Sr
DZf
A c c e s s M a n a g e r
A p p l i c a t i o n
Development Kit
3 5 — — — — —
A c c e s s M a n a g e r
Authorization Server2 4 15 2 5 30 40 —
Access Manager Java
Runtime Environment8 10 — — — — —
A c c e s s M a n a g e r
Policy Proxy Server1 2 — 40 —
A c c e s s M a n a g e r
Policy Server2 4 5 1, 2 10 1 30 40 5 2
A c c e s s M a n a g e r
Runtime36 40 — — — — —
Access Manager Web
Portal Manager1 2 — — 35 3 70 4 —
Global Security Kit 18 20 — — — — —
IBM Tivoli Directory
Client46 50 — — 6 6
IBM Tivoli Directory
Server(|,X8m
~)
145 7 245 7 — 10 256 5 512—1GB 5 —
I B M W e b S p h e r e
Application Server
V5.0.2
552 552 — — 256 512 —
":
1 Cs!vTZ1!r#TZ?v=Sr,4K}?vS(iDELUd#
2 C5yZTP 10,000 vTsD ACL }]bDsBhs,b)Ts=yV<Z 10 vTsUdP,"P< 30 v ACL
=SZ 10% DTsO#}K policy server OTb,Cs!yvAd 3 6TCZ8]1>M4FZd4(D=S1>#
3 b;CZ WPM DnM5zmT?vQ,SD/@wDZfhs#
4 b;CZ WPM D(i5zm=vQ,SD/@w#
5 256 MB(nM)M 512 MB - 1 GB((i)ZfCZ;YrTBD Tivoli Access Manager C'#TZ;YrT
ODC',k+K}?vSA 512 MB(nM)M 1 GB - 2 GB((i)Zf#
6 IBM Tivoli Directory Client DZfhsG9C|D~qwDZfhsD;?V#
7 IBM Tivoli Directory Server @c|,U}]b#T?v Tivoli Access Manager C'rmS=SD 10 KB#
53hs
Z 2 B 20Ev 31
Tivoli Access Manager Web Security i~
m 6. Web Security i~ - ELUdMZfhs
i~ nMELUd
(MB)
(iELUd
(MB)
CZ ACL }
]bDELU
d(MB)
*U>D~m
SELUd
(MB)
nMZf
(MB)
(iZf
(MB)
?v=SrD
Zf
A c c e s s M a n a g e r
WebSEAL20 25 15 1 200 2 80 250 3 —
A c c e s s M a n a g e r
WebSEAL Application
Development Kit
3 5 — — — — —
Access Manager for
WebLogic Server2 4 — 5 64 128 —
Access Manager for
WebSphere2 4 — 5 64 128 —
A c c e s s M a n a g e r
Plug-in for IBM HTTP
Server
15 25 15 1 10 60 120 —
A c c e s s M a n a g e r
Plug-in for Apache
Web Server
15 25 15 1 10 60 120 —
A c c e s s M a n a g e r
Plug-in for Sun ONE
Web Server
15 25 15 1 10 70 140 —
A c c e s s M a n a g e r
Plug-in for Internet
Information Services
15 25 15 1 10 165 225 —
A c c e s s M a n a g e r
Attr ibute Retr ieval
Service
6 10 — — 10 14 —
A c c e s s M a n a g e r
Plug-in for Edge Server15 25 15 1 10 15 30 —
":1 C5yZTP 10,000 vTsD ACL }]bDsBhs,b)Ts=yV<Z 10 vTsUdP,"P< 30 v ACL =SZ 10%
DTsO#}K policy server OTb,Cs!yvAd 3 6TCZ8]1>M4FZd4(D=S1>#2
b|(CZ www(Web ~qwCJ)U>DUd#3 |,CZns1!_Y:fv$DZf#g{vSK_Y:fN},rvSK}?#
53hs
32 IBM Tivoli Access Manager for e-business: Web Security 208O
\'VD=((|(Xh9!)
m 7 PvCZ\'VYw53DXhD9!r~q6p#
":SuSE Linux GDvOwoi+>.;,dz7yyZ UnitedLinux 1.0;d|+>
* SCO Group"Turbolinux M Conectiva#1 SuSe Linux Enterprise Server(SLES)
Pw\'VDz71,r5>d|Owoi+>DyZ UnitedLinux 1.0 'VDz
72,y\'V#PX|`E",kN<;ZTBX7D UnitedLinux Web >c:
http://www.unitedlinux.com
m 7. m 1. \'VDYw53=(yXhD9!
Yw53=( Tivoli Access Manager 5.1 'VD5
3
XhD9!r~q6p
AIX 4.3.3
v Development(ADK)
v Java runtime environment
v Runtime
nB9!T0TBn:
v bos.rte.libpthreads,6p 4.3.3.51
r|_6p
v xlC.rte (6.0.0.0 C Set ++ Runtime)
v xlC.aix43.rte (6.0.0.3 C Set ++
Runtime)
AIX 5.1
v Attribute Retrieval Service
v Authorization Server
v Development(ADK)
v Java runtime environment
v Plug-in for Edge Server V5.1
v Plug-in for IBM HTTP Server V1.3.26
v Plug-in for Sun ONE Web Server V6.0
v Policy server
v Policy proxy server
v Runtime
v Tivoli Access Manager for WebLogic
v Tivoli Access Manager for WebSphere
v Web Portal Manager
v WebSEAL Server
v WebSEAL development(ADK)
,$| 4 r|_6pT0TBn:
v xlC.rte(6.0.0.0 C Set ++ Runtime)
v xlC.aix50.rte(6.0.0.3 r|_f>D
C Set ++ Runtime)
53hs
Z 2 B 20Ev 33
m 7. m 1. \'VDYw53=(yXhD9! (x)
Yw53=( Tivoli Access Manager 5.1 'VD5
3
XhD9!r~q6p
AIX 5.2
v Attribute Retrieval Service
v Authorization Server
v Development(ADK)
v Java runtime environment
v Plug-in for Edge Server V5.1
v Plug-in for IBM HTTP Server V1.3.26
v Plug-in for Sun ONE Web Server V6.0
v Policy server
v Policy proxy server
v Runtime
v Tivoli Access Manager for WebSphere
v Web Portal Manager
v WebSEAL Server
v WebSEAL development(ADK)
,$| 1 r|_6pD
AIX 5200-01 ,$|T0TBn:
v xlC.rte(6.0.0.0 C Set ++ Runtime)
v xlC.aix50.rte(6.0.0.3 C Set ++
Runtime)
v 5.2.0.12 6pD bos.rte.libc
HP-UX 11.0
v Attribute Retrieval Service
v Authorization Server
v Development(ADK)
v Java runtime environment
v Policy server
v Policy proxy server
v Runtime
v Tivoli Access Manager for WebLogic
(v^Z BEA WebLogic Server
V7.0)
v Web Portal Manager
v WebSEAL Server
v WebSEAL development(ADK)
v XSWGR-1100
v PHKL_25475
v PHSS_26945 r|_f>
v PHSS_25091
v vTZX(oT:
– Uo:PHSS_26972
– +zo:PHSS_26974
– rePD: PHSS_26976
– 1ePD:PHSS_24937
53hs
34 IBM Tivoli Access Manager for e-business: Web Security 208O
m 7. m 1. \'VDYw53=(yXhD9! (x)
Yw53=( Tivoli Access Manager 5.1 'VD5
3
XhD9!r~q6p
HP-UX 11i
v Attribute Retrieval Service
v Authorization Server
v Development(ADK)
v Java runtime environment
v Policy server
v Policy proxy server
v Runtime
v Tivoli Access Manager for WebLogic
(v^Z BEA WebLogic Server
V7.0)
v Tivoli Access Manager for WebSphere
v Web Portal Manager
v WebSEAL Server
v WebSEAL development(ADK)
v PHCO_24400
v PHCO_24402
v PHSS_25092
v PHSS_26946
v vTZX(oT:
– Uo:PHSS_26971
– +zo:PHSS_26973
– rePD:PHSS_24975
– 1ePD:PHSS_26977
Red Hat Enterprise Linux 2.1
v Plug-in for Edge Server V5.1 v1z*20 GSKit iKeyman 5CLr
(gsk7ikm)1,TB9!EGXh
D:
pdksh-5.2.14-13.i386.rpm
Red Hat Enterprise Linux 3.0
v Authorization Server
v Development(ADK)
v Java runtime environment
v Policy server
v Policy proxy server
v Runtime
v WebSEAL Server
v WebSEAL development(ADK)
^
SuSE SLES8 for IA32
v Attribute Retrieval Service
v Authorization Server
v Development(ADK)
v Java runtime environment
v Plug-in for IBM HTTP Server V1.3.26
v Policy server
v Policy proxy server
v Runtime
v Tivoli Access Manager for WebSphere
v Web Portal Manager
v WebSEAL Server
v WebSEAL development(ADK)
libstdc++-3.2.2-5
53hs
Z 2 B 20Ev 35
m 7. m 1. \'VDYw53=(yXhD9! (x)
Yw53=( Tivoli Access Manager 5.1 'VD5
3
XhD9!r~q6p
v S u S E S L E S 8 f o r S / 3 9 0 a n d
zSeries(31 ;53)
v SuSE SLES8 for zSeries(64 ;53)
v Attribute Retrieval Service
v Authorization Server
v Development(ADK)
v Java runtime environment
v Plug-in for Apache Web Server
V1.3.26–36,x mod SSL(v^Z 31
;)
v Plug-in for IBM HTTP Server V1.3.26
v Policy server
v Policy proxy server
v Runtime
v Tivoli Access Manager for WebSphere
v Web Portal Manager
v WebSEAL Server
v WebSEAL development(ADK)
\'VDZK6p:
v 31 ;: k_deflt-2.4.19-32
v 64 ;ZK: k_deflt-2.4.19-34
Service Pack 2 |B:
v 31 ;ZK:
– k_deflt-2.4.19-79
v 64 ;ZK:
– k_deflt-2.4.19-80
SuSE SLES8 for pSeries and iSeries
v Development(ADK)
v Java runtime environment
v Runtime
v Web Portal Manager
\'VDZK6p:
v kernel-iseries64-2.4.19-104
v kernel-ppc64-2.4.19-108
Service Pack 1 |B:
v kernel-iseries64-2.4.19-194
v kernel-ppc64-2.4.19-186
Solaris Operating Environment 7
v Development(ADK)
v Java runtime environment
v Runtime
32 ;m~|:
v 106327-18
v 106541–24
v 106950-22
v 106980–22
v 107544–03
64 ;m~|:
v 106300-19
v 106327-18
v 106541–24
v 107544–03
v 106950-22
v 106980–22
53hs
36 IBM Tivoli Access Manager for e-business: Web Security 208O
m 7. m 1. \'VDYw53=(yXhD9! (x)
Yw53=( Tivoli Access Manager 5.1 'VD5
3
XhD9!r~q6p
Solaris Operating Environment 8
v Attribute Retrieval Service
v Authorization Server
v Development
v Java runtime environment
v Plug-in for Apache Web Server
V1.3.27,x mod SSL
v Plug-in for Edge Server V5.1
v Plug-in for IBM HTTP Server V1.3.26
v Plug-in for Sun ONE Web Server V6.0
v Policy server
v Policy proxy server
v Runtime
v Tivoli Access Manager for WebLogic
v Tivoli Access Manager for WebSphere
v Web Portal Manager
v WebSEAL Server
v WebSEAL development(ADK)
32 ;m~|:
v 109147-15
v 108434-05
v 108528–24
v 108827–40
v 111327–02
v SUNWuiu8
v SUNWjiu8
64 ;m~|:
v 109147-15
v 108434–05
v 108435–06
v 108528–24
v 108827–40
v 111327–02
v SUNWuiu8
v SUNWjiu8
Solaris Operating Environment 9
v Attribute Retrieval Service
v Authorization Server
v Development(ADK)
v Java runtime environment
v Plug-in for Apache Web Server
V1.3.27,x mod SSL
v Plug-in for Edge Server V5.1
v Plug-in for IBM HTTP Server V1.3.26
v Plug-in for Sun ONE Web Server V6.0
v Policy server
v Policy proxy server
v Runtime
v Tivoli Access Manager for WebLogic
v Tivoli Access Manager for WebSphere
(v^Z V5.0.2)
v Web Portal Manager
v WebSEAL Server
v WebSEAL development(ADK)
11711–06
Windows NT 4.0
v Development(ADK)
v Java runtime environment
v Runtime
Service Pack 6a
53hs
Z 2 B 20Ev 37
m 7. m 1. \'VDYw53=(yXhD9! (x)
Yw53=( Tivoli Access Manager 5.1 'VD5
3
XhD9!r~q6p
Windows XP M 2000 Pro
v Development(ADK)
v Java runtime environment
v Runtime
^
Windows 2000 Server M Advanced
Server
v Attribute Retrieval Service
v Authorization Server
v Development(ADK)
v Java runtime environment
v Plug-in for Edge Server V5.1
v Plug-in for Internet Information Services
V5.0
v Policy server
v Policy proxy server
v Runtime
v Tivoli Access Manager for WebLogic
v Tivoli Access Manager for WebSphere
v Web Portal Manager
v WebSEAL Server
v WebSEAL development(ADK)
Service Pack 3
Windows 2003 Standard Server M
Enterprise Server
v Attribute Retrieval Service
v Authorization Server
v Development(ADK)
v Java runtime environment
v Plug-in for Internet Information Services
V6.0
v Policy server
v Policy proxy server
v Runtime
v Windows 2003 Enterprise Server OD
Tivoli Access Manager for WebSphere
(v^Z V5.0.2)
v Web Portal Manager
v WebSEAL Server
v WebSEAL development(ADK)
?0P^X(9!#
53hs
38 IBM Tivoli Access Manager for e-business: Web Security 208O
rBf]T
TB Tivoli Access Manager i~ITk V5.1 policy server r authorization server (
E:
v Access Manager Runtime V3.8"3.9"4.1 M 5.1
v Access Manager Java Runtime Environment V3.9"4.1 M 5.1
":
1. IZ~qw9C runtime xP(E,rK~qwIrBf]#
2. %v53ODyPi~Xk*,;f>#
3. 19C Active Directory r Lotus Domino w*C'"am1,yP Tivoli Access
Manager i~Xk&Z V5.1 6p#
Tivoli Access Manager V5.1 y'VDT Tivoli Access Manager V3.9 M 4.1 &CL
rD~xFrBf]TgB:
v Access Manager Runtime V5.1 'VyP=((Solaris }b)OT Tivoli Access
Manager V4.1 M 3.9 ADK `kD&CLr#
v Access Manager Runtime V5.1 for Solaris v'VT Tivoli Access Manager V4.1 ADK
`kD&CLr#
53hs
Z 2 B 20Ev 39
2~SY('V
m 8 PvX(Z=(D2~SY(,b)SY(Qi$*Ik Tivoli Access Manager
WebSEAL V5.1 ;pI&KP#
m 8. 2~SY('V
Yw53 \'VD2~SY(
AIX 5.1 v nCipher nForce 300 RSA BSAFE V5.32
v nCipher nForce 300 PKCS#11 V5.32
v IBM 4758–023 PKCS#11 V2.41
v Eracom Orange PKCS#11 V2.11
v IBM 4960 PKCS#11 V5.1.0.25
AIX 5.2 v IBM 4758–023 PKCS#11 V2.41
v Eracom Orange PKCS#11 V2.11
v IBM 4960 PKCS#11 V5.1.0.25
HP-UX 11 Rainbow Crypto Swift RSA BSAFE V3.2.0
HP-UX 11i ;'V
Red Hat Enterprise Linux 3.0 v Eracom Orange PKCS#1 V2.11
SuSE SLES8 for IA32 v Eracom Orange PKCS#11 V2.11
SuSE SLES8 for zSeries(31 ;>z
T0 64 ;>zPD 31 ;9u=
=)M SuSE SLES8 for S/390(31
;>z)
v PCICA - zSeries &\?~zk 0862
v PCICC - zSeries &\?~zk 0861 M S/390 &\?
~zk 0860
Solaris 8 v Rainbow Crypto Swift RSA BSAFE V3.2.0
v nCipher nForce 300 RSA BSAFE V8.0
v nCipher nForce 300 PKCS#11 V8.0
v Eracom Orange PKCS#11 V2.11
Solaris 9 v nCipher nForce 300 RSA BSAFE
v nCipher nForce 300 PKCS#11 V2.10
Windows 2000 Server M Advanced
Serverv Rainbow Crypto Swift RSA BSAFE V3.2.0
v nCipher nForce 300 RSA BSAFE V8.0
v nCipher nForce 300 PKCS#11 V8.0
v IBM 4758–023 PKCS#11 V2.41
v Eracom Orange PKCS#11 V2.11
Windows 2003 Standard Server M
Enterprise Server
;'V
(}9C(=xD8>E",ZKP WebSEAL DzwO20J1D)&LDh8}/
Lr#Z9C BSAFE (DivB,;h*=SD WebSeal dC# GSKit T/lb(#
rK,NN9C GSKit D Tivoli Access Manager i~(g WebSEAL)aT/9CS
Y#Z9C PKCS#11 (DivB,Xk(}9C WebSEAL dCD~PD PKCS#11
18n4tC WebSEAL T9C PKCS#11#
53hs
40 IBM Tivoli Access Manager for e-business: Web Security 208O
Z 3 B zJ/
>Bhv Tivoli Access Manager 2+rDzJ/&\?~#>Z|,TBwb:
v Z 42 3D:oT'VEv;
v Z 43 3D:20oT'V|;
v Z 45 3D:20 IBM Tivoli Directory Server oT|;
v Z 47 3D:6XoT'V|;
v Z 48 3D:oT73d?;
v Z 50 3D:{"`?;
v Z 51 3D:D>`k(zk/)'V;
"bBn
k7#zi46IBM Tivoli Access Manager for e-business "P5w7PDzJ/
BZTKbX(ZoTDV^r^F#
© Copyright IBM Corp. 2001, 2003 41
oT'VEv
Tivoli Access Manager m~-k*TBoT:
v MwOQ@o
v ]Ko
v rePD
v 1ePD
v (o
v Bo
v Y@{o
v bs{o
v Uo
v +zo
v (<o
v w`@o
v mo
Z?vz7D IBM Tivoli Access Manager Language Support CD Oa)Kb)oTD
-kw*oT'V|#*q! Tivoli Access Manager DoT'V,zXk20Cz7
DoT'V|#
kG!,g{z9C20r<420 Tivoli Access Manager,rXkZ20 Tivoli Access
Manager .020oT|,TczITC>XoT4i4dC{"#TZ>z205C
Lr,kZ20 Tivoli Access Manager i~.s+ZTdxPdC.020oT|#
g{z;20oT'V|,`X*Dz7+T"oT>yPD>#
":?VoT<GI%@20Dz7203q#
g{20K3z7DoT'V,xzV}6KCz7,rXk220`&DoT'V
z7(g{fZD0)#kN<X(z7D}6D5T7(Gqh*oT'V#g{z
Z}6s420oT'V,`X*Dz7I\T"oT>3)VNM{"#
zJ/
42 IBM Tivoli Access Manager for e-business: Web Security 208O
20oT'V|
*20 Tivoli Access Manager DoT'V|,kq-TBb)=h:
1. T root r\m1C'm]G<#
2. 20T&ZX(Yw53D IBM JRE 1.3.1#PX8>E",kNDTB.;:
v Z AIX 53O,kNDZ 241 3#
v Z HP-UX 53O,kNDZ 241 3#
v Z Linux 53O,kNDZ 242 3#
v Z Solaris 53O,kNDZ 243 3#
v Z Windows 53O,kNDZ 243 3#
3. ekr20 IBM Tivoli Access Manager Language Support CD "P;= CD yZ
Dy?<#
":Z HP-UX O,9C pfs_mountd |n20 CD#
4. y]zk*20D Tivoli Access Manager z7,KP;vr`vTB20E>#
"bBn
v T UNIX 539CE>;T Windows 539Cz&mD~(.bat )9
{)#
v g{zZ;8( jre_path DivB"vE>,rXk7#C Java I4PD
~G PATH odD;?V#qr,(}gB8( jre_path 4"vE>:
package jre_path
}g,*20 Tivoli Access Manager Base DoT|,kdkTBZ]:
install_pdrte_lp /usr/bin
dP /usr/bin G JRE D76#
oT|gB:
install_pdrte_lp 8(20 Tivoli Access Manager Base DoT|#
install_pdjrte_lp 8(20 Tivoli Access Manager Java runtime
environment DoT|#
install_pdwas_lp 8(20 WebSphere Application Server DoT|#
install_pdwbpi_lp 8(20 Tivoli Access Manager Plug-in for Web
Servers DoT|#
install_pdwpm_lp 8(20 Tivoli Access Manager Web Portal
Manager DoT|#
install_pdwls_lp 8(20 Tivoli Access Manager for WebLogic
Server DoT|#
install_pdwsl_lp 8(20 Tivoli Access Manager Plug-in for Edge
Server DoT|#
zJ/
Z 3 B zJ/ 43
install_pdweb_lp 8(20 Tivoli Access Manager WebSEAL Do
T|#
install_wbrte_lp 8(20 Tivoli Access Manager Web Security
Runtime DoT|#
5. %wB;=T*<20#+T>0m~mI$-i1T0r#
6. *S\mI$-i,k!qRS\CmI$-iPDun"fs%wB;=#+T
>;vT0r,dPT>KoT|Pm#
7. !qk*20DoT|"%wB;=#+T>;vT0r,dPT>Kzy!oT
|D;CM&\?~#
8. *S\zy!DoT|,k%wB;=#zy!DoT|Q20#
9. Z Tivoli Access Manager oT|D20QI&jIs,k%wjITXUr<"X
Bt/zD53#
zJ/
44 IBM Tivoli Access Manager for e-business: Web Security 208O
20 IBM Tivoli Directory Server oT|
}K20 Tivoli Access Manager m~DoT|Tb,z9Xk20 IBM Tivoli Directory
DoT|#ZT&Z'V=(D IBM Tivoli Access Manager Language Support CD O
a)Kb)oT|#
1. *20X8oT|,k4PTBYw.;:
v Z AIX 53O,4PTBYw:
a. ek IBM Tivoli Access Manager Language Support for AIX CD "20|#
b. 20TBm~|:
installp –c –a –g –X –d cd_mount_point/usr/sys/inst.images packages
dP cd_mount_point/usr/sys/inst.images G20 CD D?<,packages g
B:
ldap.html.lang
8( IBM Tivoli Directory D5#
ldap.msg.lang
8( IBM Tivoli Directory {"#
x lang GoTD~u4#
}g,*Tbs{o20 IBM Tivoli Directory D5,kdkTBZ]:
installp -cagXd cd_mount_point/usr/sys/inst.images ldap.html.it_IT
dP cd_mount_point/usr/sys/inst.images G20C CD D?<#
v Z Linux on xSeries M Linux on zSeries 53O,k4PTBYw:
a. ek IBM Tivoli Access Manager Language Support for Linux on xSeries r
Linux on zSeries CD "20|#
":Linux on zSeries C':zXkWHS CD q!T Linux rpm D~DC
J#
b. P;A /mnt/cdrom/series ?<,dP /mnt/cdrom G CD D20cx series
8( xSeries r zSeries#
c. 20TBm~|:
rpm -ihv packages
dP packages gB:
Linux on xSeries Linux on zSeries
ldap-html-lang-5.2-1.s390.rpm ldap-html-lang-5.2-1.i386.rpm
ldap-html-lang-5.2-1.s390.rpm ldap-html-lang-5.2-1.i386.rpm
x lang GoTD~u4#
v Z Solaris 53O,k4PTBYw:
a. ek IBM Tivoli Access Manager Language Support for Solaris CD#
b. 20TBm~|(;N;v):
pkgadd -d /cdrom/cdrom0/solaris -a/cdrom/cdrom0/solaris/pddefault packages
zJ/
Z 3 B zJ/ 45
dP;Z /solaris ?<PD packages 8(TBZ]:
IBMldilang 8( IBM Tivoli Directory D5#
IBMldmlang 8( IBM Tivoli Directory {"#
x lang GoTD~u4#
}g,*TUo20 IBM Tivoli Directory {",kdkTBZ]:
pkgadd -d /cdrom/cdrom0/solaris -a /cdrom/cdrom0/solaris/pddefault IBMldmJa
d P - d / c d r o m / c d r o m 0 / s o l a r i s 8 ( m ~ | D ; C x - a
/cdrom/cdrom0/solaris/pddefault 8(20\mE>D;C#
zJ/
46 IBM Tivoli Access Manager for e-business: Web Security 208O
6XoT'V|
*6XoT'V|,kq-TBb)=h:
1. P;ATB?<.;:
v Z UNIX 53O:
/opt/location
v Z Windows 53O:
C:\Program Files\location
dP location gB:
PDBLP/Lp_uninst 8( Tivoli Access Manager Base DoT|D;
C#
PDJrtLP/lp_uninst 8( Tivoli Access Manager Java runtime
environment DoT|D;C#
PDWasLP/lp_uninst 8( WebSphere Application Server DoT|D;
C#
PDWpiLP/lp_uninst 8( Tivoli Access Manager Plug-in for Web Server
DoT|D;C#
PDWpmLP/lp_uninst 8( Tivoli Access Manager Web Portal Manager
DoT|D;C#
PDWlsLP/lp_uninst 8( Tivoli Access Manager for WebLogic Server
DoT|D;C#
PDWslLP/lp_uninst 8( Tivoli Access Manager for Plug-in for Edge
Server DoT|D;C#
PDWebLP/lp_uninst 8( Tivoli Access Manager WebSEAL DoT|
D;C#
PDWebLP/lp_uninst 8( Tivoli Access Manager Web Security Runtime
DoT|D;C#
2. *6XoT'V|,kdkTB|n.;:
v Z UNIX 53O:
jre_path/java -jar package
v Z Windows 53O:
jre_path\java -jar package
dP jre_path G Java I4PD~yZD76,x package GTB.;:
":g{ Java I4PD~ZC76P,zM;X8( jre_path#
pdrte_lp_uninstall.jar 8( Tivoli Access Manager Base DoT|#
pdjrte_lp_uninstall.jar 8( Tivoli Access Manager Java runtime
environment DoT|#
pdwas_lp_uninstall.jar 8( WebSphere Application Server DoT|#
pdwpi_lp_uninstall.jar 8( Plug-in for Web Servers DoT|#
zJ/
Z 3 B zJ/ 47
pdwpm_lp_uninstall.jar 8( Tivoli Access Manager Web Portal Manager
DoT|#
pdwls_lp_uninstall.jar 8( Tivoli Access Manager for WebLogic Server
DoT|#
pdweb_lp_uninstall.jar 8( Tivoli Access Manager WebSEAL Server D
oT|#
pdwpm_lp_uninstall.jar 8( Tivoli Access Manager Web Security Runtime
DoT|#
oT73d?
TZnBYw53,<G(}8(Z{DoT734q!>X/DP*#TZ Tivoli
Access Manager m~,4U POSIX"X/Open rd|*E=53j<D8(+ LANG73d?hC*yZ{DoT73{F#
":g{zZ Windows 73P,r9IT!qCXFfeDxrhC4^DoThC#
g{z8( LANG 73d?"^DxrhC,r LANG 73d?+2GKxrhC#
y]*E=53j<D8(,d|73d?a2G3)r+?oT73`pD LANG#
b)d?|(:
v LC_CTYPE
v LC_TIME
v LC_NUMERIC
v LC_MONETARY
v LC_COLLATE
v LC_MESSAGES
v LC_ALL
g{hCKNN;vOvd?,rzXk}%dhCT9 LANG d?_Pj+'{#
UNIX 53OD LANG d?
s`} UNIX 539C LANG d?8(Z{DoT73#;x,;,D UNIX Yw
53h*;,DoT73{F48(`,DoT#k7#9Cz}Z9CD UNIX Yw
53y'VD LANG 5#
*q! UNIX 53DoT73{F,kdkTBZ]:
locale –a
zJ/
48 IBM Tivoli Access Manager for e-business: Web Security 208O
Windows 53OD LANG d?
s`}Yw53;9C LANG 73d?#+ Tivoli Access Manager m~IT9C
LANG 47(Z{DoT#*K,y];xzk/s:D ISO oTrXrzkx+
LANG hC*f6oT73{F#}g:
v fr Gj<(oDoT73
v ja GUoDoT73
v pt_BR GMwOQ@oDoT73
v C G C oT73PD"ooT73
Z Windows 53O,g{4hC LANG,r Access Manager Runtime D20+*
LANG hCTBd?:
case ISLANG_CZECH : lang = "CSCZ1250";case ISLANG_FRENCH_STANDARD: lang = "FrFr1252";case ISLANG_GERMAN : lang = "DeDe1252";case ISLANG_SPANISH : lang = "ESES1252";case ISLANG_ITALIAN : lang = "ITIT1252";case ISLANG_PORTUGUESE_BRAZILIAN : lang = "PTBR1252";case ISLANG_POLISH : lang = "PLPL1250";case ISLANG_CHINESE_TAIWAN : lang = "ZHTW950";case ISLANG_CHINESE_PRC : lang = "ZHCN936";case ISLANG_JAPANESE : lang = "JaJp932";case ISLANG_KOREAN : lang = "KoKr949";case ISLANG_RUSSIAN : lang = "RuRu1251" ;case ISLANG_HUNGARIAN : lang = "HuHu1250";default : lang = "enus1252";
9CoT73de
d; Tivoli Access Manager m~10*?VoT;a);V-kf>,+zIT9C
W!DoT73deR Tivoli Access Manager aiR`&DoT-k#}g,Tivoli
Access Manager *(oa);V-k,+TB?voT73hCaiR`&D-k:
v fr Gj<(oDoT73{F
v fr_FR G(z(oDoT73{F
v fr_CA GSCs(oDoT73{F
v fr_CH Gp?(oDoT73{F
zJ/
Z 3 B zJ/ 49
{"`?
{"`?(#20Z msg S?<P,Rb){"`?PD?;vygB20ZX(Zo
TDS?<P:
v Z UNIX 53O:
/opt/PolicyDirector/nls/msg/locale
v Z Windows 53O:
install_dir/nls/msg/locale
Tivoli Access Manager 6p UNIX oT73{FPDde,R(#IT+8(D53
d=J1D{"`?#
9C NLSPATH d?4U*E=53j<D8(4iR`&D{"`??<#}g,
g{{"`?;Z /opt/PolicyDirector/nls/msg P,r+ NLSPATH hC*TBN
=:
/opt/PolicyDirector/nls/msg/%L/%N.cat:/opt/PolicyDirector/nls/msg/%L/%N
":TZ Windows,9CVE(;)fz(:)w*Vt{#
%L 18n)9=k10C'oT!qn|F%dD{"`??<,x %N.cat r)9
=Z{D{"`?#
g{TZ{DoT;PR={"`?,r9C"o C {"`?#
}g,YhzgB8( AIX oT73*p?Bo:
LANG=De_CH.IBM-850
%L 18n+4TB3r)9,TR=8(DoT73:
1. de_CH
2. de
3. C
r* Tivoli Access Manager 4a)p?BooT|,yTR;= de_CH#g{20K
Tivoli Access Manager BooT|,+9C de#qr,+9C1!oT73 C,9D
>yT"oT>#
zJ/
50 IBM Tivoli Access Manager for e-business: Web Security 208O
D>`k(zk/)'V
;,DYw53(#T;,==TD>`k#}g,Windows 53TUoD>9C SJIS(zk3 932),x UNIX 53(#9C eucJP#
Kb,T,;oTITa)`voT73T9,;zwOT,;oTIT9C;,z
k/#1D>Z;,53.drZ;,oT73.dF/1,bMa<BJb#
Tivoli Access Manager (}9C Unicode M UTF-8(Unicode D`VZN=)w*D
>DZ?f6m>N=4bvb)Jb#
+9C UTF-8 T{"`?`k,;s+D>*;I>X`k,Y9VxC'#9Cb
V = = , ` , D ( o { " ` ? D ~ I C 4 ' V w V L a t i n 1 z k / , g
ISO8859-1"Microsoft 1252"IBM PC 850 M IBM MVS™
1047#
UTF-8 9C45VD>%Yw#}g,(CTskszmLre5a9(CORBA)V{
.Iw* UTF-8 xP+d#b+'Vl9xg(dP>XD>`kI\;,)PD6
L\m#}g,ITS UNIX Uo EUC oT73P4PD@fTUo PC KcOD
UoD~{xPYw#
(}Z Tivoli Ts}]bP+V{.f"* UTF-8 9IT5Vg2+rDD>%Yw#
V{.+*;I>X`kT)Z;,Yw53zk/O4PD&CLri4MYw#
zk/D~D;C
g2+rD%YwT!vZzk/D~,xzk/D~CZ4P UTF-8 *;Md|`
MDX(Z`kDD>&m#b)D~20ZTB?<P:
v Z UNIX 53O:
/opt/PolicyDirector/nls/msg/locale
v Z Windows 53O:
install_dir/nls/msg/locale
zJ/
Z 3 B zJ/ 51
zJ/
52 IBM Tivoli Access Manager for e-business: Web Security 208O
Z 2 ?V Base 5320
Z 4 B 20"am~qw . . . . . . . . . 5520 IBM Tivoli Directory Server . . . . . . . 56
200*s . . . . . . . . . . . . . 569C20r<20 . . . . . . . . . . . 589C>z5CLr20 . . . . . . . . . . 59
AIX:20 IBM Tivoli Directory Server . . . 59HP-UX:20 IBM Tivoli Directory Server . . 61Linux:20 IBM Tivoli Directory Server. . . 62Solaris:20 IBM Tivoli Directory Server . . 64Windows:20 IBM Tivoli Directory Server . 66dC IBM Tivoli Directory Server . . . . . 69* Tivoli Access Manager dC IBM TivoliDirectory Server . . . . . . . . . . . 71
20 IBM z/OS Security Server M IBM OS/390Security Server . . . . . . . . . . . . . 77
|B#=D~ . . . . . . . . . . . . . 77mSs: . . . . . . . . . . . . . . 77dC Tivoli Access Manager for LDAP . . . . 79>zO$C'\m . . . . . . . . . . . 79
20 Lotus Domino . . . . . . . . . . . . 81* Domino 4( Tivoli Access Manager \mC' 81Z Domino Server O20 Lotus Notes M'z . . 82
20 Microsoft Active Directory . . . . . . . . 84Active Directory "bBn . . . . . . . . . 844( Active Directory r . . . . . . . . . 84,S Active Directory r . . . . . . . . . 854( Active Directory \mC' . . . . . . . 88Active Directory 4F . . . . . . . . . . 88
20 Novell eDirectory . . . . . . . . . . . 909C Novell eDirectory 1 . . . . . . . . . 90
20 Sun ONE Directory Server . . . . . . . . 92
Z 5 B 20 policy server . . . . . . . . 979C20r<20 . . . . . . . . . . . . 979C>z5CLr20 . . . . . . . . . . . 98
AIX:20 policy server . . . . . . . . . 98HP-UX:20 policy server . . . . . . . . 99Linux:20 policy server . . . . . . . . 100Solaris:20 policy server . . . . . . . . 102Windows:20 policy server . . . . . . . 103
Z 6 B 20 authorization server . . . . . 1059C20r<20 . . . . . . . . . . . . 1059C>z5CLr20 . . . . . . . . . . 106
AIX:20 authorization server . . . . . . . 106HP-UX:20 authorization server . . . . . . 107Linux:20 authorization server . . . . . . 108Solaris:20 authorization server . . . . . . 109Windows:20 authorization server . . . . . 110
Z 7 B 20 Development(ADK)53 . . . 111
9C20r<20 . . . . . . . . . . . . 1119C>z5CLr20 . . . . . . . . . . 112
AIX:20 Development(ADK)53 . . . . 112HP-UX:20 Development(ADK)53 . . . 113Linux:20 Development(ADK)53 . . . . 114Solaris:20 Development(ADK)53 . . . 115Windows:20 Development(ADK)53 . . . 115
Z 8 B 20 Java runtime environment 53 1179C20r<20 . . . . . . . . . . . . 1179C>z5CLr20 . . . . . . . . . . 117
AIX:20 Java runtime environment 53 . . . 118HP-UX:20 Java runtime environment 53 . . 118Linux:20 Java runtime environment 53 . . 119Solaris:20 Java runtime environment 53 . . 120Windows:20 Java runtime environment 53 121
Z 9 B 20 policy proxy server . . . . . 1239C20r<20 . . . . . . . . . . . . 1239C>z5CLr20 . . . . . . . . . . 124
AIX:20 policy proxy server . . . . . . . 124HP-UX:20 policy proxy server . . . . . . 125Linux:20 policy proxy server . . . . . . 126Solaris:20 policy proxy server . . . . . . 127Windows:20 policy proxy server . . . . . 128
Z 10 B 20 runtime 53 . . . . . . . . 1299C20r<20 . . . . . . . . . . . . 1299C>z5CLr20 . . . . . . . . . . 130
AIX:20 runtime 53 . . . . . . . . . 130HP-UX:20 runtime 53 . . . . . . . . 131Linux:20 runtime 53 . . . . . . . . 131Solaris:20 runtime 53 . . . . . . . . 132Windows:20 runtime 53 . . . . . . . 133
Z 11 B 20 Web Portal Manager 53 . . . 1359C20r<20 . . . . . . . . . . . . 1359C>z5CLr20 . . . . . . . . . . 137
AIX:20 Web Portal Manager 53 . . . . 137HP-UX:20 Web Portal Manager 53 . . . 139Linux:20 Web Portal Manager 53 . . . . 141Solaris:20 Web Portal Manager 53 . . . . 142Windows:20 Web Portal Manager 53 . . . 144
© Copyright IBM Corp. 2001, 2003 53
54 IBM Tivoli Access Manager for e-business: Web Security 208O
Z 4 B 20"am~qw
("\mrDZ;=G20M Tivoli Access Manager ;p9CD"am~qw#*2
0"dC\'VD"am,k4PTBYw.;:
v *20MdC IBM Tivoli Directory Server(f Tivoli Access Manager ;pa)),
kq-Z 56 3D:20 IBM Tivoli Directory Server;PD8>E"#(i9C
install_ldap_server 20r<4r/20MdC}L#
":K20r<Z HP-UX O;IC#
v *20 IBM Tivoli Directory Server TbD\'V"am,kiDz7D5#PX\
'V"amDPm,kNDZ 25 3D:\'VD"am;#
v g{zP;vk*CZ Tivoli Access Manager DVP"am,k7#+~qw}6
=K"Pf'VDf>#PX IBM Tivoli Directory Server D}68>E",kND
IBM Tivoli Access Manager Upgrade Guide;XZd|\'V"am,kiDz7D
5#;sq->BPD8>E"+"amdC*M Tivoli Access Manager ;p9C#
>B|,TBw*?V:
v Z 56 3D:20 IBM Tivoli Directory Server;
v Z 77 3D:20 IBM z/OS Security Server M IBM OS/390 Security Server;
v Z 81 3D:20 Lotus Domino;
v Z 84 3D:20 Microsoft Active Directory;
v Z 90 3D:20 Novell eDirectory;
v Z 92 3D:20 Sun ONE Directory Server;
© Copyright IBM Corp. 2001, 2003 55
20 IBM Tivoli Directory Server>Za)PX+ IBM Tivoli Directory Server w* Tivoli Access Manager "am20
MdCDE"#zIT9CTB20=(PD;V420K53:
v Z 58 3D:9C20r<20;
v Z 59 3D:9C>z5CLr20;
":g{zS IBM TbD)&L&qC LDAP $HfZDf>,r&CZ20 IBM
Tivoli Directory Server .0+Cf>}%#g{Z;}%d|)&LDf>Div
B"T20 IBM Tivoli Directory Server,rzzDD~{e;I\9Ov=vf
>PDNN;v^(}#$w#
PXj{D IBM Tivoli Directory Server z7D5,k%w;ZTBX7D ProductManuals and Technical Documentation 4S:
http://www.ibm.com/software/network/help-directory/
":
v )\'VD AIX"HP-UX"Linux"Solaris M Windows =(9CD IBM Tivoli Access
Manager Directory Server CD Oa) IBM Tivoli Directory Server M IBM DB2#
v )\'VD AIX"HP-UX"Linux"Solaris"Windows 2000 M Windows 2003 =(
9CD IBM Tivoli Access Manager Web Administration Interfaces CD Oa) Web
Administration Tool M IBM WebSphere Application Server#
200*sZ20MdC IBM Tivoli Directory Server .0,Xk4PTB200Nq(4h*)#
;\zF.9CDV20=(,b)*syJC#
v 4(;v DB2 }]byP_j6,}g,ldapdb2#z8(DC'j6+5P DB2
}]byZD}]b5}#ZdC}LP+a>zdkKj60\k#
"b:vT Windows C' - g{KP install_ldap_server 20r<,rz4(
Dj6+Cw DB2 \m1j6M DB2 }]byP_j6#(izZ9C>z20
5CLr14("9C;,Dj6#}g,+ DB2 }]byP_j6|{*
ldapdb2,+ DB2 \m1j6|{* db2admin#
– C'j6D$H;\,} 8 vV{#
– Z Windows =(O,C'XkG Administrators iDI1,"RXkk\m1j
6&Z,;vr#
– Z UNIX =(O,C'Xk_Pw?<,"RXkGCw?<DyP_#
– !q;v+EC DB2 }]bD?<#20r<+Z?<~qw}]bw?<Ba
>dkbv?<#
- DB2 }]b?<DiyP(&CG20 DB2 1y4(D DB2 i#Z AIX M
Solaris O,Ki(#{* dbsysadm#TZ Linux on zSeries,Ki(#{*
db2iadm1#}g,ZC'{* ldapdb2 DivB,}]b?<Z AIX M
Solaris O&Ci ldapdb2:dbsysadm yP,xZ Linux on zSeries O&Ci
ldapdb2:db2iadm1 yP#
dC}]b1,I\fZ;)i;\w*C'wi}#$w#}g,g{ Linux O
DC'wi* users,rI\vVJb#g{k*7#wi}#$w,rXkZ
Linux O9C other#
20"am~qw
56 IBM Tivoli Access Manager for e-business: Web Security 208O
– root C'XkG!qC45P DB2 }]b?<DiDI1#g{ root C';
GKiDI1,r+ root C'mS*CiDI1#
– *K C= nQ '{ ,C' DG < s h e l l L r&CG K o r n s h e l l Lr
(/usr/bin/ksh)#
– C'D\kXk}7hC"f1IT9C#}g,\k;\Q=Z,2;\Hr
NNV`DWNi$#(i$\kQ}7hCDnQ=(G telnet =,;(Fc
z"R\CCC'j6M\kI&G<#)
– dC}]b1,;X(+(#G)+C'j6Dw?<8(*}]b;C#+
G,g{8(3vd|;C,rC'w?<T;Xk_P 3 = 4 MB DICU
d#bGr* DB2 4(K4S"+D~mS=5}yP_(4C')Dw?<
P,49}]b>mZd|;C#g{w?<P;Pc;DUd,rIT4(c
;DUdr_8(d|?<w*w?<#
v vZ AIX 53O,IBM Tivoli Directory Server V5.2 *s 64 ;2~M 64 ;DZ
K#*7#zD53Q}720,k4iTBZ]:
– *i$zD AIX 2~GqG 64 ;,kdkTB|n:
bootinfo –y
g{a{T> 64,rzD2~* 64 ;#Kb,g{dk|n lsattr —El proc0,
rC|nDdva5XzD~qwD&mw`M#g{zPTBwnPDNN;
n,rzD2~* 64 ;:RS64 I"II"III"IV"POWER3"POWER3 II r POWER4#
– 64 ;2~IT_P 32 ;r_ 64 ;ZK#*i$GqQ20"KP 64 ;ZK
(/usr/lib/boot/unix_64),kdkTB|n:
bootinfo –K
g{a{T> 64,rZK* 64 ;#+G,g{a{T> 32,rXkS 32 ;Z
KP;= 64 ;ZK#*jIbnYw,kq-TBb)=h:
1. 7#z5PTB 64 ;m~|:
bos.64bitbos.mp64
2. *P;= 64 ;ZK,kdkTB|n:
ln -sf /usr/lib/boot/unix_64 /unixln -sf /usr/lib/boot/unix_64 /usr/lib/boot/unixlslv -m hd5bosboot -ad /dev/ipldeviceshutdown -Fr
– 7#QtCl= I/O#*jIbnYw,kdkTB|n:
/usr/sbin/mkdev -l aio0/usr/sbin/chdev -l aio0 -P/usr/sbin/chdev -l aio0 -P -a autoconfig=available
20"am~qw
Z 4 B 20"am~qw 57
9C20r<20
install_ldap_server 20r<(}TJ13r20MdCTBi~,r/K IBM Tivoli
Directory Server 53D20:
v IBM DB2 (C}]bs5~qwf,f> 8.1
v Global Security Kit(GSKit)V7
v IBM Tivoli Directory Client V5.2
v IBM Tivoli Directory Server V5.2
v LDAP 9!(am_update_ldap.sh)
PXdC!nDhvT0xPe<DV=8>E",kNDZ 268 3D:9C
install_ldap_server r<;#
*9C install_ldap_server r<20MdC IBM Tivoli Directory Server 53,kq
-TBb)=h#
":IBM Tivoli Directory Server 20r<Z HP-UX O;IC#g{}Z HP-UX O
20 IBM Tivoli Directory Server,kNDZ 61 3D:HP-UX:20 IBM Tivoli
Directory Server;PD8>E"#
1. 4PZ 56 3D:200*s;PPvD200Nq#
2. 7#Q20yPX*DYw539!#`XE",kNDZ 33 3D:\'VD=
((|(Xh9!);#
3. *9C}"o(1!oT)TbDoTi44,M{",XkZKP20r<.0
20oT'Vm~|#`X8>E",kNDZ 45 3D:20 IBM Tivoli Directory
Server oT|;#
4. vZ Windows 53O,SyPKPPDLrKv#
5. 20}LP;vy> SSL LDAP \?D~(am_key.kdb)4F=KzD53O#I
T9C am_key.kdb D~Z policy server M LDAP ~qw.dtC SSL 'V#g
{zF.9Cd| SSL \?D~4tC SSL,r7#V/+ SSL \?D~4F=
K53OD?<P#
":am_key.kdb D~<ZvCZ@@?D;";rc+|CZzz73#am_key.kdb
D~D1!\kG key4ssl(!4)#
6. 7#ZKP20r<.0Q20 IBM JRE 1.3.1(Z AIX O* 1.3.1.5)#`X8>
E",kNDZ 241 3#
7. k4PBPYw.;:
v g{v20Z Solaris O,rKP install_db2 Lr,CLr;Z IBM Tivoli
Access Manager Directory Server 1 of 2 for Solaris CD ODy?<P#B;=,
KP install_ldap_server Lr,CLr;Z IBM Tivoli Access Manager Directory
Server 2 of 2 for Solaris CD ODy?<P#
v TZ\'VD AIX"Linux M Windows =(,KP install_ldap_server Lr,
CLr;ZzD\'V=(D IBM Tivoli Access Manager Directory Server CD
ODy?<P#
20r<(}a>zdkZ 268 3D:9C install_ldap_server r<; PhvDdC
E"*<KP#Zza)KE"(rS\1!5).s,i~Z;Px;=I$D
ivBjI20MdC#
20"am~qw
58 IBM Tivoli Access Manager for e-business: Web Security 208O
8. g{z9C1! am_key.kdb \?D~tCK SSL,rnU+h*4("9CzT
:D\?D~4tC SSL,r|DK\?D~D1!\k#*jIbnYw,IT9
Ck GSKit ;p20D iKeyman \?\m5CLr#`X8>E",kNDZ 235
3D:hC GSKit iKeyman 5CLr;PPXhC GSKit iKeyman 5CLrDE
"#PX9C iKeyman 5CLrDE",kND IBM Global Security Kit Secure
Sockets Layer and iKeyman User’s Guide#
9C install_ldap_server 20r<+ IBM Tivoli Directory Server hC*M Tivoli
Access Manager ;p9CTs,B;=G20 policy server#`X8>E",kNDZ
97 3DZ 5 B, :20 policy server;#
9C>z5CLr20
TBwZ9z\;9Cl$DX(Z=(D5CLr20 IBM Tivoli Directory Server#
kT/20r<;,,zXkTJ1D3rV/20?vi~MNNX8m~#
jIJCZzDYw53D8>E":
v AIX,ZZ 59 3O
v HP-UX,ZZ 61 3O
v Linux,ZZ 62 3O
v Solaris,ZZ 64 3O
v Windows,ZZ 66 3O
AIX:20 IBM Tivoli Directory Server*9C installp 5CLrZ AIX O20 IBM Tivoli Directory Server 53,kq-
TBb)=h#
":(i+zD"am~qw20Z;,Z policy server D;v%@D53O#
1. T root C'm]G<#
2. 7#Q20yPX*DYw539!#`XE",kNDZ 33 3D:\'VD=
((|(Xh9!);#
3. 4PZ 56 3D:200*s;PPvD200Nq#
4. ek IBM Tivoli Access Manager Directory Server for AIX CD "20|#
5. 20 IBM DB2#*jIbnYw,k4PvD3r20TBm~|:
installp -cagNYXd cdrom/usr/sys/inst.images packages
dP packages gB:
db2_08_01.msg.en_US.iso88591db2_08_01.clientdb2_08_01.cnvucsdb2_08_01.repldb2_08_01.db2.rtedb2_08_01.cs.rtedb2_08_01.icutdb2_08_01.sqlprocdb2_08_01.icucdb2_08_01.db2.engndb2_08_01.jhlp.en_US.iso88591db2_08_01.cj
db2_08_01.jdbcdb2_08_01.dasdb2_08_01.db2.samplesdb2_08_01.cadb2_08_01.ch.en_US.iso88591db2_08_01.ccdb2_08_01.conndb2_08_01.convdb2_08_01.ldapdb2_08_01.pextdb2_08_01.essg
20"am~qw
Z 4 B 20"am~qw 59
6. 20 GSKit#`X8>E",kNDZ 233 3#
7. 20 IBM Tivoli Directory Client:
installp -acgXd cd_mount_point/usr/sys/inst.images ldap.client ldap.max_crypto_client
dP cd_mount_point/usr/sys/inst.images G20C CD D?<#
8. 20 IBM Tivoli Directory Server:
installp -acgXd cd_mount_point/usr/sys/inst.images ldap.server ldap.max_crypto_server
9. Sy?<dkTB|nT20 LDAP 9!:
am_update_ldap.sh
10. "o{"f IBM Tivoli Directory Server m~|;pT/20#g{h*d|oT
f>D{"D~MD5,rIS IBM Tivoli Access Manager Language Support for
AIX CD 20|G#`X8>E",kNDZ 45 3D:20 IBM Tivoli Directory
Server oT|;#
*i4ICDoTf>,kdkTB|n:
installp -ld cd_mount_point/usr/sys/inst.images | grep ldap
aT>;vI20D IBM Tivoli Directory Server m~|DPm#
11. 120jI1,53zI;v20**#ki$**PDns;PTyP0kD
D~T> SUCCESS#z9IT(}dkTB|n4i$ IBM Tivoli Directory G
qQI&20:
lslpp -L | grep ldap
T>DdvPvKyPT ldap *7DD~/#dP|(~qw"M'z"Web
Administration Tool"HTML M{"D~/#}g:
ldap.client.adt 5.2.0.0 C F Directory SDKldap.client.rte 5.2.0.0 C F Directory Client Runtimeldap.client.cfg 5.2.0.0 C F Directory Server Config GUIldap.server.com 5.2.0.0 C F Directory Server Frameworkldap.server.java 5.2.0.0 C F Directory Server Javaldap.server.rte 5.2.0.0 C F Directory Server Runtime
12. (e LDAP \m1 DN M\k,;sdC+f"?<}]D}]b#`X8>E
",kNDZ 69 3D:UNIX:dC IBM Tivoli Directory Server;#
13. Z IBM Tivoli Directory Server 20jITs,Xk+ IBM Tivoli Directory Server
dC*M Tivoli Access Manager ;p9C#`X8>E",kNDZ 71 3#
14. (iz9C GSKit iKeyman 5CLrZ\'VD"am~qwM IBM Tivoli
Directory Client .dtC SSL (E#*jIbnYw,kq-TBb)=h:
a. hC iKeyman 5CLr#`X8>E",kNDZ 235 3D:hC GSKit
iKeyman 5CLr;#
b. T\'VD"am~qwtC SSL#`X8>E",kNDZ 335 3DZ 24 B,
:tC2+WSVc;#
":PX9C iKeyman 5CLrD|`E",kND IBM Global Security Kit
Secure Sockets Layer and iKeyman User’s Guide#
Z+ IBM Tivoli Directory Server hC*M Tivoli Access Manager ;p9CTs,B
;=G20 policy server#`X8>E",kNDZ 97 3DZ 5 B, :20 policy
server;#
20"am~qw
60 IBM Tivoli Access Manager for e-business: Web Security 208O
HP-UX:20 IBM Tivoli Directory Server*Z HP-UX O20 IBM Tivoli Directory Server 53,kq-TBb)=h#
":(i+zD"am~qw20Z;,Z policy server D;v%@D53O#
1. T root C'm]G<#
2. 7#Q20yPX*DYw539!#`XE",kNDZ 33 3D:\'VD=
((|(Xh9!);#
3. 4PZ 56 3D:200*s;PPvD200Nq#
4. ek IBM Tivoli Access Manager Directory Server for HP-UX CD#
5. Zs(Ht/ pfs_mountd,;sYt/ pfsd(g{|GP4KP)#9C
pfs_mount |n20 CD#}g,dkBP|n:
/usr/sbin/pfs_mount /dev/dsk/c0t0d0 /cd-rom
dP /dev/dsk/c0t0d0 G CD h8x /cd-rom G20c#
6. 20 IBM DB2:
swinstall -s /cd-rom/hp packages
dP /cd-rom/hp G?<,packages gB:
db2v81ent
db2v81cc
db2v81conn
db2v81gse
db2v81jhp
db2v81sdk
db2v81wgrp
db2v81cae
7. 20 GSKit#`X8>E",kND 235#
8. 20 IBM Tivoli Directory Client:
swinstall -s /cd-rom/hp LDAPClient
9. 20 IBM Tivoli Directory Server:
swinstall -s /cd-rom/hp LDAPServer
10. Sy?<dkTB|nT20 LDAP 9!:
am_update_ldap.sh
11. "o{"f IBM Tivoli Directory Server m~|;pT/20#g{h*d|oT
f>D{"D~MD5,rIS IBM Tivoli Access Manager Language Support for
HP-UX CD 20|G#`X8>E",kNDZ 45 3D:20 IBM Tivoli
Directory Server oT|;#
12. (e LDAP \m1 DN M\k,;sdC+f"?<}]D}]b#`X8>E
",kNDZ 69 3D:UNIX:dC IBM Tivoli Directory Server;#
13. Z IBM Tivoli Directory Server 20jITs,Xk+ IBM Tivoli Directory Server
dC*M Tivoli Access Manager ;p9C#`X8>E",kNDZ 71 3#
14. (iz9C GSKit iKeyman 5CLrZ\'VD"am~qwM IBM Tivoli
Directory Client .dtC SSL (E#*jIbnYw,kq-TBb)=h:
20"am~qw
Z 4 B 20"am~qw 61
a. hC iKeyman 5CLr#`X8>E",kNDZ 235 3D:hC GSKit
iKeyman 5CLr;#
b. T\'VD"am~qwtC SSL#`X8>E",kNDZ 335 3DZ 24 B,
:tC2+WSVc;#
":PX9C iKeyman 5CLrD|`E",kND IBM Global Security Kit
Secure Sockets Layer and iKeyman User’s Guide#
Z+ IBM Tivoli Directory Server hC*M Tivoli Access Manager ;p9CTs,B
;=G20 policy server#`X8>E",kNDZ 97 3DZ 5 B, :20 policy
server;#
Linux:20 IBM Tivoli Directory Server*Z\'VD Linux 53O20 IBM Tivoli Directory Server,kq-TBb)=h#
":
1. (i+zD"am~qw20Z;,Z policy server D;v%@D53O#
2. Linux on zSeries C':zXkWHS IBM Tivoli Access Manager for Linux on
zSeries CD qCT Linux rpm D~DCJ(#
1. T root C'm]G<#
2. k7#Q20yPXhDYw539!#`XE",kNDZ 33 3D:\'VD
=((|(Xh9!);#
3. 4PZ 56 3D:200*s;PPvD200Nq#
4. }% openldap2-client-2.1.4-30 m~|rd|Q20De;D LDAP m~|#
":g{h*+ openldap2-client k IBM Tivoli Directory Client 20Z,;v
53O,r7# /usr/bin PTBe;DLr0{E4S1= IBM LDAP M'
zf>,gBy>:
/usr/bin/ldapadd → /usr/ldap/bin/ldapmodify/usr/bin/ldapdelete → /usr/ldap/bin/ldapdelete/usr/bin/ldapmodify → /usr/ldap/bin/ldapmodify/usr/bin/ldapmodrdn → /usr/ldap/bin/ldapmodrdn/usr/bin/ldapsearch → /usr/ldap/bin/ldapsearch
5. ek IBM Tivoli Access Manager Directory Server CD for xSeries, zSeries, or pSeries
and iSeries "20|#
6. P;= /mnt/cdrom/series ?<,dP /mnt/cdrom G CD D20cx series 8
( xSeries"zSeries r pSeries#
7. 20 DB2#*jIbnYw,kgBy>20CZzDX(2~Dm~|:
rpm -ihv IBM_db2*.rpm
dP\'V2~Dm~|gB:
20"am~qw
62 IBM Tivoli Access Manager for e-business: Web Security 208O
Linux on xSeries Linux on zSeries Linux on pSeries and iSeries
IBM_db2msen81-8.1.0-16.i386.rpmIBM_db2cliv81-8.1.0-16.i386.rpmIBM_db2conv81-8.1.0-16.i386.rpmIBM_db2repl81-8.1.0-16.i386.rpmIBM_db2rte81-8.1.0-16.i386.rpmIBM_db2crte81-8.1.0-16.i386.rpmIBM_db2icut81-8.1.0-16.i386.rpmIBM_db2icuc81-8.1.0-16.i386.rpmIBM_db2engn81-8.1.0-16.i386.rpmIBM_db2jhen81-8.1.0-16.i386.rpmIBM_db2cj81-8.1.0-16.i386.rpmIBM_db2jdbc81-8.1.0-16.i386.rpmIBM_db2das81-8.1.0-16.i386.rpmIBM_db2smpl81-8.1.0-16.i386.rpmIBM_db2ca81-8.1.0-16.i386.rpmIBM_db2chen81-8.1.0-16.i386.rpmIBM_db2cc81-8.1.0-16.i386.rpmIBM_db2cucs81-8.1.0-16.i386.rpmIBM_db2sp81-8.1.0-16.i386.rpmIBM_db2ldap81-8.1.0-16.i386.rpmIBM_db2pext81-8.1.0-16.i386.rpmIBM_db2conn81-8.1.0-16.i386.rpmIBM_db2wmsa81-8.1.0-16.i386.rpmIBM_db2essg81-8.1.0-16.i386.rpm
IBM_db2msen81-8.1.0-16.s390.rpmIBM_db2cliv81-8.1.0-16.s390.rpmIBM_db2conv81-8.1.0-16.s390.rpmIBM_db2repl81-8.1.0-16.s390.rpmIBM_db2rte81-8.1.0-16.s390.rpmIBM_db2crte81-8.1.0-16.s390.rpmIBM_db2icuc81-8.1.0-16.s390.rpmIBM_db2engn81-8.1.0-16.s390.rpmIBM_db2jhen81-8.1.0-16.s390.rpmIBM_db2cj81-8.1.0-16.s390.rpmIBM_db2jdbc81-8.1.0-16.s390.rpmIBM_db2das81-8.1.0-16.s390.rpmIBM_db2smpl81-8.1.0-16.s390.rpmIBM_db2ca81-8.1.0-16.s390.rpmIBM_db2chen81-8.1.0-16.s390.rpmIBM_db2cc81-8.1.0-16.s390.rpmIBM_db2cucs81-8.1.0-16.s390.rpmIBM_db2sp81-8.1.0-16.s390.rpmIBM_db2ldap81-8.1.0-16.s390.rpmIBM_db2pext81-8.1.0-16.s390.rpmIBM_db2conn81-8.1.0-16.s390.rpmIBM_db2wbdb81-8.1.0-16.s390.rpmIBM_db2essg81-8.1.0-16.s390.rpm
IBM_db2acsg81-8.1.0-16.ppc64.rpmIBM_db2adsg81-8.1.0-16.ppc64.rpmIBM_db2adt81-8.1.0-16.ppc64.rpmIBM_db2cj81-8.1.0-16.ppc64.rpmIBM_db2cliv81-8.1.0-16.ppc64.rpmIBM_db2conn81-8.1.0-16.ppc64.rpmIBM_db2conv81-8.1.0-16.ppc64.rpmIBM_db2crte81-8.1.0-16.ppc64.rpmIBM_db2cucs81-8.1.0-16.ppc64.rpmIBM_db2das81-8.1.0-16.ppc64.rpmIBM_db2dj81-8.1.0-16.ppc64.rpmIBM_db2engn81-8.1.0-16.ppc64.rpmIBM_db2icuc81-8.1.0-16.ppc64.rpmIBM_db2inst81-8.1.0-16.ppc64.rpmIBM_db2jdbc81-8.1.0-16.ppc64.rpmIBM_db2jhen81-8.1.0-16.ppc64.rpmIBM_db2msen81-8.1.0-16.ppc64.rpmIBM_db2pext81-8.1.0-16.ppc64.rpmIBM_db2repl81-8.1.0-16.ppc64.rpmIBM_db2rte81-8.1.0-16.ppc64.rpmIBM_db2smpl81-8.1.0-16.ppc64.rpmIBM_db2sp81-8.1.0-16.ppc64.rpmIBM_db2essg81-8.1.0-16.ppc64.rpm
8. 20 GSKit#`X8>E",kNDZ 234 3#
9. 20 IBM Tivoli Directory Client m~|:
rpm -ihv package
dP package GTB.;:
v Linux on xSeries:ldap-clientd-5.2-1.i386.rpm
v Linux on zSeries:ldap-clientd-5.2-1.s390.rpm
v Linux on pSeries and iSeries:ldap-client-5.2-1.ppc.rpm
10. 20 IBM Tivoli Directory Server m~|:
rpm -ihv package
dP package GTB.;:
v Linux on xSeries:ldap-serverd-5.2-1.i386.rpm
v Linux on zSeries:ldap-serverd-5.2-1.s390.rpm
v Linux on pSeries and iSeries:ldap-server-5.2-1.ppc.rpm
11. S CD ODy?<dkTB|nT20 LDAP 9!:
am_update_ldap.sh
12. ki$m~|Q}720:
rpm -qa | grep ldap
g{z7Q20I&,r+T>`FTBZ]Da{:
ldap-clientd-5.2-1ldap-serverd-5.2-1
20"am~qw
Z 4 B 20"am~qw 63
13. "o{"f IBM Tivoli Directory Server m~|;pT/20#g{h*d|oT
f>D{"D~MD5,rIS IBM Tivoli Access Manager Language Support for
Linux CD 20|G#`X8>E",kNDZ 45 3D:20 IBM Tivoli Directory
Server oT|;#
14. (e LDAP \m1 DN M\k,;sdC+f"?<}]D}]b#`X8>E
",kNDZ 69 3D:UNIX:dC IBM Tivoli Directory Server;#
15. Z IBM Tivoli Directory Server 20jITs,Xk+ IBM Tivoli Directory Server
dC*M Tivoli Access Manager ;p9C#`X8>E",kNDZ 71 3#
16. (iz9C GSKit iKeyman 5CLrZ\'VD"am~qwM IBM Tivoli
Directory Client .dtC SSL (E#*jIbnYw,kq-TBb)=h:
a. hC iKeyman 5CLr#`X8>E",kNDZ 235 3D:hC GSKit
iKeyman 5CLr;#
b. T\'VD"am~qwtC SSL#`X8>E",kNDZ 335 3DZ 24 B,
:tC2+WSVc;#
":PX9C iKeyman 5CLrD|`E",kND IBM Global Security Kit
Secure Sockets Layer and iKeyman User’s Guide#
Z+ IBM Tivoli Directory Server hC*M Tivoli Access Manager ;p9CTs,B
;=G20 policy server#`X8>E",kNDZ 97 3DZ 5 B, :20 policy
server;#
Solaris:20 IBM Tivoli Directory Server*9C pkgadd 5CLrZ Solaris O20 IBM Tivoli Directory Server 53,kq
-TBb)=h#
":(i+zD"am~qw20Z;,Z policy server D;v%@D53O#
1. T root C'm]G<#
2. k7#Q20yPXhDYw539!#`XE",kNDZ 33 3D:\'VD
=((|(Xh9!);#
3. 4PZ 56 3D:200*s;PPvD200Nq#
4. ek IBM Tivoli Access Manager Directory Server 1 of 2 for Solaris CD#
5. k7#z;Z /cdrom/cdrom0/solaris ?<#
6. 20 IBM DB2#*jIbnYw,k20TBm~|(;N;v):
pkgadd -d /cdrom/cdrom0/solaris -a /cdrom/cdrom0/solaris/pddefault packages
dP:
-d /cdrom/cdrom0/solaris
8(m~|D;C#
-a /cdrom/cdrom0/solaris/pddefault
8(20\mE>D;C#
20"am~qw
64 IBM Tivoli Access Manager for e-business: Web Security 208O
packages gB:
db2msen81db2cliv81db2cucs81db2repl81db2rte81db2crte81db2icut81db2sp81db2icuc81db2engn81db2jhen81db2cj81
db2jdbc81db2das81db2smpl81db2ca81db2chen81db2cc81db2conv81db2conn81db2pext81db2ldap81db2essg81
7. ek IBM Tivoli Access Manager Directory Server 2 of 2 for Solaris CD#
8. &C IBM DB2 mI$:
/opt/IBM/db2/V8.1/adm/db2licm -a /CD2_mount_point/solaris/db2ese.lic
9. 20 GSKit#`X8>E",kNDZ 235 3#
":IZm~|`XT,rK20D3rG#X*#
10. 20 IBM Tivoli Directory Client:
pkgadd -d /cdrom/cdrom0/solaris -a /cdrom/cdrom0/solaris/pddefault IBMldapc
d P - d / c d r o m / c d r o m 0 / s o l a r i s 8 ( m ~ | D ; C x - a
/cdrom/cdrom0/solaris/pddefault 8(20\mE>D;C#
11. 20 IBM Tivoli Directory Server:
pkgadd -d /cdrom/cdrom0/solaris -a /cdrom/cdrom0/solaris/pddefault IBMldaps
12. S CD ODy?<dkTBZ]T20 LDAP 9!:
am_update_ldap.sh
13. "o{"f IBM Tivoli Directory Server m~|;pT/20#g{h*d|oT
f>D{"D~MD5,rIS IBM Tivoli Access Manager Language Support for
Solaris CD 20|G#`X8>E",kNDZ 45 3D:20 IBM Tivoli Directory
Server oT|;#
14. Z20Zd,a/JzGqk*9C /opt w*y!?<#g{UdJm,rS\
/opt w*y!?<,"4 Enter |#
":20M'zM~qwm~|1,+T>TBi/:
This package contains scripts which will be executed withsuper-user permission during the process of installing the package.Continue with installation?
b)E>4(K IBM Tivoli Directory Server C'j6#dk y TLx#
b)Lrh*\;t/X$xL"KP DB2 |nT04( IBM Tivoli
Directory Server DB2 5}C'j6Mi,rKb)Lr<{h*T root C
'm]KP#dk y TLx#
15. 120jI1,zaT/5X=|na>{#
16. (e LDAP \m1 DN M\k,;sdC+f"?<}]D}]b#`X8>E
",kNDZ 69 3D:UNIX:dC IBM Tivoli Directory Server;#
20"am~qw
Z 4 B 20"am~qw 65
17. Z IBM Tivoli Directory Server 20jITs,Xk+ IBM Tivoli Directory Server
dC*M Tivoli Access Manager ;p9C#`X8>E",kNDZ 71 3#
18. (iz9C GSKit iKeyman 5CLrZ\'VD"am~qwM IBM Tivoli
Directory Client .dtC SSL (E#*jIbnYw,kq-TBb)=h:
a. hC iKeyman 5CLr#`X8>E",kNDZ 235 3D:hC GSKit
iKeyman 5CLr;#
b. T\'VD"am~qwtC SSL#`X8>E",kNDZ 335 3DZ 24 B,
:tC2+WSVc;#
":PX9C iKeyman 5CLrD|`E",kND IBM Global Security Kit
Secure Sockets Layer and iKeyman User’s Guide#
Z+ IBM Tivoli Directory Server hC*M Tivoli Access Manager ;p9CTs,B
;=G20 policy server#`X8>E",kNDZ 97 3DZ 5 B, :20 policy
server;#
Windows:20 IBM Tivoli Directory Server*Z Windows O20 IBM Tivoli Directory Server,kq-TBb)=h#
":(i+zD"am~qw20Z;,Z policy server D;v%@D53O#
1. T_P\m1X(DC'm]G<#
2. k7#Q20yPXhDYw539!#`XE",kNDZ 33 3D:\'VD
=((|(Xh9!);#
3. 4PZ 56 3D:200*s;PPvD200Nq#
4. #9NN}ZKPDLr"XUyP0Z#g{Pr*D0Z,ru<200ZI
\a~XZd|0Zsf#
5. ek IBM Tivoli Access Manager Directory Server for Windows 2000 and Windows
2003 CD#
6. 20 GSKit#`X8>E",kND Z 235 3D:Windows:20 Global Security
Kit;#
7. KP;ZTB?<D setup.exe D~:
/windows/Directory
+T>0!q20oT1T0r#
8. !qk*CZ20LrDoT,"%w7(#
9. +T>06-1T0r#%wB;=Lx#
10. DAmI$-i#!qS\b)un,;s%wB;=#
11. +T>NN$20Di~M`&Df>6p#%wB;=TLx#
12. *+ IBM Tivoli Directory Server 20=1!?<,k%wB;=#*8(;,D
?<,Idk?<76r%w/@!q;v?<#
":;*Z20?<D{FP9CXbV{,g,V{(-)Mdc(.)#
13. !qk*Z IBM Tivoli Directory Server 5.2 P9CDoT,"%wB;=#
14. !qTBi~"%wB;=#
v Client SDK 5.2
20"am~qw
66 IBM Tivoli Access Manager for e-business: Web Security 208O
v Server 5.2
v DB2 V8.1
"bBn
TBi~2GICD:
v Web Administration 5.2
v IBM WebSphere Application Server — Express 5.0.2
zIT!q20b)z7#+G,Access Manager (izZ9C Web
Administration Tool 19C WebSphere Application Server V5.0.2#PX20
D8>E",kNDZ 245 3D:20 WebSphere Application Server;MZ
255 3D:20 Web Administration Tool;
15. g{zZZ 66 3D 14 =!qK DB2 V8.1,r+T>0Z,a>zdk Windows
C'j6M DB2 53j6D\k#KC'j6GzZ2004(D DB2 \m1
j6(db2admin)#kq-TBb)=h:
a. dkC'j6rS\1!5#
b. dk\k,;sYNdk\kTi$#
c. %wB;=#
16. 4i!qDdC!n#%wO;=T|DNN!q#%wB;=*<20#
20}L*<#kTr#K}LI\h*8VS#
17. ZD~20.s,aT>TvD~#4iTvD~,"%wB;=TLx#
18. !qVZ9GTsXBt/cD53#%wjI#
":zXkXBt/53TjI IBM Tivoli Directory Server DdC#ZKYwj
I.0,z^(9C IBM Tivoli Directory Server#
19. ZFczXBt/.s,9CMC420 IBM Tivoli Directory Server `,DC'
j6G<#dC$_aT/KP,byzMITjI~qwdC#ZIT9CC
~qw.0,XkhC\m1 DN M\k,"RdC+f"?<}]D}]b#`
X8>E",kNDZ 69 3D:Windows:dC IBM Tivoli Directory Server;#
20. S CD ODy?<dkTB|nT20 LDAP 9!:
am_update_ldap.bat
21. Z IBM Tivoli Directory Server dCjITs,Xk+ IBM Tivoli Directory Server
dC*M Tivoli Access Manager ;p9C#`X8>E",kNDZ 71 3#
22. (iz9C GSKit iKeyman 5CLrZ\'VD"am~qwM IBM Tivoli
Directory Client .dtC SSL (E#*jIbnYw,kq-TBb)=h:
a. hC iKeyman 5CLr#`X8>E",kNDZ 235 3D:hC GSKit
iKeyman 5CLr;#
b. T\'VD"am~qwtC SSL#`X8>E",kNDZ 335 3DZ 24 B,
:tC2+WSVc;#
":PX9C iKeyman 5CLrD|`E",kND IBM Global Security Kit
Secure Sockets Layer and iKeyman User’s Guide#
20"am~qw
Z 4 B 20"am~qw 67
Z+ IBM Tivoli Directory Server hC*M Tivoli Access Manager ;p9CTs,B
;=G20 policy server#`X8>E",kNDZ 97 3DZ 5 B, :20 policy
server;#
20"am~qw
68 IBM Tivoli Access Manager for e-business: Web Security 208O
dC IBM Tivoli Directory Server20 IBM Tivoli Directory Server i~.s,Xk4PTBNq:
1. (e\m1 DN M\k
2. dC}]b
*jIYw,kq-TBwZPDy>}L#PXj{D IBM Tivoli Directory Server
z7D5,k%w;ZTBX7D Product Manuals and Technical Documentation4S:
http://www.ibm.com/software/network/help-directory/
"bBn
g{Q9C install_ldap_server r<20MdC IBM Tivoli Directory Server,
rIx}>ZPD8>E"#20r<T/dC IBM Tivoli Directory Server#
UNIX:dC IBM Tivoli Directory Server: TBwZa)PXgN9C ldapcfg |
ndC IBM Tivoli Directory Server DE"#*jI~qw20,zXk4PTBb)
=h#
(e\m1 DN M\k: *hC\m1 DN M\k,kq-TBb)=h:
1. dkTB|n:
ldapcfg –u "adminDN" –p pwd
dP adminDN G\m1 DN(1!5* cn=root),x pwd G\m1 DN D\
k#
*S\C1!\m1 DN(cn=root)"(e\k,kdkTB|n:
ldapcfg -p pwd
dP pwd G\m1 DN D\k#
dC}]b: k7#~qwQ#9,"gBy>dC}]b:
ldapcfg –a database_owner –w pwd -d database_name -c -l location
dP database_owner GzH04(D*w*}]byP_Dj6(}g,ldapdb2)#
database_name ITGz!qDNNZ],x location G DB2 }]b$tD;C#T
Z UNIX 53,K;CG;v?<{,g /home/ldapdb2#
":PX|`E",kND IBM Tivoli Directory Server Installation and Configuration
Guide, Version 5.2 PPXdC}]bDE"#
Windows:dC IBM Tivoli Directory Server:
hC\m1 DN M\k: *hC IBM Tivoli Directory Server D\m1 DN M\k,
kq-TBb)=h:
1. Z0IBM Tivoli Directory Server dC$_10ZP,%ws_<=0qPD\m1
DN/\k#
20"am~qw
Z 4 B 20"am~qw 69
2. ZR_D0\m1 DN/\k10qP,Z\m1 DN VNPdkP'D DN(r
_S\1! DN:cn=root)#
IBM Directory Server \m1 DN G?<\m19CD DN#K\m1GT?<P
yP}]5Pj+CJ(D;vC'#
DN G;xVs!4D#g{z;l$ X.500 q=r_IZNNd|-r;k(e
BD DN,rIS\1! DN#
3. Z\m1\kM7O\kVNP,dk\m1 DN D\k#
\kGxVs!4D#kGB\kT)+4N<#
4. %w7(TjIKNq#
":\kP;'V+VZV{/(DBCS)V{#
dC}]b: ZdC}]b1,dC$_+PX*CZf"?<}]D}]bDE"
mS=dCD~(ibmslapd.conf)P#g{C}]bP;fZ,rdC$_a4(}
]b#
":
v ZdC}]b.0,k7#4hC73d? DB2COMM#
v ZdC}]b.0,Xk#9?<~qw#
*dC?<}]b,kq-TBb)=h:
1. k7#Q4( DB2 }]byP_j6(gZ 56 3D:200*s;P8>DG
y)#
2. ZdC$_P,%ws_NqPmPDdC}]b#
3. dC$_"T7(zGqQ_P}]b#g{zD}]bQdC(4dCD~PP
C}]bDE"),rdC$_aa>zdkPXzk*xPDYwDE"#}
g,g{}]bQdC+Z53OR;=,rI!q9CdCD~P8(D{F4
(;v}]b#9CT>D0ZPy>DE"dCC}]b#
y]zGqQ_P}]b,+T>TB0ZPD;)r_+?#
v g{*sC'j6M\k,rdkC'j6M`X*D\k,;s%wB;=#
ZzITdC}]b.0,KC'j6XkQ-fZ#bGzZ20.04(D
DB2 }]byP_j6(}g,ldapdb2)#(ZH0D"PfP,g{C'j6
;fZ,r+4(|,+Gb;cQ;Y}7#)
":\kGxVs!4D#
v g{*s}]b{F,rdkzk*a)x DB2 }]bD{F"%wB;=#C
{F$HITG 1 = 8 vV{#C}]b+ZkC'j6_P`,{FD5}P
4(#
":g{zk*;,D}]b5}{F,rXk9CxP –t !nD LDAP
ldapcfg |ndCC}]b#
v g{*s}]b;C,rZ}]b;CVNPdkC}]bD}/wL{,"%
wB;=#7#Zz8(D;CPAYP 80MB DIC2LUd,"Rr?<P
mSBu?1,nbDELUdIC4zcv$h*#
v g{*sV{/!q,r!qzk*4(D}]b`M"%wB;=#zIT4
( UCS *;q=(UTF-8)}]b(LDAP M'zIZC}]bPf" UTF-8 V
{}])r_>Xzk3}]b(>Xzk3PD}]b)#
20"am~qw
70 IBM Tivoli Access Manager for e-business: Web Security 208O
":g{k*9CoTjG,rC}]bXkG UTF-8 }]b#
4. Zi$0ZP,aT>PXzy8(DdC!nDE"#*5X=H00Z"|D
E",%wO;=#**<dC,k%wjI#
5. +T>jI0Z#%wXU#
* Tivoli Access Manager dC IBM Tivoli Directory ServerTBBZhvgN+ IBM Tivoli Directory Server dC* Tivoli Access Manager "a
m#I9C Web Administration Tool(W!=()r9C|nP4* Tivoli Access
Manager dC IBM Tivoli Directory Server#
v :9C Web Administration Tool;
v Z 75 3D:9C|nP;
":PXj{D IBM Tivoli Directory Server z7D5,k%w;ZTBX7D ProductManuals and Technical Documentation 4S:
http://www.ibm.com/software/network/help-directory/
"bBn
v g{Q9C install_ldap_server r<20MdC IBM Tivoli Directory Server,
rIx}>ZPD8>E"#20r<T/dC IBM Tivoli Directory Server#
v zIT9C Web Administration Tool r|nP44PdC#Web Administration
Tool 9z\;T IBM Tivoli Directory Server xP>Xr6L\m#*20K
GUI,kNDZ 255 3#
":g{ZKP IBM Tivoli Directory Server V4.1 r 5.1,r7#Z20 Web
Administration Tool .0KP am_update_ldap.sh LDAP 9!#
v Web Administration Tool V5.2 Grsf]D,"Rk IBM Tivoli Directory
Server V4.1"5.1 M 5.2 ;p$w#g{k*9C Web Administration Tool +
|P420,rq-TBb)=h#
1. 20 IBM WebSphere Application Server#`X8>E",kNDZ 245 3#
2. 20 IBM Tivoli Directory Server Web Administration Tool "+K&CL
rdC=zD WebSphere dCP#`X8>E",kNDZ 255 3#
v w* LDAP ~qwD\m1,(iz+~qwdC*9C%r`kq=(g
crypt r SHA-1)T userPassword tT5`k#1!S\5(imask)8(;
v+r`kq=#PX8>E"T0PX\kS\D|`E",kND;ZT
BX7D IBM Tivoli Directory Server Administration Guide, Version 5.2:
http://www.ibm.com/software/network/help-directory/
9C Web Administration Tool: *9C Web Administration Tool * Tivoli Access
Manager dC IBM Tivoli Directory Server,kq-TBb)=h:
":TZ V5.1 IBM Tivoli Directory Server C',Z HP-UX =(O Web Administration
Tool ;IC#kq-Z 75 3D:9C|nP;PD8>E"#
1. k7#Q20 IBM Tivoli Directory Server "RQzcTBu~:
20"am~qw
Z 4 B 20"am~qw 71
v Q+\m1 DN(cn=root)M\khC*\;t/x(~qw#Z IBM Tivoli
Directory Server DdC}LPQa>zdkKE"#
v XkQ+3}]bdC*\;T0vdC1==}bD4,t/x(~qw#
v Xk9\mX$xLKP,Tc\;6Lt/"#9rXBt/x(~qw#
*jIKYw:
– Z UNIX 53O"vTB|n:
ibmdiradm
– Z Windows 53O%w*< → XFfe → \m$_ → ~q#R|%w IBMDirectory Admin Daemon,;s!qt/#
v Z IBM Tivoli Directory Server V5.2 20}LPT/mSK Tivoli Access
Manager #=(e#g{v9C IBM Tivoli Directory Server V4.1 r 5.1,r
Xk4PTBYw:
a. + secschema.def D~S common ?<(;ZzX(=(D Tivoli Access
Manager Base CD O)4F=z>X53OD;vY1?<(}g,/tmp)#
b. gBy>KP ldapmodify |n:
ldapmodify -v -h ldap_host -p port -D ldap_admin -w pwd -f /tmp/secschema.def
":g{ Access Manager Runtime m~|ZzD LDAP zwOQ-20"d
C,rIT9C ivrgy_tool 4|B#=,gBy>:
ivrgy_tool -d -h ldap_host -p port -D ldap_admin -w pwd schema
PX ivrgy_tool D|`E",kNDZ 395 3D:ivrgy_tool;#
2. t/ Web Administration Tool#*jIKYw,k*A20 WebSphere Application
Server D?<""vTB|n.;:
v Z UNIX 53O:
/usr/WebSphere/AppServer/bin/startServer.sh server1
r
/opt/WebSphere/AppServer/bin/startServer.sh server1
v Z Windows 53O:
C:\Program Files\WebSphere\AppServer\bin\startServer.bat server1
3. *G<=XF(,Ir* Web /@w"dkTBX7:
http://localhost:9080/IDSWebApp/IDSjsp/Login.jsp
dP localhost G20K Web Administration Tool DzwDwz{r IP X7#
+T>0IBM Tivoli Directory Server Web \mG<13f#
4. k4PBPYw.;:
v g{Q-20K Web Administration Tool,rx=Z 73 3D 7 =#
v g{H0420 Web Administration Tool,rkq-TBb)=h:
a. (}8(1!C'{M\k,S0IBM Tivoli Directory Server Web \mG
<13fTXF(\m1m]G<,gBy>:
LDAP wz{:Console AdminC'{:superadmin
\k:secret
* Tivoli Access Manager dC IBM Tivoli Directory Server
72 IBM Tivoli Access Manager for e-business: Web Security 208O
%wG<TLx#+T> IBM Tivoli Directory Server Web Administration Tool
XF(,gBy>:
":jI Web Administration Tool Du<20Ts,z+\;9C IBM
Tivoli Directory Server zwD LDAP wz{r IP X7G<=XF(#
b. XF(\mNqT>Zs_#*mSzD~qw,k!q\mXF(~q
w,;s%wR_0qPDmS4%#
c. S0mS~qw10Z,jITBVN,;s%w7(#
– wz{:dk20K IBM Tivoli Directory Server DzwDwz{r IP X
7#
– KZ:KKZQa)(389)#g{Z LDAP ~qwDdC}LP|DKK
KZE,r`&X^DK5#
– \mKZ:KKZQa)(3538)#
– tC SSL:!qtC SSL#
":g{94T~qwtC SSL,rz+;\G<04P~qw\mN
q#
0\mXF(~qw10qk~qwE";pT>#
5. !q"zT"z~qw#
6. S0"zI&10Z,%w0%wK&XBG<14S5X=0IBM Tivoli Directory
Server Web \mG<13f#
7. VZzQ<8C9CKXF(\m~qw#*jIbnYw,kq-TBb)=
h:
a. (}SB-K%!qzzwD LDAP wz{r IP X74G<#
* Tivoli Access Manager dC IBM Tivoli Directory Server
Z 4 B 20"am~qw 73
b. dk\m DN(cn=root)#
c. dkzZ IBM Tivoli Directory Server DdC}LP4(D`X* DN \k,
;s%wG<#
+T> IBM Tivoli Directory Server Web Administration Tool XF(:
":~qw\mNqf~qwD&\xd/#
8. *i$ IBM Tivoli Directory Server }ZKP,k%ws_<=0qPD~qw\
m → i4~qw4,#g{zD~qwQ#9,rSs_<=0q%wt//#9
/XBt/~qw,;s%wt/4%Tt/~qw#1~qwI&t/r#9
1,+T>;u{"#
9. *4(s:,kSs_<=0q!qhC → s:#+T>s:0Z#
10. *4( Tivoli Access Manager #td*}]Ds:,kSs_<=0q!q~q
w\m → \m~qwtT#S0\m~qwtT10q!qs:!n(#dkTB
yhDs: DN,;s%wmS:
secAuthority=Default
":s:(P{FG;xVs!4D#
s:T>Z0qPD10s: DN mP#%w7(T#f|D#
11. K1,zIT4(=Ss:T#tC'Mi(e#
":PXgNmSs:D|`E",k%w0ZRO=0qPDoz<j#s:
DnsV{}* 1000#
* Tivoli Access Manager dC IBM Tivoli Directory Server
74 IBM Tivoli Access Manager for e-business: Web Security 208O
12. jImSs:1,kSs_<=0q!q~qw\m → t//#9/XBt/~q
w,;s%wXBt/4%TXBt/~qw#1~qwXBt/I&1,+T
>;u4,{"#
13. k4PBPYw.;:
v g{4mS} secAuthority=Default TbDNNs:,r%w"zTXU0IBM
Directory Server Web Administration Tool10Z#1 policy server QdC1,
+T/mS secAuthority=Default D?<u?#
v g{mSK} secAuthority=Default TbDs:,rXk+?vs:Du?m
S=?<#*jIKYw,k!qs_<=0qPD?<\m → mSu?#*z
jIK*y4(Ds:mS?<u?1,%wjI,;s%w"zTXU
0IBM Directory Server Web Administration Tool10Z#
":g{tC SSL (E,r?<\mX$xLXk#9"XBt/T9 SSL z'#
9C|nP: *+ IBM Tivoli Directory Server dC* Tivoli Access Manager "a
m,kq-TBb)y>=h#
":PXmSs:M?<u?Dj8E",kiD IBM Tivoli Directory Server V5.2 D
5#
1. Z IBM Tivoli Directory Server V5.2 20}LPT/mSK Tivoli Access Manager
#=(e#g{v9C IBM Tivoli Directory Server V4.1 r 5.1,rXk4PTB
Yw:
a. + secschema.def D~S common ?<(;ZzX(=(D Tivoli Access Manager
Base CD O)4F=z>X53OD;vY1?<(}g,/tmp)#
b. gBy>KP ldapmodify |n:
ldapmodify -v -h ldap_host -p port -D ldap_admin -w pwd -f /tmp/secschema.def
":g{ Access Manager Runtime m~|ZzD LDAP zwOQ-20"dC,
rIT9C ivrgy_tool 4|B#=,gBy>:
ivrgy_tool -d -h ldap_host -p port -D ldap_admin -w pwd schema
PX ivrgy_tool D|`E",kNDZ 395 3D:ivrgy_tool;#
2. gBy>4( Tivoli Access Manager #td*}]Ds::
ldapcfg -s "secAuthority=Default"
Ks:mS=K ibmslapd.conf D~P#K1,zIT4(=Ss:T#tC'M
i(e#}g:
ldapcfg -s "c=US"
3. gBy>t/ LDAP ~qw:
ibmdiradm&ibmslapd&
4. *zUE4(Ds:mSu?#g{;mSKXhD secAuthority=Default s:,
rx=Z 72 =#qr,k4(;vD~,mSs:u?E",;sKP ldapadd|n#}g,CTBZ]4(;v{* addcus DD~:
dn: c=usobjectclass: topobjectclass: countryc: us
* Tivoli Access Manager dC IBM Tivoli Directory Server
Z 4 B 20"am~qw 75
;sKPTB|n:
ldapadd -h host -D cn=root -w pwd -v -f addcus
* Tivoli Access Manager dC IBM Tivoli Directory Server
76 IBM Tivoli Access Manager for e-business: Web Security 208O
20 IBM z/OS Security Server M IBM OS/390 Security Server>ZhvK* Tivoli Access Manager Z z/OS r OS/390 O<8 LDAP ~qwyh
DdC=h#*XpXSTU>z2+(^$_(SAF)"amdC Tivoli Access
Manager DYw#
b)<rYh;vBD LDAP ~qw5}(CZ Tivoli Access Manager "am#PX
|`E",kiDzX(D OS/390 r z/OS "PfD LDAP Server Administration and
Use Va#IZ;ZTBX7D z/OS bR=KD5:
http://www.ibm.com/servers/eserver/zseries/zos/bkserv/
>B|,BP?V:
v :|B#=D~;
v :mSs:;
v Z 79 3D:dC Tivoli Access Manager for LDAP;
v Z 79 3D:>zO$C'\m;
|B#=D~
Access Manager #=D;vOIf>f z/OS z7;pa)#Xk|BC#=T'V
Tivoli Access Manager V5.1#*jIKYw,kZ4( secAuthority=Default s:.
09C ivrgy_tool 5CLr+C#=&C= z/OS LDAP ~qw#`X8>E",k
NDZ 395 3D:ivrgy_tool;#
mSs:
Tivoli Access Manager *sz4(;v{* secAuthority=Default Ds:,Cs:#
t Tivoli Access Manager *}]#zXk;mSKs:;N - 1zZ;NdC LDAP
~qw1#Ks:9 Tivoli Access Manager \;]WX(;"\m}]#|9#$K
T}]DCJ,Sx\bKj{TrY5Jb#
Kb,zIT4(;vs:r8(;vVPD LDAP DIT ;CD(P{FT#tC'
Mi}]#k secAuthority=Default s:`F,z&1ZdC policy server .0+y
PBDs:mS= LDAP "am#g{zZ Tivoli Access Manager Du<dC.sm
Ss:,rXkV$mS`&D ACL#
*mSs:(|(+ secAuthority=Default s:mS= LDAP ~qwD slapd.conf
D~P),kiD;ZTBX7D LDAP Server Administration and Use Va:
http://www.ibm.com/servers/eserver/zseries/zos/bkserv/
":XBt/ LDAP ~qwT9|Dz'#
g{ZdCK Tivoli Access Manager policy server .sv(mSs:,rXk+`&
D ACL &C=B(Ds:,gBy>:
1. +BDs:mS=2+T~qw slapd.conf D~P#PXgN|B IBM z/OS
Security Server r IBM OS/390 Security Server dCD~Dj8E",kND z/OS
LDAP Server Administration and Use Guide#
2. XBt/ IBM z/OS Security Server r IBM OS/390 Security Server#
20 IBM z/OS Security Server M IBM OS/390 Security Server
Z 4 B 20"am~qw 77
3. *+u?mS=B(Ds:P,k4PTBYw:
a. 4(;v LDIF D~#K>}YhB(Ds:G o=neworg,c=us:
dn:o=neworg,c=usobjectClass:organizationobjectClass:topo:neworg
b. +`&D LDIF D~Cw ldapadd |nDdk:
ldapadd -D ldap_admin -w ldap_pwd -v -f ldif_filename
4. *+`&D Tivoli Access Manager CJXFmS=B(Ds:,k4PTBYw:
v g{4(K;v2+r(F*\mr),r4(;v`FZTBZ]D ldif D~
*Bs:mS ACL:
v g{4(Kd|2+r(u<\mr}b),r4(;v`FZTBZ]D ldif
D~*Bs:mS ACL:
5. *&C ldif D~,kgBy>9C ldapmodify |n:
ldapmodify -h hostname -D admin_DN -w admin_pwd -v -f ldif_filename
"b,g{Z1!ivB*mSDs:hCK aclpropagate=TRUE,r ldapmodify |
n+5X`FZTBZ]Dms{":
ldap_modify: additional info: R004086 Entry o=neworg,c=us already containsattribute aclpropagrate, value=TRUE
ZbVivB,S ldif D~P}% aclpropagate=TRUE "XBKP ldapmodify |n#
suffixaclpropagate=TRUEaclentry=group:cn=ivacld-servers,cn=securitygroups,secauthority=default:normal:csraclentry=group:cn=remote-acl-users,cn=securitygroups,secauthority=default:normal:csraclentry=group:cn=securitygroup,secauthority=default:object:ad:normal:cwsr:sensitive:cwsr:critical:\cwsr:restricted:cwsraclentry=access-id:LDAP_Admin_DN:object:ad:normal:rwsc:sensitive:rwsc:critical:cwsr:restricted:cwsrsuffixownerpropagate=TRUEentryOwner=group:cn=SecurityGroup,secAuthority=DefaultentryOwner=access-id:LDAP_Admin_DN
suffixaclentry=group:cn=ivacld-servers,cn=securitygroups,secauthority=default:normal:csraclentry=group:cn=remote-acl-users,cn=securitygroups,secauthority=default:normal:csraclentry=group:cn=securitygroup,secauthority=default:object:ad:normal:cwsr:sensitive:cwsr:critical:cwsr: \restricted:cwsraclentry=group:cn=ivacld-servers,cn=securitygroups,secauthority=<added domain>,cn=subdomains,\secauthority=default:normal:csraclentry=group:cn=remote-acl-users,cn=securitygroups,secauthority=<added domain>,cn=subdomains,\secauthority=default:normal:csraclentry=group:cn=securitygroup,secauthority=<add domain>,cn=subdomains,secauthority=default:object:ad:\normal:rwsc:sensitive:rwsc:critical:rwsc:restricted:rwscaclentry=access-id:LDAP_Admin_DN:object:ad:normal:rwsc:sensitivesuffixownerpropagate=TRUEentryOwner=group:cn=SecurityGroup,secAuthority=DefaultentryOwner=access-id:LDAP_Admin_DN
20 IBM z/OS Security Server M IBM OS/390 Security Server
78 IBM Tivoli Access Manager for e-business: Web Security 208O
dC Tivoli Access Manager for LDAPZ z/OS OdC Access Manager for LDAP 1,k"b Access Manager Z1!iv
BQw LDAP ~qwO(eDyPs:#g{fZQ(eDs:,Access Manager +
;9Cb)s:,r_ Access Manager ^Qw|GD(^,r&19C ignore-suffix
X|V+b)s:mS= /access_mgr_install_dir/etc/ldap.conf D~P#
}g:
ignore-suffix = sysplex=UTCPLXJ8ignore-suffix = "o=Your Company"ignore-suffix = o=MQuser
ZK>}P,sysplex=UTCPLXJ8 s:CZCJ z/OS SDBM(RACF)}]b#dC}
LP Access Manager 9CD LDAP \m1j6;G z/OS 53OD RACF C'j6,
rKC LDAP \m1j6;P4P SDBM QwD(^#g{Ks:4mS=
ignore-suffix Pm,rZdC}LP Access Manager +U=5Xk x’32’ -
LDAP_INSUFFICIENT_ACCESS#
PmPDd|s:I z/OS ODd|&CLr9C,"R Access Manager ITvTb
)s:#
"b,Tivoli Access Manager TZAYw,'V LDAP JO*FM:Xyb#g{d
CK1>~qw,rITZ ldap.conf D~Pr Tivoli Access Manager a)1>wz
{,CD~k Tivoli Access Manager ;p20Z etc S?<#
>zO$C'\m
s`}\mNq#V;d,mSK>zO$#ngC'4("C'T>M+C'mS
= ACL u?riDYw,T0yPC'^D|n(\k}b)kTUNNd| LDAP
"amdCD Tivoli Access Manager ;y$w#C'IT9CyZ Web D
pkmspasswd 5CLr|D{GT:D SAF \k#
>zO$a)KmSD&\:Tivoli Access Manager C'= SAF C'j6D`T;3
d#`vC'IT_P`,D ibm-nativeId,"R+?M,;v\ks(#vZbV-
r,(iz@9`T;3dDC'|D SAF \k(qr,C'I\^bd9kd,H
DK^(xkdJ'b;ivDgU+a_)#
pdadmin sec_master> group modify SAFusers add user1pdadmin sec_master> acl create deny_pkmspdadmin sec_master> acl modify deny_pkms set group SAFusers Tpdadmin sec_master> acl attach /Webseal/server_name/pkmspasswd deny_pkms
OS/390 LDAP >zO$s(;a)4P\k4;D(^#}g,ZtC>zO$Div
B,TB Tivoli Access Manager \m|n;pwC:
pdadmin sec_master> user modify user1 password ChangeMe1
"R,;fZ*C'hC ibm-nativeId u?DVI\m|n#*o=C?D,TB8
>E"-z\mxP`X*D nativeId D Tivoli Access Manager C'#
user create |n;P|D:
pdadmin sec_master> user create user1 cn=user1,o=tivoli,c=us user1 user1 ChangeMe1pdadmin sec_master> user modify user1 account-valid yes
20 IBM z/OS Security Server M IBM OS/390 Security Server
Z 4 B 20"am~qw 79
\k(ZK>}P* ChangeMe1)hC* LDAP PC'D userpassword u?,Z
>zO$tC1|G^'D#ZzzP,<G9K\k$RQTBb - T@>zO$
;bb{CDiv#
**C'hC ibm-nativeId u?,k4(;v ldif D~,CD~F*#=D~R`
FZTBZ]:
cn=user1,o=tivoli,c=usobjectclass=inetOrgPersonobjectclass=ibm-nativeAuthenticationibm-nativeId=SAF_username
I9C ldapmodify |n0k ldif D~,gBy>:
ldapmodify -h hostname -p port -D bind_DN -w bind_pwd -f schema_file
C SAF |n4;C'\k,gBy>:
subsystem_prefix ALTUSER userid PASSWORD pwd
"b,*9C>zO$,XkXU auth-using-compare#*jIKYw,k`-
ivmgrd.conf M webseald.conf D~D [ldap] Z,"RgBy>|DP:
auth-using-compare = no
Z1!ivB,CHOYwx;Gs(4("T LDAP DO$#
PXhC>zO$D|`E",kND;ZTBX7D IBM z/OS Security Server LDAP
Server Administration and Use D5:
http://www.ibm.com/servers/eserver/zseries/zos/bkserv/
20 IBM z/OS Security Server M IBM OS/390 Security Server
80 IBM Tivoli Access Manager for e-business: Web Security 208O
20 Lotus Domino*+ Domino™ Server dC* Tivoli Access Manager D"am,kq-TBb)=h:
1. k7#Q4i"zcZ 25 3D:\'VD"am;PPvD53hs#
2. * Domino 4( Tivoli Access Manager \mC'#`X8>E",kND:*
Domino 4( Tivoli Access Manager \mC';#
3. (;zD Domino 20iJ"R+ Lotus Notes® M'z20Z Domino Server O#
`X8>E",kNDZ 82 3D:Z Domino Server O20 Lotus Notes M'z;#
4. k7# Windows 53OQhCTB73d?:
NOTESNTSERVICE=1
K73d?7# Lotus Domino Server(1w* Windows ~qKP1)Zt/C~
qDC'"z53Ts#VKP#
":9C Domino "amD Tivoli Access Manager vZ Windows =(O\'V#b
Gr* Lotus Notes Client vZ\'VD Windows =(OIC#
+ Domino dC*M Tivoli Access Manager ;p9CTs,B;=G20 policy
server#`X8>E",kNDZ 97 3DZ 5 B, :20 policy server;#
* Domino 4( Tivoli Access Manager \mC'
*9 Tivoli Access Manager 53k Domino Server (E,rXk* Domino 4("
"a Tivoli Access Manager \mC'#*jIbnYw,kq-TBb)=h:
1. k7#Z*<"a0Q_PTB(^:
v TO$_j60d\kDCJ(
v S}Z9CDzwT Domino ?<DCJ(
v Z"a~qwOD Domino ?<P_P`-_CJ(rg] UserCreator G+
2. S Domino Administrator GUI %w K1 & i !n(#
3. S0~qw10q!q*9CD~qw#
4. !q Domino ?<,;s!qK1#
20 Lotus Domino
Z 4 B 20"am~qw 81
5. S0$_10q,gBy>%wK1 → "a:
6. !q Domino Server DO$j6(1!;CG c:\Program
Files\Lotus\Domino\Data)#
":Notes 9C\mW!nP8(DO$_j6;r_g{;fZCj6,r Notes
9C NOTES.INI D CertifierIDFile hCP8(Dj6#
7. gC=a>,kdk~qwdC}LPhCDO$_j6\k"%w7(#*|
DO$_j6,k%w!{#
8. !q_64!r"jI0y!10qPDVN#}g,dk`FTBZ]D Tivoli
Access Manager \mC'E":
v {:AM
v U:Daemons
v \k:pwd
9. %wmSK1#\mC'{FvVZ0"a4,1S<(C'"aSP)P#
10. %wj6E"T7# Notes j6D~f"Z Domino ?<P#
11. ;vT>"aSPPDC'{,"%w"aT+C'mS= Domino Server#
+T>;u{",8>K1Q"aI&#%w7(}%{"T0r,;s%wj
I#
12. Z Domino Administrator O,S0S<1K%!q0"B1Ti$Z Domino Server
O4(K Tivoli Access Manager C'#
Z Domino Server O20 Lotus Notes M'z
*Z Domino Server O20MdC Lotus Notes M'z,kq-TBb)#f=h:
":Tivoli Access Manager 'V Lotus Notes Client V5.0.10 M V6.0 r|_f>#
1. g{m;vM'z53OQP Lotus Notes j6D~Z9CP,r+K~xFD~4
F=z>X53OD drive:\notes\data ?<#
":g{z;7(109CDj6D~D{F,rS Lotus Notes Client gf%wD
~ →$_ → C'j6T(;j6D~{F#
20 Lotus Domino
82 IBM Tivoli Access Manager for e-business: Web Security 208O
2. SCZ Windows D Lotus Notes r Domino CD KP Notes Client 20D~,"
q-*z8>E"#
":y]z}Z9CD20iJ,I\aa>z20d|Lr&\?~#TZ Tivoli
Access Manager 20,Notes Client G(;XhD&\?~#
3. S0Lotus Notes 2010Z!qdM"q-8>E"#120jI1,%wjI#
4. t/ Lotus Notes LrT4PdC#}g,%w*< → Lr → Lotus &CLr →
Lotus Notes#
5. SLotus Notes Client dC0Z%wB;="jITBE":
v !qRk*,S= Domino Server "%wB;=#
v !qhC=Vrx(LAN)D,S"%wB;=#
v dkzD Domino Server D+^({"%wB;=#bITG;vJ~~qwr
1(~qw,2ITG*@zG-D3vd|~qw#}g,Z Domino Server{FVNPdkTBZ]:
domino1/Tivoli
v k4PBPYw.;:
– g{zQa) Lotus Notes j6D~,r!qRD Notes C'j6Q(}D
~a)xR"R%w/@T(;j6D~,r_ZD~{VNPdkj6D
~D+^({#}g,dk c:\notes\data\username.id#
– !q+RD{FCwj6"ZC'{VNPdk Tivoli Access Manager \m
C'j6(}g,AMDaemons)#
%wB;=TLx#
6. g{a>zdkd|dCE",rzITS\1!5#%wjILx Notes Client d
C=h#
7. g{JC,r!q;,S=rXxzm~qw%!4%#
1 Notes Client \;CJ6L Domino Server 1,+vV\ka>0Z#
8. dk Tivoli Access Manager \mC'D\k#g{\k}7,r Notes Client L
xjI#BDdC#
1dCjI1,\mC'D Notes j6D~20ZK>X53OD \notes\data ?
<P#
20 Lotus Domino
Z 4 B 20"am~qw 83
20 Microsoft Active Directory** Tivoli Access Manager 20 Active Directory,zXk4UTB3r4PBPNq:
1. 4(;v Active Directory r#
2. ,S;v Active Directory r
3. 4(;v Active Directory \mC'
Z+ Active Directory rhC*k Tivoli Access Manager ;p9CTs,B;=GZ
Windows 2000 r Windows 2003 53O20 policy server#`X8>E",kNDZ
97 3DZ 5 B, :20 policy server;#
Active Directory "bBn
Z* Tivoli Access Manager dC Active Directory .04iTBE"G\X*D:
v IZ Active Directory %rr`r73PdC Tivoli Access Manager#PX%rr`
r73DE",kND;ZTB Web X7D Active Directory z7D5:
– TZ Windows 2000 server:
http://www.microsoft.com/windows2000/en/server/help/
– TZ Windows 2003 server:
http://www.microsoft.com/windowsserver2003/proddoc/
v Z%r73P,GrXFw53h*,SdC Tivoli Access Manager DGvr#Z
`r73P,GrXFw53h*,S Active Directory r#
v v'V2+T+Vi#
v *+ Active Directory C'w* Tivoli Access Manager C'<k,k+ Active
Directory C'DG<{Cw Tivoli Access Manager C'DC'j6#
v g{zZ Active Directory D3vM'zO20"dCK Tivoli Access Manager(}
g,Tivoli Access Manager M Active Directory ;Z;,D53O),rM'z53
Xk,SCr,"RzXkT\m1m]G<CrTZM'z53O4P Tivoli
Access Manager dC#
v M'z53Oxg TCP/IP hCPD DNS XkMrXFwDxg TCP/IP hC`,#
IT+yrXFwCw DNS ~qwr_9C@"D DNS#
v g{zZ%rPdCK Tivoli Access Manager "RCrGGyr,rXkZyrX
FwOV$KP adschema_update.exe#
4( Active Directory r
9C Active Directory dCr<+zD Windows server 53a}*rXFw#4(r
XFwDYw94(K Active Directory r#
Z*<.0,zXkv(k**BDr4(rXFw9G*VPDr4(=SrXF
w#g{zF.*BDr4(rXFw,r9Xk7(bvBDrGqGTBiv.
;:
v BD?<VPDWvr
v VP?<VPBDrwPDWvr
v VPrwPDSr
20 Microsoft Active Directory
84 IBM Tivoli Access Manager for e-business: Web Security 208O
":g{ DNS D0*"iRxr1P;fZBDr{,rZdCBDrXFw.0X
k+BDr{4(*BDxr#PXrXFw"rwM?<VD|`E",ki
D Windows ~qwD5#
*4(rr+=SrXFwmS=VPDrP,kq-TBb)=h:
v :,S Active Directory r;
v Z 88 3D:4( Active Directory \mC';
,S Active Directory r
4( Active Directory rTs,kq-TBb)=h+ Windows Advanced Server ,
S= Active Directory r#
":7#T\m1m]G<=>X53"R_PP'DC'{M\k#,17#Z+
53mS=rP.0,M'zM~qw53;Z,;v DNS P#
1. R|%wRDgT,;sS/vDT0rP%wtT#+T>053tT1JG
>#
2. %wxgj6!n(#
20 Microsoft Active Directory
Z 4 B 20"am~qw 85
3. %wtT#ZytI1Bf!qr"dkzk*,SDrD{F#%w7(Lx#
4. SrC'{M\k0ZdkP'DC'{M\k,;s%w7(+53,S=r#
20 Microsoft Active Directory
86 IBM Tivoli Access Manager for e-business: Web Security 208O
5. g{,SYwI&,rT>y>D06-10Z#%w7(TLx#
6. +T>;vT0r,8>h*XB}<53#%w7(Lx#
20 Microsoft Active Directory
Z 4 B 20"am~qw 87
7. +T>053tT1JG>,8>,SYwQjI#%w7(XBt/53#
":Z53XBt/Ts,k7#z}ZG<=UE,SD AD r#(#,>Xr
G0Windows G<10ZPD1!r#
4( Active Directory \mC'
*4(CZ Tivoli Access Manager u</D Active Directory \mC',kq-TB
b)=h:
1. Z Active Directory ~qw53O,!q*< → Lr → \m$_ → Active DirectoryC'kFcz#
2. 4(BC'"+KBC'mS= Administrators i"Domain Admins i"Enterprise
Admins iM Schema Admins iP#KC';G Active Directory C',xG Tivoli
Access Manager C'#zIT!qNb{Fw*C'G<{,+G#tCZ Tivoli
Access Manager \m1D sec_master }b#
Active Directory 4F
1rXFwTd Active Directory D>X1>4k|D1,(1w+t/T7(N1&
C+|D(*rXFwD4Foi#Z1!ivB,K1ddtG 300 k(5 VS)#
20 Microsoft Active Directory
88 IBM Tivoli Access Manager for e-business: Web Security 208O
1K1ddt}%1,rXFw+T>cZ|_Ph*+%D|DD?v4Foit
/(*#m;vIdCN}7((*.d]#Dk}#KN}I@94Foi,1&
p#Z1!ivB,K1ddtG 30 k#Ov=v1ddt<I(}`-"am4^
D#
*^DT Active Directory wD|DMWN4Foi(*.dDSY,k9C"am`
-w^DTB"am|P Replicator notify pause after modify (secs) DWORD 5D
5}]:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters
/f: Z9C"am`-w^D}]1,k!D#msD9CalIOXJb,b)
JbI\*szXB20zDYw53#
Replicator notify pause after modify (secs) DWORD 5D1!5}]G 0x12c,
|G.yxFq=,d.xF}* 300(5 VS)#
*^DrXFw.dD(*SY,k9C"am`-w^DTB"am|P Replicatornotify pause between DSAs (secs) DWORD 5D5}]:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters
Replicator notify pause between DSAs (secs) DWORD 5D1!5}]G 0x1e,
|G.yxFq=,d.xF}G 30(30 k)#
":Z`-"am.0Xk#9 policy server,`-sXBt/53#
Z Active Directory `rdC}LP,"z1!5* 5 VSD}]+%SY#1"v
user list r group list |n1,UEZGyrP4(DC'riI\;I{#`FX,
ZwyrXFwPB4(DC'riI\Z(zyrP;a"4I{#(}w{
Windows 53"amPD Replicator notify pause after modify M Replicator notifypause between DSAs D5,zIT|DP*TnJOz73Dh*#
20 Microsoft Active Directory
Z 4 B 20"am~qw 89
20 Novell eDirectoryZ*<.0,k7#QjI Novell eDirectory M ConsoleOne $_Dy>~qw20M
dC,g;ZTB Web X7D Novell z7D5PhvDGy:
TZ Novell eDirectory V8.6.2,kND:
http://www.novell.com/documentation/lg/ndsedir86/index.html
TZ Novell eDirectory V8.7,kND:
http://www.novell.com/documentation/lg/edir87/index.html
Kb,k7#Q4i"zcZ 25 3D:\'VD"am;PPvD53hs#
** Tivoli Access Manager dC Novell eDirectory,kq-TBb)=h:
1. G<= Novell Client $w>"t/ ConsoleOne#
2. )9 NDS w,;s)9zZ20}LP4(Dw#ZwBfP=vSu?:;v
i/TsM;v2+]wTs#
3. !qi/<j#0ZDR0qT>zi/DTs#
4. *|B#=T9 Tivoli Access Manager IT20|,kR|%w LDAP iTs
"!qtT#+T>0tT1JG>#
5. S0LDAP itT10Z!q0`3d1!n(#
6. S0LDAP i`3dm10Z>}TBu?,;s!q&C:
inetOrgPersongroupOFNames
7. S0LDAP itT1A;!q0tT3d1!n(#+T>0LDAP itT3d
m10Z#
8. v/m"!q NDS tT Member tT#i$`&D LDAP tT52G Member#
g{ LDAP tT5;G Member,r%w^D#
9. S0tT3d10ZdkTBZ],;s!q7(#
v NDS Attribute = Member
v Primary LDAP Attribute = Member
v Secondary LDAP attribute = uniqueMember
10. S0LDAP itT10Z%w&C0XU#
Z+ Novell eDirectory hC*M Tivoli Access Manager ;p9CTs,B;=G20
policy server#`X8>E",kNDZ 97 3DZ 5 B, :20 policy server;#
9C Novell eDirectory 1
Novell eDirectory +Ts`C'Mi(e*dy!#=D;?V#ZVp(eC'ri
1,eDirectory \m14(Kb)Ts`D5}#eDirectory +b=vTs`(e*6Z
c#eDirectory +tT X-NDS_NOT_CONTAINER ’1’ mS=b)Ts`(ePD?;v,
KtT8(b)Ts`;G]wTs#;G]wTsb6ETs;\(eZb)Ts
`D5}.B#
Tivoli Access Manager h*\;+dTmDTs7SZ$HfZD eDirectory C'M
i.B,T<k|G"9|G\* Tivoli Access Manager yC#1 Tivoli Access
20 Novell eDirectory
90 IBM Tivoli Access Manager for e-business: Web Security 208O
Manager +dTmDTs`(emS= eDirectory #=1,|2XB(eK eDirectory
C'MiTs`TJmb)`D5}I*]wTs#Novell eDirectory JmTd#=(
ewb;|D#
TB Novell eDirectory \m1Yw+7z Tivoli Access Manager TC'Ts`D^D#
iTs`4\0l#
v 9C rebuild schema !nKP eDirectory }]b^4$_ ndsrepair#
v S iManager XF(KP0y>^41"9C rebuild operational schema !nK
P>X}]b^4#
v T Novell eDirectory &C9!|B#
v + Novell eDirectory }6=|BDf>#
g{+ Tivoli Access Manager dC= eDirectory ~qwPTsh*4Pb)YwPD
NNYw,k"4KPTB Tivoli Access Manager 5CLrT7#C'Ts`D(e
QV4#
ivrgy_tool -h edir_server_name -p port -D edir_admin_dn -w edir_admin_pwd schema
ivrgy_tool.exe ;Z sbin S?<P#}g:
v Z Windows 53O*:d:\Program Files\Tivoli\Policy Director\sbin
v Z UNIX 53O*:/opt/PolicyDirector/sbin
zXkS sbin ?<KPK5CLr,r* Tivoli Access Manager ;P+ sbin ?<
mS=53 PATH#PXK5CLrD|`E",kNDZ 395 3D:ivrgy_tool;#
20 Novell eDirectory
Z 4 B 20"am~qw 91
20 Sun ONE Directory ServerZ*<.0,k7#QjIy>~qw20MdC,g Sun ONE Directory Server z
7D5PhvDGy#PX|`E",kND;ZTB Web X7D Sun D5:
http://docs.sun.com/db/prod/s1dirsrv
** Tivoli Access Manager dC Sun ONE Directory Server,kq-TBb)=h#
":*+G ASCII V{f"=tTP,zXkZ?<~qwDdC}LP{C 7 ;l
ie~#Ke~D1!5hC* on#
1. kli?<~qwX$xL slapd-serverID }ZKP(9C ps |nrzDYw5
3D3vH'|n)#
2 . k7#?<~qwX$xL(s lapd- s e r v e r I D)M\m~qwX$xL
(admin-serv)}ZKP#g{|G;PKP,rdkTB|nt/|G:
v Z UNIX 53O:
% ServerRoot/slapd-serverID/start-slapd
% ServerRoot/start-admin
v Z Window 53O,9C~q4t/ Sun ONE Administration Server 5.2 M Sun
ONE Directory Server 5.2 ~q#
3. *t/XF(,kdkTB|n.;:
v Z UNIX 53O:
% ServerRoot/startconsole
v Z Windows 53O:!q*< → Lr → Sun ONE Server z7 → Sun ONEServer Console 5.2#
+T>0Sun ONE Serve r Conso l e G<1T0r,}GzDdC?<
(o=NetscapeRoot ?<)f"Z Sun ONE Directory Server D;v%@D5}P#
ZbVivB,+T>;v0Z*sdkzD\m1C' DN"\kT0C?<~
qwD\m~qw Web X7#
4. 9C LDAP \m1DC'j6M\kG<#}g,dk cn=Directory Manager 0
`&D\k,;s%w7(#
+T> Sun ONE Server Console#
20 Sun ONE Directory Server
92 IBM Tivoli Access Manager for e-business: Web Security 208O
5. /@sV0qPDwTiRw\zD Directory Server D53,%wC53TT>
d#ftT#
6. +wwPzD Directory Server D{Fr%wr*4%#+T>\mK Directory
Server 5}D Directory Server Console#
7. S0dC1!n(R|%wsV0qPD0}]1,;s!qB(s:#z2I
T(}SK%8!q}],;s!qTs → B(s:44(Bs:#
20 Sun ONE Directory Server
Z 4 B 20"am~qw 93
8 . * 4 ( C Z # t T i v o l i A c c e s s M a n a g e r } ] D s : , k d k
secAuthority=Default,;s%w7(#
s:4(DxH+T>Z4,0ZP#
9. )90}]1ZcT7#s:Q4(#g{!qK4(s:4#tC'Mi}
] , k Y N q - K } L T 4 ( m ; v s : # } g , z I T 4 ( ; v { *
o=tivoli,c=us Ds:#
10. k4PBPYw.;:
v g{4mS} secAuthority=Default TbDNNs:,rdCQjI#1 policy
server QdC1,+T/mS secAuthority=Default D?<u?#
v g{mSK} secAuthority=Default TbDs:,rLx4P=h 11 *?v
Bs:4(?<u?#
11. !q?<!n(";vT>s_0qO=D~qwD{F#
12. !qTs → BDyTs#+T>;Pu?P4fZDBs:,gBy>:
13. TZ?vBs:(secAuthority=Default }b),!qCBs:#+T>BTs0
q#rBv/TiRkz}Z4(Ds:`T&Du?`M#}g,zIT*{
20 Sun ONE Directory Server
94 IBM Tivoli Access Manager for e-business: Web Security 208O
* o=tivoli,c=us Ds:!qi/#;vT>u?`M"%w7(,gBy>:
14. S`t`-w0Zdku?D5#TZ o=tivoli,c=us >},dk tivoli w*i
/D5,;s%w7(#
15. Zz*?vmSDs:4(Ku?Ts,k!qXF( → KvTXUXF(#
Z+ Sun ONE Directory Server hC*M Tivoli Access Manager ;p9CTs,B
;=G20 policy server#`X8>E",kNDZ 97 3DZ 5 B, :20 policy
server;#
20 Sun ONE Directory Server
Z 4 B 20"am~qw 95
96 IBM Tivoli Access Manager for e-business: Web Security 208O
Z 5 B 20 policy server
>Ba)PX20MdC Tivoli Access Manager policy server 53DE"#?v2+
rXk;200dC;v policy server#(i+ policy server 20Z;,ZzD"am
~qwD;v%@D53O#
I!:IT208C policy server T@"z53JO(vZ AIX O)#K&\*sn
bDm~M2~,|(_ICT:/`&m(HACMP)m~#`XE"My>8>E
",kNDZ 355 3DZ 25 B, :AIX:208C policy server;#
zIT9CTB20=(.;420K53:
v :9C20r<20;
v Z 98 3D:9C>z5CLr20;
9C20r<20
install_ammgr 20r<(}TJ13r20MdCTBi~r/K Tivoli Access
Manager policy server 53D20:
v Global Security Kit(GSKit)V7
v IBM Tivoli Directory Client V5.2(4h*)
v Access Manager Runtime V5.1
v Access Manager Policy Server V5.1
":Cr<lbi~GqQ20,R;"TYN20|#
*9C install_ammgr r<20MdC policy server 53,kq-TBb)=h:
1. 7#Q20yPX*DYw539!#`XE",kNDZ 33 3D:\'VD=
((|(Xh9!);#
2. k7#Z20 policy server .0"am~qwQt/"}ZKP(Z}#==B)#
3. 7#ZKP20r<.0Q20 IBM JRE 1.3.1(Z AIX O* 1.3.1.5)#`X8>
E",kNDZ 241 3#
4. *9C}"o(1!oT)TbDoTi44,M{",XkZKP20r<.0
20oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
5. vZ Windows 53O,SyPKPPDLrKv#
6. KP install_ammgr Lr,CLr;Z)\'VD AIX"HP-UX"Linux"Solaris
M Windows =(9CD Tivoli Access Manager Base CD ODy?<P#
20r<(}a>zdkZ 277 3D:9C install_ammgr r<;PhvDdCE"
*<KP#Zza)KE"(rS\1!5).s,i~Z;Px;=I$Div
BjI20MdC#
bMjIK policy server 53D20#*20m;v Tivoli Access Manager 53,k
q-Z 24 3D:20}L;PD=h#
© Copyright IBM Corp. 2001, 2003 97
9C>z5CLr20
TBwZ9z\;9Cl$DX(Z=(D5CLr20 Tivoli Access Manager m~#
kT/20r<;,,zXkTJ1D3rV/20?vi~MNNX8m~Dm~
|#*Z20sdCm~|,k9C pdconfig 5CLr#
jIJCZzDYw53D8>E":
v AIX,ZZ 98 3O
v HP-UX,ZZ 99 3O
v Linux,ZZ 100 3O
v Solaris,ZZ 102 3O
v Windows,ZZ 103 3O
AIX:20 policy serverTB}L9C installp 420m~|,"9C pdconfig 5CLr4dC|G#
*Z AIX O20 Tivoli Access Manager policy server 53,kq-TBb)=h:
1. T root C'm]G<#
2. k7#Z20 policy server .0"am~qwQt/"}ZKP(Z}#==B)#
3. ek IBM Tivoli Access Manager Base for AIX CD "20|#
4. 20 GSKit#`X8>E",kNDZ 233 3#
5. 20 IBM Tivoli Directory Client#`X8>E",kNDZ 238 3#
6. 20TBm~|:
installp -acgXd cd_mount_point/usr/sys/inst.images packages
dP cd_mount_point/usr/sys/inst.images G20 CD D?<,packages gB:
PD.RTE 8( Access Manager Runtime m~|#
PD.Mgr 8( Access Manager Policy Server m~|#
":20 policy server 1,XkWH20 Access Manager Runtime#+G,Z policy
server 20jI.0;(;\dCKi~#
7. *9C}"o(1!oT)TbDoTi44,M{",XkZdCm~|.02
0oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
8. dC Access Manager Runtime,;sdC Access Manager Policy Server m~|,
gBy>:
a. t/dC5CLr:
pdconfig
+T> Tivoli Access Manager hCK%#
b. t!qdCm~|,rdkK%E 1#+T> Tivoli Access Manager dCK
%#
c. !qk*dCDm~|DK%E,;N!q;v#
y]!qDm~|,+rza>dC!n#PXb)dC!nDoz,kND
Z 319 3DZ 23 B, :pdconfig !n;#
20 policy server
98 IBM Tivoli Access Manager for e-business: Web Security 208O
1vV{"8>QI&dCm~|1,4 Enter |dCm;vm~|r_!q x!n=NTXUdC5CLr#
bMjIK policy server 53D20#*20m;v Tivoli Access Manager 53,k
q-Z 24 3D:20}L;PD=h#
"b,Tivoli Access Manager policy server DdC4(K;v1! SSL $i(^D~,
{* pdcacert.b64#ZI&XdCK Access Manager Policy Server i~.s,+v
VkTBZ]`FD{":
Access Manager Policy Server dCI&jI#\m1 CA $i9C base64 `k,"#fZD>D~/var/PolicyDirector/keytab/pdcacert.b64 PXk+KD~V"=zD2+rPD?(zw#bGvZI&dCDh*#
*9 Tivoli Access Manager runtime 53r Tivoli Access Manager ~qwO$,r?
v Runtime 53+*sKD~D;v1>#*qCKD~,k4PTBYw.;:
v Z Access Manager Runtime m~|DdC}LP(9C pdconfig 5CLr),!
qT/BX pdcacert.b64 D~#
v ZdC Access Manager Runtime i~.0,V/+ pdcacert.b64 D~4F= Tivoli
Access Manager 53#
HP-UX:20 policy serverTB}L9C swinstall 420m~|,"R9C pdconfig 5CLr4dC|G#
*Z HP-UX O20 Tivoli Access Manager policy server 53,kq-TBb)=h:
1. T root C'm]G<#
2. k7#Z20 policy server .0"am~qwQt/"}ZKP(Z}#==B)#
3. ek IBM Tivoli Access Manager Base for HP-UX CD#
4. Zs(Ht/ pfs_mountd,;sYt/ pfsd(g{|GP4KP)#9C
pfs_mount |n20 CD#}g,dkBP|n:
/usr/sbin/pfs_mount /dev/dsk/c0t0d0 /cd-rom
dP /dev/dsk/c0t0d0 G CD h8x /cd-rom G20c#
5. 20 GSKit#`X8>E",kNDZ 233 3#
6. 20 IBM Tivoli Directory Client#`X8>E",kNDZ 238 3#
7. S CD ODy?<dkTBZ]T20 LDAP 9!:
am_update_ldap.sh
8. 20TBm~|:
swinstall -s /cd-rom/hp packages
dP /cd-rom/hp G?<,packages gB:
PDRTE 8( Access Manager Runtime m~|#
PDMgr 8( Access Manager Policy Server m~|#
":20 policy server 1,XkWH20 Access Manager Runtime#+G,Z policy
server 20jI.0;(;\dCKi~#
20 policy server
Z 5 B 20 policy server 99
9. *9C}"o(1!oT)TbDoTi44,M{",XkZdCm~|.0
20oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
10. dC Access Manager Runtime,;sdC Access Manager Policy Server m~|,
gBy>:
a. t/dC5CLr:
pdconfig
+T> Tivoli Access Manager hCK%#
b. t!qdCm~|,rdkK%E 1#+T> Tivoli Access Manager dC
K%#
c. !qk*dCDm~|DK%E,;N!q;v#
y]!qDm~|,+rza>dC!n#PXb)dC!nDoz,kND
Z 319 3DZ 23 B, :pdconfig !n;#
1vV{"8>QI&dCm~|1,4 Enter |dCm;vm~|r_!q
x !n=NTXUdC5CLr#
11. gBy>6B CD:
pfs_umount -c /cd-rom
dP /cd-rom G20c#
bMjIK policy server 53D20#*20m;v Tivoli Access Manager 53,k
q-Z 24 3D:20}L;PD=h#
"b,Tivoli Access Manager policy server DdC4(K;v1! SSL $i(^D~,
{* pdcacert.b64#ZI&XdCK Access Manager Policy Server i~.s,+v
VkTBZ]`FD{":
Access Manager Policy Server dCI&jI#\m1 CA $i9C base64 `k,"#fZD>D~/var/PolicyDirector/keytab/pdcacert.b64 PXk+KD~V"=zD2+rPD?(zw#bGvZI&dCDh*#
*9 Tivoli Access Manager runtime 53r Tivoli Access Manager ~qwO$,r?
v Runtime 53+*sKD~D;v1>#*qCKD~,k4PTBYw.;:
v Z Access Manager Runtime m~|DdC}LP(9C pdconfig 5CLr),!
qT/BX pdcacert.b64 D~#
v ZdC Access Manager Runtime i~.0,V/+ pdcacert.b64 D~4F= Tivoli
Access Manager 53#
Linux:20 policy serverTB}L9C rpm 420m~|,"R9C pdconfig 5CLr4dC|G#
*Z Linux O20 Tivoli Access Manager policy server 53,kq-TBb)=h#
":Linux on zSeries C':zXkWHS IBM Tivoli Access Manager for Linux on
zSeries CD qCT Linux rpm D~DCJ#
1. T root C'm]G<#
2. k7#Z20 policy server .0"am~qwQt/"}ZKP(Z}#==B)#
20 policy server
100 IBM Tivoli Access Manager for e-business: Web Security 208O
3. ek IBM Tivoli Access Manager Base CD for xSeries or zSeries "20|#
4. P;A /mnt/cdrom/series ?<,dP /mnt/cdrom G CD D20cx series 8
( xSeries r zSeries#
5. 20 GSKit#`X8>E",kNDZ 234 3#
6. 20 IBM Tivoli Directory Client#`X8>E",kNDZ 239 3#
7. 20TBm~|:
rpm -ihv packages
dP packages gB:
Access Manager Runtime Access Manager Policy Server
Linux on xSeries PDRTE-PD-5.1.0-0.i386.rpm PDMgr-PD-5.1.0-0.i386.rpm
Linux on zSeries PDRTE-PD-5.1.0-0.s390.rpm PDMgr-PD-5.1.0-0.s390.rpm
":20 policy server 1,XkWH20 Access Manager Runtime#+G,Z policy
server 20jI.0;(;\dCKi~#
8. *9C}"o(1!oT)TbDoTi44,M{",XkZdCm~|.02
0oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
9. dC Access Manager Runtime,;sdC Access Manager Policy Server m~|,
gBy>:
a. t/dC5CLr:
pdconfig
+T> Tivoli Access Manager hCK%#
b. t!qdCm~|,rdkK%E 1#+T> Tivoli Access Manager dCK
%#
c. !qk*dCDm~|DK%E,;N!q;v#
y]!qDm~|,+rza>dC!n#PXb)dC!nDoz,kND
Z 319 3DZ 23 B, :pdconfig !n;#
1vV{"8>QI&dCm~|1,4 Enter |dCm;vm~|r_!q x!n=NTXUdC5CLr#
bMjIK policy server 53D20#*20m;v Tivoli Access Manager 53,k
q-Z 24 3D:20}L;PD=h#
"b,Tivoli Access Manager policy server DdC4(K;v1! SSL $i(^D~,
{* pdcacert.b64#ZI&XdCK Access Manager Policy Server i~.s,+v
VkTBZ]`FD{":
Access Manager Policy Server dCI&jI#\m1 CA $i9C base64 `k,"#fZD>D~/var/PolicyDirector/keytab/pdcacert.b64 PXk+KD~V"=zD2+rPD?(zw#bGvZI&dCDh*#
*9 Tivoli Access Manager runtime 53r Tivoli Access Manager ~qwO$,r?
v Runtime 53+*sKD~D;v1>#*qCKD~,k4PTBYw.;:
20 policy server
Z 5 B 20 policy server 101
v Z Access Manager Runtime m~|DdC}LP(9C pdconfig 5CLr),!
qT/BX pdcacert.b64 D~#
v ZdC Access Manager Runtime i~.0,V/+ pdcacert.b64 D~4F= Tivoli
Access Manager 53#
Solaris:20 policy serverTB}L9C pkgadd 420m~|,"R9C pdconfig 5CLr4dC|G#
*Z Solaris O20 Tivoli Access Manager policy server 53,kq-TBb)=h:
1. T root C'm]G<#
2. k7#Z20 policy server .0"am~qwQt/"}ZKP(Z}#==B)#
3. ek IBM Tivoli Access Manager Base for Solaris CD#
4. 20 GSKit#`X8>E",kNDZ 235 3#
5. 20 IBM Tivoli Directory Client#`X8>E",kNDZ 239 3#
6. 20TBm~|(;N;v):
pkgadd -d /cdrom/cdrom0/solaris -a /cdrom/cdrom0/solaris/pddefault packages
dP:
-d /cdrom/cdrom0/solaris
8(m~|D;C#
-a /cdrom/cdrom0/solaris/pddefault
8(20\mE>D;C#
packages gB:
PDRTE 8( Access Manager Runtime m~|#
PDMgr 8( Access Manager Policy Server m~|#
":20 policy server 1,XkWH20 Access Manager Runtime#+G,Z policy
server 20jI.0;(;\dCKi~#
1?vm~|D20}L<QjI1,+T>TB{":
m~|20I&#
7. *9C}"o(1!oT)TbDoTi44,M{",XkZdCm~|.02
0oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
8. dC Access Manager Runtime,;sdC Access Manager Policy Server m~|,
gBy>:
a. t/dC5CLr:
pdconfig
+T> Tivoli Access Manager hCK%#
b. t!qdCm~|,rdkK%E 1#+T> Tivoli Access Manager dCK
%#
c. !qk*dCDm~|DK%E,;N!q;v#
y]!qDm~|,+rza>dC!n#PXb)dC!nDoz,kND
Z 319 3DZ 23 B, :pdconfig !n;#
20 policy server
102 IBM Tivoli Access Manager for e-business: Web Security 208O
1vV{"8>QI&dCm~|1,4 Enter |dCm;vm~|r_!q x!n=NTXUdC5CLr#
bMjIK policy server 53D20#*20m;v Tivoli Access Manager 53,k
q-Z 24 3D:20}L;PD=h#
"b,Tivoli Access Manager policy server DdC4(K;v1! SSL $i(^D~,
{* pdcacert.b64#ZI&XdCK Access Manager Policy Server i~.s,+v
VkTBZ]`FD{":
Access Manager Policy Server dCI&jI#\m1 CA $i9C base64 `k,"#fZD>D~/var/PolicyDirector/keytab/pdcacert.b64 PXk+KD~V"=zD2+rPD?(zw#bGvZI&dCDh*#
*9 Tivoli Access Manager runtime 53r Tivoli Access Manager ~qwO$,r?
v Runtime 53+*sKD~D;v1>#*qCKD~,k4PTBYw.;:
v Z Access Manager Runtime m~|DdC}LP(9C pdconfig 5CLr),!
qT/BX pdcacert.b64 D~#
v ZdC Access Manager Runtime i~.0,V/+ pdcacert.b64 D~4F= Tivoli
Access Manager 53#
Windows:20 policy serverTB}L9C setup.exe Lr420m~|,"R9C pdconfig 5CLr4dC|
G#
*Z Windows O20 Tivoli Access Manager policy server 53,kq-TBb)=
h:
1. T_P\m1X(DC'm]G<#
2. k7#Z20 policy server .0"am~qwQt/"}ZKP(Z}#==B)#
3. ek IBM Tivoli Access Manager Base for Windows NT, Windows XP, Windows 2000
and Windows 2003 CD#
4. 20 GSKit#`X8>E",kNDZ 235 3#
5. 20 IBM Tivoli Directory Client#`X8>E",kNDZ 240 3#
6. 20 Access Manager Runtime M Access Manager Policy Server m~|#*jI
bnYw,kKP;ZTB?<D setup.exe Lr:
windows\PolicyDirector\Disk Images\Disk1
q-*z8>E"TjI20#
":20 policy server 1,XkWH20 Access Manager Runtime#+G,Z policy
server 20jI.0;(;\dCKi~#
7. *9C}"o(1!oT)TbDoTi44,M{",XkZdCm~|.02
0oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
8. dC Access Manager Runtime,;sdC Access Manager Policy Server m~|,
gBy>:
a. t/dC5CLr:
pdconfig
20 policy server
Z 5 B 20 policy server 103
+T> Access Manager dC0Z#
b. !q Access Manager Runtime m~|"%wdC#
c. !q Access Manager Policy Server m~|"%wdC#
y]!qDm~|,+rza>dC!n#PXb)dC!nDoz,kNDZ
319 3DZ 23 B, :pdconfig !n;#
bMjIK policy server 53D20#*20m;v Tivoli Access Manager 53,k
q-Z 24 3D:20}L;PD=h#
"b,Tivoli Access Manager policy server DdC4(K;v1! SSL $i(^D~,
{* pdcacert.b64#ZI&XdCK Access Manager Policy Server i~.s,+v
VkTBZ]`FD{":
Access Manager Policy Server dCI&jI#\m1 CA $i9C base64 `k,"#fZD>D~C:\PROGRA~1\Tivoli\POLICY~1\keytab\pdcacert.b64 PXk+KD~V"=zD2+rPD?(zw#bGvZI&dCDh*#
*9 Tivoli Access Manager runtime 53r Tivoli Access Manager ~qwO$,r?
v Runtime 53+*sKD~D;v1>#*qCKD~,k4PTBYw.;:
v Z Access Manager Runtime m~|DdC}LP(9C pdconfig 5CLr),!
qT/BX pdcacert.b64 D~#
v ZdC Access Manager Runtime i~.0,V/+ pdcacert.b64 D~4F= Tivoli
Access Manager 53#
20 policy server
104 IBM Tivoli Access Manager for e-business: Web Security 208O
Z 6 B 20 authorization server
>Ba)PX20MdC Tivoli Access Manager authorization server 53DE"#
zIT9CTB20=(.;420K53:
v :9C20r<20;
v Z 106 3D:9C>z5CLr20;
9C20r<20
install_amacld 20r<(}TJ13r20MdCTBi~r/K Tivoli Access
Manager authorization server 53D20:
v Global Security Kit(GSKit)V7
v IBM Tivoli Directory Client V5.2(4h*)
v Access Manager Runtime V5.1
v Access Manager Authorization Server V5.1
":Cr<lbi~GqQ20,R;"TYN20|#
*9C install_amacld r<20MdC authorization server 53,kq-TBb)=
h:
1. 7#Q20yPX*DYw539!#`XE",kNDZ 33 3D:\'VD=
((|(Xh9!);#
2. 7#"am~qwM policy server Qt/"ZKP(Z}#==B)#
3. 7#ZKP20r<.0Q20 IBM JRE 1.3.1(Z AIX O* 1.3.1.5)#`X8>
E",kNDZ 241 3#
4. *9C}"o(1!oT)TbDoTi44,M{",XkZKP20r<.0
20oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
5. vZ Windows 53O:
v SyPKPPDLrKv#
v g{}Z9C Active Directory,rXkZKPK20r<.020 IBM Tivoli
Directory Client#*jIbnYw,kKP;Z cd_drive:\windows\directory\ D
setup.exe Lr#!q20 Client SDK 5.2 &\?~"jI*z8>E"#
6. KP install_amacld Lr,CLr;ZT&Z\'VD
AIX"HP-UX"Linux" Solaris M Windows =(D Tivoli Access Manager Base CD
ODy?<P#
20r<(}a>zdkZ 294 3D:install_amacld;PhvDdCE"*<K
P#Zza)KE"(rS\1!5).s,i~Z;Px;=I$DivBjI
20MdC#
bMjIK authorization server 53D20#*20m;v Tivoli Access Manager 5
3,kq-Z 24 3D:20}L;PD=h#
© Copyright IBM Corp. 2001, 2003 105
9C>z5CLr20
TBwZ9z\;9Cl$DX(Z=(D5CLr20 Tivoli Access Manager m~#
kT/20r<;,,zXkTJ1D3rV/20?vi~MNNX8m~#*Z
20sdCm~|,k9C pdconfig 5CLr#
jIJCZzDYw53D8>E":
v AIX,ZZ 106 3O
v HP-UX,ZZ 107 3O
v Linux,ZZ 108 3O
v Solaris,ZZ 109 3O
v Windows,ZZ 110 3O
AIX:20 authorization serverTB}L9C installp 420m~|,"9C pdconfig 5CLr4dC|G#
*20 Tivoli Access Manager authorization server 53,kq-TBb)=h:
1. T root C'm]G<#
2. 7#"am~qwM policy server Qt/"ZKP(Z}#==B)#
3. ek IBM Tivoli Access Manager Base for AIX CD "20|#
4. 20 GSKit#`X8>E",kNDZ 233 3#
5. 20 IBM Tivoli Directory Client#`X8>E",kNDZ 238 3#
6. 20TBm~|:
installp -acgXd cd_mount_point/usr/sys/inst.images packages
dP cd_mount_point/usr/sys/inst.images G20 CD D?<,packages gB:
PD.RTE 8( Access Manager Runtime m~|#
PD.Acld 8( Access Manager Authorization Server m~|#
7. *9C}"o(1!oT)TbDoTi44,M{",XkZdCm~|.02
0oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
8. gBy>dC Access Manager Runtime,;sdC Access Manager Authorization
Server m~|:
a. t/dC5CLr:
pdconfig
+T> Tivoli Access Manager hCK%#
b. t!qdCm~|,rdkK%E 1#+T> Tivoli Access Manager dCK
%#
c. !qk*dCDm~|DK%E,;N!q;v#
y]!qDm~|,+rza>dC!n#PXb)dC!nDoz,kND
Z 319 3DZ 23 B, :pdconfig !n;#
1vV{"8>QI&dCm~|1,4 Enter |dCm;vm~|r_!q x !n
=NTXUdC5CLr#
20 authorization server
106 IBM Tivoli Access Manager for e-business: Web Security 208O
bMjIK authorization server 53D20#*20m;v Tivoli Access Manager 5
3,kq-Z 24 3D:20}L;PD=h#
HP-UX:20 authorization serverTB}L9C swinstall 420m~|,"R9C pdconfig 5CLr4dC|G#
*20 Tivoli Access Manager authorization server 53,kq-TBb)=h:
1. T root C'm]G<#
2. 7#"am~qwM policy server Qt/"ZKP(Z}#==B)#
3. ek IBM Tivoli Access Manager Base for HP-UX CD#
4. Zs(Ht/ pfs_mountd,;sYt/ pfsd(g{|GP4KP)#9C
pfs_mount |n20 CD#}g,dkBP|n:
/usr/sbin/pfs_mount /dev/dsk/c0t0d0 /cd-rom
dP /dev/dsk/c0t0d0 G CD h8x /cd-rom G20c#
5. 20 GSKit#`X8>E",kNDZ 233 3#
6. 20 IBM Tivoli Directory Client#`X8>E",kNDZ 238 3#
7. S CD ODy?<dkTB|nT20 LDAP 9!:
am_update_ldap.sh
8. 20TBm~|:
swinstall -s /cd-rom/hp packages
dP /cd-rom/hp G?<,packages gB:
PDRTE 8( Access Manager Runtime m~|#
PDAcld 8( Access Manager Authorization Server m~|#
9. *9C}"o(1!oT)TbDoTi44,M{",XkZdCm~|.0
20oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
10. gBy>dC Access Manager Runtime,;sdC Access Manager Authorization
Server m~|:
a. t/dC5CLr:
pdconfig
+T> Tivoli Access Manager hCK%#
b. t!qdCm~|,rdkK%E 1#+T> Tivoli Access Manager dC
K%#
c. !qk*dCDm~|DK%E,;N!q;v#
y]!qDm~|,+rza>dC!n#PXb)dC!nDoz,kND
Z 319 3DZ 23 B, :pdconfig !n;#
1vV{"8>QI&dCm~|1,4 Enter |dCm;vm~|r_!q
x !n=NTXUdC5CLr#
11. gBy>6B CD:
pfs_umount -c /cd-rom
dP /cd-rom G20c#
20 authorization server
Z 6 B 20 authorization server 107
bMjIK authorization server 53D20#*20m;v Tivoli Access Manager 5
3,kq-Z 24 3D:20}L;PD=h#
Linux:20 authorization serverTB}L9C rpm 420m~|,"R9C pdconfig 5CLr4dC|G#
*20 Tivoli Access Manager authorization server 53,kq-TBb)=h#
":Linux on zSeries C':zXkWHS IBM Tivoli Access Manager for Linux on
zSeries CD qCT Linux rpm D~DCJ#
1. T root C'm]G<#
2. 7#"am~qwM policy server Qt/"ZKP(Z}#==B)#
3. ek IBM Tivoli Access Manager Base CD for xSeries or zSeries "20|#
4. P;A /mnt/cdrom/series ?<,dP /mnt/cdrom G CD D20cx series 8
( xSeries r zSeries#
5. 20 GSKit#`X8>E",kND 234#
6. 20 IBM Tivoli Directory Client#`X8>E",kNDZ 239 3#
7. 20TBm~|:
rpm -ihv packages
dP packages gB:
Access Manager Runtime Access Manager AuthorizationServer
Linux on xSeries PDRTE-PD-5.1.0-0.i386.rpm PDAcld-PD-5.1.0-0.i386.rpm
Linux on zSeries PDRTE-PD-5.1.0-0.s390.rpm PDAcld-PD-5.1.0-0.s390.rpm
8. *9C}"o(1!oT)TbDoTi44,M{",XkZdCm~|.02
0oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
9. gBy>dC Access Manager Runtime,;sdC Access Manager Authorization
Server m~|:
a. t/dC5CLr:
pdconfig
+T> Tivoli Access Manager hCK%#
b. t!qdCm~|,rdkK%E 1#+T> Tivoli Access Manager dCK
%#
c. !qk*dCDm~|DK%E,;N!q;v#
y]!qDm~|,+rza>dC!n#PXb)dC!nDoz,kND
Z 319 3DZ 23 B, :pdconfig !n;#
1vV{"8>QI&dCm~|1,4 Enter |dCm;vm~|r_!q x !n
=NTXUdC5CLr#
bMjIK authorization server 53D20#*20m;v Tivoli Access Manager 5
3,kq-Z 24 3D:20}L;PD=h#
20 authorization server
108 IBM Tivoli Access Manager for e-business: Web Security 208O
Solaris:20 authorization serverTB}L9C pkgadd 420m~|,"R9C pdconfig 5CLr4dC|G#
*20 Tivoli Access Manager authorization server 53,kq-TBb)=h:
1. T root C'm]G<#
2. 7#"am~qwM policy server Qt/"ZKP(Z}#==B)#
3. ek IBM Tivoli Access Manager Base for Solaris CD#
4. 20 GSKit#`X8>E",kND 235#
5. 20 IBM Tivoli Directory Client#`X8>E",kNDZ 239 3#
6. 20TBm~|(;N;v):
pkgadd -d /cdrom/cdrom0/solaris -a /cdrom/cdrom0/solaris/pddefault packages
dP:
-d /cdrom/cdrom0/solaris
8(m~|D;C#
-a /cdrom/cdrom0/solaris/pddefault
8(20\mE>D;C#
packages gB:
PDRTE 8( Access Manager Runtime m~|#
PDAcld 8( Access Manager Authorization Server m~|#
1?vm~|D20}L<QjI1,+T>TB{":
m~|20I&#
7. *9C}"o(1!oT)TbDoTi44,M{",XkZdCm~|.02
0oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
8. gBy>dC Access Manager Runtime,;sdC Access Manager Authorization
Server m~|:
a. t/dC5CLr:
pdconfig
+T> Tivoli Access Manager hCK%#
b. t!qdCm~|,rdkK%E 1#+T> Tivoli Access Manager dCK
%#
c. !qk*dCDm~|DK%E,;N!q;v#
y]!qDm~|,+rza>dC!n#PXb)dC!nDoz,kND
Z 319 3DZ 23 B, :pdconfig !n;#
1vV{"8>QI&dCm~|1,4 Enter |dCm;vm~|r_!q x !n
=NTXUdC5CLr#
bMjIK policy server 53D20#*20m;v Tivoli Access Manager 53,k
q-Z 24 3D:20}L;PD=h#
20 authorization server
Z 6 B 20 authorization server 109
Windows:20 authorization serverTB}L9C setup.exe Lr420m~|,"R9C pdconfig 5CLr4dC|
G#
*20 Tivoli Access Manager authorization server 53,kq-TBb)=h:
1. T_P\m1X(DC'm]G<#
2. 7#"am~qwM policy server Qt/"ZKP(Z}#==B)#
3. ek IBM Tivoli Access Manager Base for Windows NT, Windows XP, Windows 2000
and Windows 2003 CD#
4. 20 GSKit#`X8>E",kNDZ 235 3#
5. 20 IBM Tivoli Directory Client#`X8>E",kNDZ 240 3#
6. 20 Access Manager Runtime M Access Manager Authorization Server m~|#
*jIbnYw,kKP;ZTB?<D setup.exe Lr:
windows\PolicyDirector\Disk Images\Disk1
q-*z8>E"TjI20#
7. *9C}"o(1!oT)TbDoTi44,M{",XkZdCm~|.02
0oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
8. gBy>dC Access Manager Runtime,;sdC Access Manager Authorization
Server m~|:
a. t/dC5CLr:
pdconfig
+T> Access Manager dC0Z#
b. !q Access Manager Runtime m~|"%wdC#
c. !q Access Manager Authorization Server m~|"%wdC#
y]!qDm~|,+rza>dC!n#PXb)dC!nDoz,kNDZ
319 3DZ 23 B, :pdconfig !n;#
bMjIK authorization server 53D20#*20m;v Tivoli Access Manager 5
3,kq-Z 24 3D:20}L;PD=h#
20 authorization server
110 IBM Tivoli Access Manager for e-business: Web Security 208O
Z 7 B 20 Development(ADK)53
>Ba)XZ20MdC Tivoli Access Manager Development(ADK)53DE"#
zIT9CTB20=(PD;V420K53:
v :9C20r<20;
v Z 112 3D:9C>z5CLr20;
9C20r<20
install_amadk 20r<(}TJ1D3r20MdCTBi~r/K Tivoli Access
Manager Development(ADK)53D20:
v Global Security Kit(GSKit)V7
v IBM Tivoli Directory Client V5.2(4h*)
v Access Manager Runtime V5.1
v Access Manager Application Development Kit V5.1
":Cr<lbi~GqQ20,R;"TYN20|#
*9C install_amadk r<20MdC Development(ADK)53,kq-TBb)
=h:
1. 7#Q20yPX*DYw539!#`XE",kNDZ 33 3D:\'VD=
((|(Xh9!);#
2. 7#"am~qwM policy server Qt/"ZKP(Z}#==B)#
3. 7#ZKP20r<.0Q20 IBM JRE 1.3.1(Z AIX O* 1.3.1.5)#`X8>
E",kNDZ 241 3#
4. *9C}"o(1!oT)TbDoTi44,M{",XkZKP20r<.0
20oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
5. vZ Windows 53O,SyPKPPDLrKv#
6. KP install_amadk Lr,CLr;Z)\'VD AIX"HP-UX"Linux"Solaris M
Windows =(9CD Tivoli Access Manager Base CD ODy?<P#
20r<(}a>zdkZ 296 3D:install_amadk;PhvDdCE"*<K
P#Zza)KE"(rS\1!5).s,i~Z;Px;=I$DivBjI
20MdC#
bMjIK Development(ADK)53D20#*20m;v Tivoli Access Manager 5
3,kq-Z 24 3D:20}L;PD=h#
© Copyright IBM Corp. 2001, 2003 111
9C>z5CLr20
TBwZ9z\;9Cl$DX(Z=(D5CLr20 Tivoli Access Manager m~#
kT/20r<;,,zXkTJ1D3rV/20?vi~MNNX8m~#*Z
20sdC Access Manager Runtime i~,k9C pdconfig 5CLr#
jIJCZzDYw53D8>E":
v AIX,ZZ 112 3O
v HP-UX,ZZ 113 3O
v Linux,ZZ 114 3O
v Solaris,ZZ 115 3O
v Windows,ZZ 115 3O
AIX:20 Development(ADK)53
TB}L9C installp 420m~|,"9C pdconfig 5CLr4dC|G#
*20 Tivoli Access Manager Development(ADK)53,kq-TBb)=h:
1. T root C'm]G<#
2. 7#"am~qwM policy server Qt/"ZKP(Z}#==B)#
3. ek IBM Tivoli Access Manager Base for AIX CD "20|#
4. 20 GSKit#`X8>E",kNDZ 233 3#
5. 20 IBM Tivoli Directory Client#`X8>E",kNDZ 238#
6. 20TBm~|:
installp -acgXd cd_mount_point/usr/sys/inst.images packages
dP cd_mount_point/usr/sys/inst.images G20 CD D?<,packages gB:
PD.RTE 8( Access Manager Runtime m~|#
PD.AuthADK 8( Access Manager Application Development Kit m~|#
7. *9C}"o(1!oT)TbDoTi44,M{",XkZdCm~|.02
0oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
8. gBy>dC Access Manager Runtime m~|:
a. t/dC5CLr:
pdconfig
+T> Tivoli Access Manager hCK%#
b. t!qdCm~|,rdkK%E 1#+T> Tivoli Access Manager dCK
%#
c. !qk*dCDm~|DK%E#PXdC!nDoz,kNDZ 319 3DZ 23
B, :pdconfig !n;#
1vV{"8>QI&dCm~|1,!q x !n=NTXUdC5CLr#
bMjIK Tivoli Access Manager Development(ADK)53D20#*20m;v
Tivoli Access Manager 53,kq-Z 24 3D:20}L;PD=h#
20 Development(ADK)53
112 IBM Tivoli Access Manager for e-business: Web Security 208O
HP-UX:20 Development(ADK)53
TB}L9C swinstall 420m~|,"R9C pdconfig 5CLr4dC|G#
*20 Tivoli Access Manager Development(ADK)53,kq-TBb)=h:
1. T root C'm]G<#
2. 7#"am~qwM policy server Qt/"ZKP(Z}#==B)#
3. ek IBM Tivoli Access Manager Base for HP-UX CD#
4. Zs(Ht/ pfs_mountd,;sYt/ pfsd(g{|GP4KP)#9C
pfs_mount |n20 CD#}g,dkBP|n:
/usr/sbin/pfs_mount /dev/dsk/c0t0d0 /cd-rom
dP /dev/dsk/c0t0d0 G CD h8x /cd-rom G20c#
5. 20 GSKit#`X8>E",kNDZ 233 3#
6. 20 IBM Tivoli Directory Client#`X8>E",kNDZ 238 3#
7. S CD ODy?<dkTBZ]T20 LDAP 9!:
am_update_ldap.sh
8. 20TBm~|:
swinstall -s /cd-rom/hp packages
dP /cd-rom/hp G?<,packages gB:
PDRTE 8( Access Manager Runtime m~|#
PDAuthADK 8( Access Manager Application Development Kit m~|#
9. *9C}"o(1!oT)TbDoTi44,M{",XkZdCm~|.0
20oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
10. gBdC Access Manager Runtime i~:
a. t/dC5CLr:
pdconfig
+T> Tivoli Access Manager hCK%#
b. t!qdCm~|,rdkK%E 1#+T> Tivoli Access Manager dC
K%#
c. !qk*dCDm~|DK%E#PXdC!nDoz,kNDZ 319 3DZ 23
B, :pdconfig !n;#
1vV{"8>QI&dCm~|1,!q x !n=NTXUdC5CLr#
11. gBy>6B CD:
pfs_umount -c /cd-rom
dP /cd-rom G20c#
bMjIK Tivoli Access Manager Development(ADK)53D20#*20m;v
Tivoli Access Manager 53,kq-Z 24 3D:20}L;PD=h#
20 Development(ADK)53
Z 7 B 20 Development(ADK)53 113
Linux:20 Development(ADK)53
TB}L9C rpm 420m~|,"R9C pdconfig 5CLr4dC|G#
*20 Tivoli Access Manager Development(ADK)53,kq-TBb)=h#
":Linux on zSeries C':zXkWHS IBM Tivoli Access Manager for Linux on
zSeries CD qCT Linux rpm D~DCJ#
1. T root C'm]G<#
2. 7#"am~qwM policy server Qt/"ZKP(Z}#==B)#
3. ek IBM Tivoli Access Manager Base CD for xSeries, zSeries, or pSeries and iSeries
"20|#
4. P;= /mnt/cdrom/series ?<,dP /mnt/cdrom G CD D20cx series 8
( xSeries"zSeries r pSeries#
5. 20 GSKit#`X8>E",kND 234#
6. 20 IBM Tivoli Directory Client#`X8>E",kNDZ 239 3#
7. 20TBm~|:
rpm -ihv packages
dP packages gB:
Access Manager Runtime Access Manager ApplicationDevelopment Kit
Linux on xSeries PDRTE-PD-5.1.0-0.i386.rpm PDAuthADK-PD-5.1.0-0.i386.rpm
Linux on zSeries PDRTE-PD-5.1.0-0.s390.rpm PDAuthADK-PD-5.1.0-0.s390.rpm
Linux on pSeries and
iSeries
PDRTE-PD-5.1.0-0.ppc.rpm PDAuthADK-PD-5.1.0-0.ppc.rpm
8. *9C}"o(1!oT)TbDoTi44,M{",XkZdCm~|.02
0oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
9. gBdC Access Manager Runtime i~:
a. t/dC5CLr:
pdconfig
+T> Tivoli Access Manager hCK%#
b. t!qdCm~|,rdkK%E 1#+T> Tivoli Access Manager dCK
%#
c. !qk*dCDm~|DK%E#PXdC!nDoz,kNDZ 319 3DZ 23
B, :pdconfig !n;#
1vV{"8>QI&dCm~|1,!q x !n=NTXUdC5CLr#
bMjIK Tivoli Access Manager Development(ADK)53D20#*20m;v
Tivoli Access Manager 53,kq-Z 24 3D:20}L;PD=h#
20 Development(ADK)53
114 IBM Tivoli Access Manager for e-business: Web Security 208O
Solaris:20 Development(ADK)53
TB}L9C pkgadd 420m~|,"R9C pdconfig 5CLr4dC|G#
*20 Tivoli Access Manager Development(ADK)53,kq-TBb)=h:
1. T root C'm]G<#
2. 7#"am~qwM policy server Qt/"ZKP(Z}#==B)#
3. ek IBM Tivoli Access Manager Base for Solaris CD#
4. 20 GSKit#`X8>E",kND 235#
5. 20 IBM Tivoli Directory Client#`X8>E",kND 239#
6. 20TBm~|(;N;v):
pkgadd -d /cdrom/cdrom0/solaris -a /cdrom/cdrom0/solaris/pddefault packages
dP:
-d /cdrom/cdrom0/solaris
8(m~|D;C#
-a /cdrom/cdrom0/solaris/pddefault
8(20\mE>D;C#
packages gB:
PDRTE 8( Access Manager Runtime m~|#
PDAuthADK 8( Access Manager Application Development Kit m~|#
1?vm~|D20}L<QjI1,+T>TB{":
m~|20I&#
7. *9C}"o(1!oT)TbDoTi44,M{",XkZdCm~|.02
0oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
8. gBdC Access Manager Runtime i~:
a. t/dC5CLr:
pdconfig
+T> Tivoli Access Manager hCK%#
b. t!qdCm~|,rdkK%E 1#+T> Tivoli Access Manager dCK
%#
c. !qk*dCDm~|DK%E#PXdC!nDoz,kNDZ 319 3DZ 23
B, :pdconfig !n;#
1vV{"8>QI&dCm~|1,4 Enter |dCm;vm~|r_!q x !n
=NTXUdC5CLr#
bMjIK Tivoli Access Manager Development(ADK)53D20#*20m;v
Tivoli Access Manager 53,kq-Z 24 3D:20}L;PD=h#
Windows:20 Development(ADK)53
TB}L9C setup.exe Lr420m~|,"R9C pdconfig 5CLr4dC|
G#
20 Development(ADK)53
Z 7 B 20 Development(ADK)53 115
*20 Tivoli Access Manager Development(ADK)53,kq-TBb)=h:
1. T_P\m1X(DC'm]G<#
2. 7#"am~qwM policy server Qt/"ZKP(Z}#==B)#
3. ek IBM Tivoli Access Manager Base for Windows NT, Windows XP, Windows 2000
and Windows 2003 CD#
4. 20 GSKit#`X8>E",kND 235#
5. 20 IBM Tivoli Directory Client#`X8>E",kND 240#
6. 20 Access Manager Runtime M Access Manager Application Development Kit m
~|#*jIbnYw,kKP;ZTB?<D setup.exe Lr:
windows\PolicyDirector\Disk Images\Disk1
q-*z8>E"TjI20#
7. *9C}"o(1!oT)TbDoTi44,M{",XkZdCm~|.02
0oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
8. gBdC Access Manager Runtime i~:
a. t/dC5CLr:
pdconfig
+T> Access Manager dC0Z#
b. !q Access Manager Runtime m~|"%wdC#
PXdC!nDoz,kNDZ 319 3DZ 23 B, :pdconfig !n;#
1vV{"8>QI&dCm~|1,%wXUTKvdC5CLr#
bMjIK Tivoli Access Manager Development(ADK)53D20#*20m;v
Tivoli Access Manager 53,kq-Z 24 3D:20}L;PD=h#
20 Development(ADK)53
116 IBM Tivoli Access Manager for e-business: Web Security 208O
Z 8 B 20 Java runtime environment 53
>Ba)PX20MdC Tivoli Access Manager Java runtime environment 53DE"#
zIT9CTB20=(.;420K53:
v :9C20r<20;
v :9C>z5CLr20;
9C20r<20
install_amjrte 20r<(}20MdC Access Manager Java Runtime Environment V5.1
i~,r/K Tivoli Access Manager Java runtime environment 53D20#
":Cr<lbi~GqQ20,R;"TYN20|#
*9C install_amjrte r<20MdC Java runtime environment 53,kq-TBb
)=h:
1. 7#Q20yPX*DYw539!#`XE",kNDZ 33 3D:\'VD=
((|(Xh9!);#
2. 7#ZKP20r<.0Q20 IBM JRE 1.3.1(Z AIX O* 1.3.1.5)#`X8>
E",kNDZ 241 3#
3. k7# policy server Qt/"}ZKP#
4. *9C}"o(1!oT)TbDoTi44,M{",XkZKP20r<.0
20oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
5. vZ Windows 53O,SyPKPPDLrKv#
6. KP install_amjrte Lr,CLr;Z)\'VD AIX"HP-UX"Linux"Solaris M
Windows =(9CD Tivoli Access Manager Base CD ODy?<P#
20r<(}a>zdkZ 297 3D:install_amjrte;PhvDdCE"*<K
P#Zza)KE"(rS\1!5).s,Ci~Z;Px;=I$DivBj
I20MdC#
bMjIK Java runtime environment 53D20#*20m;v Tivoli Access Manager
53,kq-Z 24 3D:20}L;PD=h#
9C>z5CLr20
TBwZ9z\;9Cl$DX(Z=(D5CLr20 Tivoli Access Manager m~#
kT/20r<;,,zXkTJ1D3rV/20?vi~MNNX8m~#*Z
20sdCm~|,k9C pdjrtecfg 5CLr#
":g{ Access Manager Runtime i~Q20ZK53O,rIT9C pdconfig r
pdjrtecfg 5CLrdC Access Manager Java Runtime Environment i~#
jIJCZzDYw53D8>E":
v AIX,ZZ 118 3O
© Copyright IBM Corp. 2001, 2003 117
v HP-UX,ZZ 118 3O
v Linux,ZZ 119 3O
v Solaris,ZZ 120 3O
v Windows,ZZ 121 3O
AIX:20 Java runtime environment 53
TB}L9C installp 20 Access Manager Java Runtime Environment m~|"R9
C pdjrtecfg 5CLrdCCm~|#
*Z AIX O20 Tivoli Access Manager Java runtime environment 53,kq-TB
b)=h#
1. T root C'm]G<#
2. 20 IBM JRE V1.3.1.5#`X8>E",kNDZ 241 3#
3. ek IBM Tivoli Access Manager Base for AIX CD "20|#
4. 20 Access Manager Java Runtime Environment m~|:
installp -acgXd cd_mount_point/usr/sys/inst.images PDJ.rte
dP cd_mount_point/usr/sys/inst.images G20C CD D?<#
5. *9C}"o(1!oT)TbDoTi44,M{",XkZdCm~|.02
0oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
6 . *dC Access Manager Java Runt ime Envi ronment i~,kP;A
/opt/PolicyDirector/sbin ?<"4PTBYw:
v g{dC*Z IBM JRE 1.3.1.5 P9C,kdkTBZ]:
./pdjrtecfg -action config -interactive
v g{dC*Z Sun JRE 1.4 P9C,kdkTBZ]:
./pdjrtecfg -action config -host policy_server_host -port port -java_home jre_path
":
1. *Tj+dC`M20 Java Runtime Environment,k7# policy server M"am
~qw=_<ZKP#g{dC`M*%z,r^hbyv#
2. Z9C Sun JRE 1.4 1;*9C pdjrtecfg –interactive r pdconfig 5CLr,
qrdCI\a'\#PXb)5CLrD|`E",kNDZ 4 1 2 3D
:pdjrtecfg;MZ 411 3D:pdconfig;#
bMjIK Java runtime environment 53D20#*20m;v Tivoli Access Manager
53,kq-Z 24 3D:20}L;PD=h#
HP-UX:20 Java runtime environment 53
TB}L9C swinstall 20 Access Manager Java Runtime Environment m~|"R
9C pdjrtecfg 5CLrdCCm~|#
*Z HP-UX O20MdC Tivoli Access Manager Java runtime environment 53,k
q-TBb)=h#
1. T root C'm]G<#
2. 20 IBM JRE V1.3.1#`X8>E",kNDZ 241 3#
20 Java runtime environment 53
118 IBM Tivoli Access Manager for e-business: Web Security 208O
3. ek IBM Tivoli Access Manager Base for HP-UX CD#
4. Zs(Ht/ pfs_mountd,;sYt/ pfsd(g{|GP4KP)#9C
pfs_mount |n20 CD#}g,dkBP|n:
/usr/sbin/pfs_mount /dev/dsk/c0t0d0 /cd-rom
dP /dev/dsk/c0t0d0 G CD h8x /cd-rom G20c#
5. 20 Access Manager Java Runtime Environment m~|,kdkTBZ]:
swinstall -s /cd-rom/hp PDJrte
6. *9C}"o(1!oT)TbDoTi44,M{",XkZdCm~|.02
0oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
7 . *dC Access Manager Java Runt ime Envi ronment i~,kP;A
/opt/PolicyDirector/sbin ?<"4PTBYw:
v g{dC*Z IBM JRE 1.3.1 P9C,kdkTBZ]:
./pdjrtecfg -action config -interactive
v g{dC*Z Sun JRE 1.4 P9C,kdkTBZ]:
./pdjrtecfg -action config -host policy_server_host -port port -java_home jre_path
":
1. *Tj+dC`M20 Java Runtime Environment,k7# policy server M"
am~qw=_<ZKP#g{dC`M*%z,r^hbyv#
2. Z9C Sun JRE 1.4 1;*9C pdjrtecfg –interactive r pdconfig 5C
Lr,qrdCI\a'\#PXb)5CLrD|`E",kNDZ 412
3D:pdjrtecfg;MZ 411 3D:pdconfig;#
v gBy>6B CD:
pfs_umount -c /cd-rom
dP /cd-rom G20c#
bMjIK Java runtime environment 53D20#*20m;v Tivoli Access
Manager 53,kq-Z 24 3D:20}L;PD=h#
Linux:20 Java runtime environment 53
TB}L9C rpm 20 Access Manager Java Runtime Environment m~|"R9C
pdjrtecfg 5CLrdCCm~|#
*Z Linux O20 Tivoli Access Manager Java runtime environment 53,kq-T
Bb)=h#
":Linux on zSeries C':zXkWHS IBM Tivoli Access Manager for Linux on
zSeries CD qCT Linux rpm D~DCJ#
1. T root C'm]G<#
2. 20 IBM JRE V1.3.1#`X8>E",kNDZ 242 3#
3. ek IBM Tivoli Access Manager Base CD for xSeries, zSeries, or pSeries and iSeries
"20|#
4. P;= /mnt/cdrom/series ?<,dP /mnt/cdrom G CD D20cx series 8
( xSeries"zSeries r pSeries#
20 Java runtime environment 53
Z 8 B 20 Java runtime environment 53 119
5. 20 Access Manager Java Runtime Environment m~|:
rpm -ihv package
dP package gB:
v Linux on xSeries:PDJrte-PD-5.1.0-0.i386.rpm
v Linux on zSeries:PDJrte-PD-5.1.0-0.s390.rpm
v Linux on pSeries and iSeries:PDJrte-PD-5.1.0-0.ppc.rpm
6. *9C}"o(1!oT)TbDoTi44,M{",XkZdCm~|.02
0oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
7 . *dC Access Manager Java Runt ime Envi ronment i~,kP;A
/opt/PolicyDirector/sbin ?<"4PTBYw:
v g{dC*Z IBM JRE 1.3.1 P9C,kdkTBZ]:
./pdjrtecfg -action config -interactive
v g{dC*Z Sun JRE 1.4 P9C,kdkTBZ]:
./pdjrtecfg -action config -host policy_server_host -port port -java_home jre_path
":
1. *Tj+dC`M20 Java Runtime Environment,k7# policy server M"a
m~qw=_<ZKP#g{dC`M*%z,r^hbyv#
2. Z9C Sun JRE 1.4 1;*9C pdjrtecfg –interactive r pdconfig 5CL
r,qrdCI\a'\#PXb)5CLrD|`E",kNDZ 412 3D
:pdjrtecfg;MZ 411 3D:pdconfig;#
bMjIK Java runtime environment 53D20#*20m;v Tivoli Access
Manager 53,kq-Z 24 3D:20}L;PD=h#
Solaris:20 Java runtime environment 53
TB}L9C pkgadd 20 Access Manager Java Runtime Environment m~|"R9
C pdjrtecfg 5CLrdCCm~|#
*Z Solaris O20MdC Tivoli Access Manager Java runtime environment 53,k
q-TBb)=h#
1. T root C'm]G<#
2. 20 IBM JRE V1.3.1#`X8>E",kNDZ 243 3#
3. ek IBM Tivoli Access Manager Base for Solaris CD#
4. 20 Access Manager Java Runtime Environment m~|:
pkgadd -d /cdrom/cdrom0/solaris -a /cdrom/cdrom0/solaris/pddefault PDJrte
d P - d / c d r o m / c d r o m 0 / s o l a r i s 8 ( m ~ | D ; C x - a
/cdrom/cdrom0/solaris/pddefault 8(20\mE>D;C#
5. *9C}"o(1!oT)TbDoTi44,M{",XkZdCm~|.02
0oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
6 . *dC Access Manager Java Runt ime Envi ronment i~,kP;A
/opt/PolicyDirector/sbin ?<"4PTBYw:
v g{dC*Z IBM JRE 1.3.1 P9C,kdkTB|n:
20 Java runtime environment 53
120 IBM Tivoli Access Manager for e-business: Web Security 208O
./pdjrtecfg -action config -interactive
v g{dC*Z Sun JRE 1.4 P9C,kdkTBZ]:
./pdjrtecfg -action config -host policy_server_host -port port -java_home jre_path
":
1. *Tj+dC`M20 Java Runtime Environment,k7# policy server M"a
m~qw=_<ZKP#g{dC`M*%z,r^hbyv#
2. Z9C Sun JRE 1.4 1;*9C pdjrtecfg –interactive r pdconfig 5CL
r,qrdCI\a'\#PXb)5CLrD|`E",kNDZ 412 3D
:pdjrtecfg;MZ 411 3D:pdconfig;#
bMjIK Java runtime environment 53D20#*20m;v Tivoli Access
Manager 53,kq-Z 24 3D:20}L;PD=h#
Windows:20 Java runtime environment 53
TB}L9C setup.exe Lr20 Access Manager Java Runtime Environment m~
|"R9C pdjrtecfg 5CLrdCCm~|#
*Z Windows O20MdC Tivoli Access Manager Java runtime environment 53,
kq-TBb)=h#
1. T_P Windows \m1X(DC'm]G<#
2. 20 IBM JRE V1.3.1#`X8>E",kNDZ 243 3#
3. ek IBM Tivoli Access Manager Base for Windows NT, Windows XP, Windows 2000
and Windows 2003 CD#
4. 20 Access Manager Java Runtime Environment m~|#*jIbnYw,kKP
;ZTB?<D setup.exe D~:
windows\PolicyDirector\Disk Images\Disk1
q-*z8>E"jI20#
5. *9C}"o(1!oT)TbDoTi44,M{",XkZdCm~|.02
0oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
6. *dC Access Manager Java Runtime Environment i~,kP;A c:\Program
Files\Tivoli\Policy Director\sbin ?<"4PTBYw:
v g{dC*Z IBM JRE 1.3.1 P9C,kdkTBZ]:
pdjrtecfg -action config -interactive
v g{dC*Z Sun JRE 1.4 P9C,kdkTBZ]:
pdjrtecfg -action config -host policy_server_host -port port -java_home jre_path
":
1. *Tj+dC`M20 Java Runtime Environment,k7# policy server M"am
~qw=_<ZKP#g{dC`M*%z,r^hbyv#
2. Z9C Sun JRE 1.4 1;*9C pdjrtecfg –interactive r pdconfig 5CLr,
qrdCI\a'\#PXb)5CLrD|`E",kNDZ 4 1 2 3D
:pdjrtecfg;MZ 411 3D:pdconfig;#
bMjIK Java runtime environment 53D20#*20m;v Tivoli Access Manager
53,kq-Z 24 3D:20}L;PD=h#
20 Java runtime environment 53
Z 8 B 20 Java runtime environment 53 121
122 IBM Tivoli Access Manager for e-business: Web Security 208O
Z 9 B 20 policy proxy server
>Ba)PX20MdC Tivoli Access Manager policy proxy server 53DE"#
zIT9CTB20=(.;420K53:
v :9C20r<20;
v Z 124 3D:9C>z5CLr20;
9C20r<20
install_amproxy 20r<(}TJ1D3r20MdCTBi~,r/K Tivoli Access
Manager policy proxy server 53D20:
v Global Security Kit(GSKit)V7
v IBM Tivoli Directory Client V5.2(4h*)
v Access Manager Runtime V5.1
v Access Manager Policy Proxy Server V5.1
":Cr<lbi~GqQ20,R;"TYN20|#
*9C install_amproxy r<20MdC policy proxy server 53,kq-TBb)
=h:
1. 7#Q20yPX*DYw539!#`XE",kNDZ 33 3D:\'VD=
((|(Xh9!);#
2. 7#ZKP20r<.0Q20 IBM JRE 1.3.1(Z AIX O* 1.3.1.5)#`X8>
E",kNDZ 241 3#
3. 7#"am~qwM policy server Qt/"ZKP(Z}#==B)#
4. *9C}"o(1!oT)TbDoTi44,M{",XkZKP20r<.0
20oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
5. vZ Windows 53O:
v SyPKPPDLrKv#
v g{}Z9C Active Directory,rXkZKPK20r<.020 IBM Tivoli
Directory Client#*jIbnYw,kKP;Z cd_drive:\windows\directory\ D
setup.exe Lr#!q20 Client SDK 5.2 &\?~"jI*z8>E"#
6. KP install_amproxy Lr,CLr;Z)\'VD AIX"HP-UX"Linux"Solaris
M Windows =(9CD Tivoli Access Manager Base CD ODy?<P#
20r<(}a>zdkZ 300 3D:install_amproxy;PhvDdCE"*<K
P#Zza)KE"(rS\1!5).s,i~Z;Px;=I$DivBjI
20MdC#
bMjIK policy proxy server 53D20#*20m;v Tivoli Access Manager 5
3,kq-Z 24 3D:20}L;PD=h#
© Copyright IBM Corp. 2001, 2003 123
9C>z5CLr20
TBwZ9z\;9Cl$DX(Z=(D5CLr20 Tivoli Access Manager m~#
kT/20r<;,,zXkTJ1D3rV/20?vi~MNNX8m~#*Z
20sdCm~|,k9C pdconfig 5CLr#
jIJCZzDYw53D8>E":
v AIX,ZZ 124 3O
v HP-UX,ZZ 125 3O
v Linux,ZZ 126 3O
v Solaris,ZZ 127 3O
v Windows,ZZ 128 3O
AIX:20 policy proxy serverTB}L9C installp 420m~|,"9C pdconfig 5CLr4dC|G#
*20 Tivoli Access Manager policy proxy server 53,kq-TBb)=h:
1. T root C'm]G<#
2. 7#"am~qwM policy server Qt/"ZKP(Z}#==B)#
3. ek IBM Tivoli Access Manager Base for AIX CD "20|#
4. 20 GSKit#`X8>E",kNDZ 233 3#
5. 20 IBM Tivoli Directory Client#`X8>E",kNDZ 238 3#
6. 20TBm~|:
installp -acgXd cd_mount_point/usr/sys/inst.images packages
dP cd_mount_point/usr/sys/inst.images G20 CD D?<,packages gB:
PD.RTE 8( Access Manager Runtime m~|#
PD.Proxy 8( Access Manager Proxy Policy Server m~|#
7. *9C}"o(1!oT)TbDoTi44,M{",XkZdCm~|.02
0oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
8. dC Access Manager Runtime,;sdC Access Manager Policy Proxy Server m
~|,gBy>:
a. t/dC5CLr:
pdconfig
+T> Tivoli Access Manager hCK%#
b. t!qdCm~|,rdkK%E 1#+T> Tivoli Access Manager dCK
%#
c. !qk*dCDm~|DK%E,;N!q;v#
y]!qDm~|,+rza>dC!n#PXb)dC!nDoz,kND
Z 319 3DZ 23 B, :pdconfig !n;#
1vV{"8>QI&dCm~|1,4 Enter |dCm;vm~|r_!q x !n
=NTXUdC5CLr#
20 policy proxy server
124 IBM Tivoli Access Manager for e-business: Web Security 208O
bMjIK policy proxy server 53D20#*20m;v Tivoli Access Manager 5
3,kq-Z 24 3D:20}L;PD=h#
HP-UX:20 policy proxy serverTB}L9C swinstall 420m~|,"R9C pdconfig 5CLr4dC|G#
*20 Tivoli Access Manager policy proxy server 53,kq-TBb)=h:
1. T root C'm]G<#
2. 7#"am~qwM policy server Qt/"ZKP(Z}#==B)#
3. ek IBM Tivoli Access Manager Base for HP-UX CD#
4. Zs(Ht/ pfs_mountd,;sYt/ pfsd(g{|GP4KP)#9C
pfs_mount |n20 CD#}g,dkBP|n:
/usr/sbin/pfs_mount /dev/dsk/c0t0d0 /cd-rom
dP /dev/dsk/c0t0d0 G CD h8x /cd-rom G20c#
5. 20 GSKit#`X8>E",kNDZ 233 3#
6. 20 IBM Tivoli Directory Client#`X8>E",kNDZ 238 3#
7. S CD ODy?<dkTBZ]T20 LDAP 9!:
am_update_ldap.sh
8. 20TBm~|:
swinstall -s /cd-rom/hp packages
dP /cd-rom/hp G?<,packages gB:
PDRTE 8( Access Manager Runtime m~|#
PDProxy 8( Access Manager Policy Proxy Server m~|#
9. *9C}"o(1!oT)TbDoTi44,M{",XkZdCm~|.0
20oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
10. dC Access Manager Runtime,;sdC Access Manager Policy Proxy Server m
~|,gBy>:
a. t/dC5CLr:
pdconfig
+T> Tivoli Access Manager hCK%#
b. t!qdCm~|,rdkK%E 1#+T> Tivoli Access Manager dC
K%#
c. !qk*dCDm~|DK%E,;N!q;v#
y]!qDm~|,+rza>dC!n#PXb)dC!nDoz,kND
Z 319 3DZ 23 B, :pdconfig !n;#
1vV{"8>QI&dCm~|1,4 Enter |dCm;vm~|r_!q
x !n=NTXUdC5CLr#
11. gBy>6B CD:
pfs_umount -c /cd-rom
dP /cd-rom G20c#
20 policy proxy server
Z 9 B 20 policy proxy server 125
bMjIK policy proxy server 53D20#*20m;v Tivoli Access Manager 5
3,kq-Z 24 3D:20}L;PD=h#
Linux:20 policy proxy serverTB}L9C rpm 420m~|,"R9C pdconfig 5CLr4dC|G#
*20 Tivoli Access Manager policy proxy server 53,kq-TBb)=h#
":Linux on zSeries C':zXkWHS IBM Tivoli Access Manager for Linux on
zSeries CD qCT Linux rpm D~DCJ#
1. T root C'm]G<#
2. 7#"am~qwM policy server Qt/"ZKP(Z}#==B)#
3. ek IBM Tivoli Access Manager Base CD for xSeries or zSeries "20|#
4. P;A /mnt/cdrom/series ?<,dP /mnt/cdrom G CD D20cx series 8
( xSeries r zSeries#
5. 20 GSKit#`X8>E",kNDZ 234 3#
6. 20 IBM Tivoli Directory Client#`X8>E",kNDZ 239 3#
7. 20TBm~|:
rpm -ihv packages
dP packages gB:
Access Manager Runtime Access Manager Policy ProxyServer
Linux on xSeries PDRTE-PD-5.1.0-0.i386.rpm PDMgrPrxy-PD-5.1.0-0.i386.rpm
Linux on zSeries PDRTE-PD-5.1.0-0.s390.rpm PDMgrPrxy-PD-5.1.0-0.s390.rpm
8. *9C}"o(1!oT)TbDoTi44,M{",XkZdCm~|.02
0oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
9. dC Access Manager Runtime,;sdC Access Manager Policy Proxy Server m
~|,gBy>:
a. t/dC5CLr:
pdconfig
+T> Tivoli Access Manager hCK%#
b. t!qdCm~|,rdkK%E 1#+T> Tivoli Access Manager dCK
%#
c. !qk*dCDm~|DK%E,;N!q;v#
y]!qDm~|,+rza>dC!n#PXb)dC!nDoz,kND
Z 319 3DZ 23 B, :pdconfig !n;#
1vV{"8>QI&dCm~|1,4 Enter |dCm;vm~|r_!q x !n
=NTXUdC5CLr#
bMjIK policy proxy server 53D20#*20m;v Tivoli Access Manager 5
3,kq-Z 24 3D:20}L;PD=h#
20 policy proxy server
126 IBM Tivoli Access Manager for e-business: Web Security 208O
Solaris:20 policy proxy serverTB}L9C pkgadd 420m~|,"R9C pdconfig 5CLr4dC|G#
*20 Tivoli Access Manager policy proxy server 53,kq-TBb)=h:
1. T root C'm]G<#
2. 7#"am~qwM policy server Qt/"ZKP(Z}#==B)#
3. ek IBM Tivoli Access Manager Base for Solaris CD#
4. 20 GSKit#`X8>E",kNDZ 235 3#
5. 20 IBM Tivoli Directory Client#`X8>E",kNDZ 239 3#
6. 20TBm~|(;N;v):
pkgadd -d /cdrom/cdrom0/solaris -a /cdrom/cdrom0/solaris/pddefault packages
dP:
-d /cdrom/cdrom0/solaris
8(m~|D;C#
-a /cdrom/cdrom0/solaris/pddefault
8(20\mE>D;C#
packages gB:
PDRTE 8( Access Manager Runtime m~|#
PDProxy 8( Access Manager Policy Proxy Server m~|#
1?vm~|D20}L<QjI1,+T>TB{":
m~|20I&#
7. *9C}"o(1!oT)TbDoTi44,M{",XkZdCm~|.02
0oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
8. dC Access Manager Runtime,;sdC Access Manager Policy Proxy Server m
~|,gBy>:
a. t/dC5CLr:
pdconfig
+T> Tivoli Access Manager hCK%#
b. t!qdCm~|,rdkK%E 1#+T> Tivoli Access Manager dCK
%#
c. !qk*dCDm~|DK%E,;N!q;v#
y]!qDm~|,+rza>dC!n#PXb)dC!nDoz,kND
Z 319 3DZ 23 B, :pdconfig !n;#
1vV{"8>QI&dCm~|1,4 Enter |dCm;vm~|r_!q x !n
=NTXUdC5CLr#
bMjIK policy proxy server 53D20#*20m;v Tivoli Access Manager 5
3,kq-Z 24 3D:20}L;PD=h#
20 policy proxy server
Z 9 B 20 policy proxy server 127
Windows:20 policy proxy serverTB}L9C setup.exe Lr420m~|,"R9C pdconfig 5CLr4dC|
G#
*20 Tivoli Access Manager policy proxy server 53,kq-TBb)=h:
1. T_P\m1X(DC'm]G<#
2. 7#"am~qwM policy server Qt/"ZKP(Z}#==B)#
3. ek IBM Tivoli Access Manager Base for Windows NT, Windows XP, Windows 2000
and Windows 2003 CD#
4. 20 GSKit#`X8>E",kNDZ 235 3#
5. 20 IBM Tivoli Directory Client#`X8>E",kNDZ 240 3#
6. 20 Access Manager Runtime M Access Manager Policy Proxy Server m~|#*
jIbnYw,kKP;ZTB?<D setup.exe Lr:
windows\PolicyDirector\Disk Images\Disk1
q-*z8>E"TjI20#
7. *9C}"o(1!oT)TbDoTi44,M{",XkZdCm~|.02
0oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
8. dC Access Manager Runtime,;sdC Access Manager Policy Proxy Server m
~|,gBy>:
a. t/dC5CLr:
pdconfig
+T> Access Manager dC0Z#
b. !q Access Manager Runtime m~|"%wdC#
c. !q Access Manager Policy Proxy Server m~|"%wdC#
y]!qDm~|,+rza>dC!n#PXb)dC!nDoz,kNDZ
319 3DZ 23 B, :pdconfig !n;#
bMjIK policy proxy server 53D20#*20m;v Tivoli Access Manager 5
3,kq-Z 24 3D:20}L;PD=h#
20 policy proxy server
128 IBM Tivoli Access Manager for e-business: Web Security 208O
Z 10 B 20 runtime 53
>Ba)PX20MdC Tivoli Access Manager runtime 53DE"#
zIT9CTB20=(.;420K53:
v :9C20r<20;
v Z 130 3D:9C>z5CLr20;
9C20r<20
install_amrte 20r<(}TJ13r20MdCTBi~r/K Tivoli Access
Manager runtime 53D20#
v Global Security Kit(GSKit)V7
v IBM Tivoli Directory Client V5.2(4h*)
v Access Manager Runtime V5.1
":Cr<lbi~GqQ20,R;"TYN20|#
*9C install_amrte r<20MdC runtime 53,kq-TBb)=h:
1. 7#Q20yPX*DYw539!#`XE",kNDZ 33 3D:\'VD=
((|(Xh9!);#
2. 7#"am~qwM policy server Qt/"ZKP(Z}#==B)#
3. 7#ZKP20r<.0Q20 IBM JRE 1.3.1(Z AIX O* 1.3.1.5)#`X8>
E",kNDZ 241 3#
4. *9C}"o(1!oT)TbDoTi44,M{",XkZKP20r<.0
20oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
5. vZ Windows 53O,SyPKPPDLrKv#
6. KP install_amrte Lr,CLr;Z)\'VD AIX"HP-UX"Linux"Solaris M
Windows =(9CD Tivoli Access Manager Base CD ODy?<P#
20r<(}a>zdkZ 288 3(LDAP)"Z 290 3(Active Directory)rZ
293 3(Domino)PhvDdCE"*<KP#Zza)KE"(rS\1!5)
.s,i~Z;Px;=I$DivBjI20MdC#
bMjIK runtime 53D20#*20m;v Tivoli Access Manager 53,kq-
Z 24 3D:20}L;PD=h#
© Copyright IBM Corp. 2001, 2003 129
9C>z5CLr20
TBwZ9z\;9Cl$DX(Z=(D5CLr20 Tivoli Access Manager m~#
kT/20r<;,,zXkTJ1D3rV/20?vi~MNNX8m~#*Z
20sdCm~|,k9C pdconfig 5CLr#
jIJCZzDYw53D8>E":
v AIX,ZZ 130 3O
v HP-UX,ZZ 131 3O
v Linux,ZZ 131 3O
v Solaris,ZZ 132 3O
v Windows,ZZ 133 3O
AIX:20 runtime 53
TB}L9C installp 420m~|,"9C pdconfig 5CLr4dC|G#
*20 Tivoli Access Manager runtime 53,kq-TBb)=h:
1. T root C'm]G<#
2. 7#"am~qwM policy server Qt/"ZKP(Z}#==B)#
3. ek IBM Tivoli Access Manager Base for AIX CD "20|#
4. 20 GSKit#`X8>E",kNDZ 233 3#
5. 20 IBM Tivoli Directory Client#`X8>E",kNDZ 238 3#
6. 20 Access Manager Runtime m~|:
installp -acgXd cd_mount_point/usr/sys/inst.images PD.RTE
dP cd_mount_point/usr/sys/inst.images G20C CD D?<#
7. *9C}"o(1!oT)TbDoTi44,M{",XkZdCm~|.02
0oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
8. gBy>dC Access Manager Runtime m~|:
a. t/dC5CLr:
pdconfig
+T> Tivoli Access Manager hCK%#
b. t!qdCm~|,rdkK%E 1#+T> Tivoli Access Manager dCK
%#
c. !qk*dCDm~|DK%E,;N!q;v#PXdC!nDoz,kN
DZ 319 3DZ 23 B, :pdconfig !n;#
1vV{"8>QI&dCm~|1,4 Enter |dCm;vm~|r_!q x!n=NTXUdC5CLr#
bMjIK runtime 53D20#*20m;v Tivoli Access Manager 53,kq-
Z 24 3D:20}L;PD=h#
20 runtime 53
130 IBM Tivoli Access Manager for e-business: Web Security 208O
HP-UX:20 runtime 53
TB}L9C swinstall 420m~|,"R9C pdconfig 5CLr4dC|G#
*Z HP-UX O20 Tivoli Access Manager,kq-TBb)=h:
1. T root C'm]G<#
2. 7#"am~qwM policy server Qt/"ZKP(Z}#==B)#
3. ek IBM Tivoli Access Manager Base for HP-UX CD#
4. Zs(Ht/ pfs_mountd,;sYt/ pfsd(g{|GP4KP)#9C
pfs_mount |n20 CD#}g,dkBP|n:
/usr/sbin/pfs_mount /dev/dsk/c0t0d0 /cd-rom
dP /dev/dsk/c0t0d0 G CD h8x /cd-rom G20c#
5. 20 GSKit#`X8>E",kNDZ 233 3#
6. 20 IBM Tivoli Directory Client#`X8>E",kNDZ 238 3#
7. S CD ODy?<dkTBZ]T20 LDAP 9!:
am_update_ldap.sh
8. 20 Access Manager Runtime m~|:
swinstall -s /cd-rom/hp PDRTE
dP /cd-rom/hp G?<x PDRTE G runtime m~|#
9. *9C}"o(1!oT)TbDoTi44,M{",XkZdCm~|.0
20oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
10. gBy>dC Access Manager Runtime m~|:
a. t/dC5CLr:
pdconfig
+T> Tivoli Access Manager hCK%#
b. t!qdCm~|,rdkK%E 1#+T> Tivoli Access Manager dC
K%#
!qk*dCDm~|DK%E#PXdC!nDoz,kNDZ 319 3DZ 23
B, :pdconfig !n;#
1vV{"8>QI&dCm~|1,!q x !n=NTXUdC5CLr#
11. gBy>6B CD:
pfs_umount -c /cd-rom
dP /cd-rom G20c#
bMjIK Tivoli Access Manager runtime 53D20#*20m;v Tivoli Access
Manager 53,kq-Z 24 3D:20}L;PD=h#
Linux:20 runtime 53
TB}L9C rpm 420m~|,"R9C pdconfig 5CLr4dC|G#
*Z Linux O20 Tivoli Access Manager m~|,kq-TBb)=h#
20 runtime 53
Z 10 B 20 runtime 53 131
":Linux on zSeries C':zXkWHS IBM Tivoli Access Manager for Linux on
zSeries CD qCT Linux rpm D~DCJ(#
1. T root C'm]G<#
2. 7#"am~qwM policy server Qt/"ZKP(Z}#==B)#
3. ek IBM Tivoli Access Manager Base CD for xSeries, zSeries, or pSeries and iSeries
"20|#
4. P;= /mnt/cdrom/series ?<,dP /mnt/cdrom G CD D20cx series 8
( xSeries"zSeries r pSeries#
5. 20 GSKit#`X8>E",kNDZ 234 3#
6. 20 IBM Tivoli Directory Client#`X8>E",kNDZ 239 3#
7. 20 Access Manager Runtime m~|:
rpm -ihv package
dP package gB:
v Linux on xSeries:PDRTE-PD-5.1.0-0.i386.rpm
v Linux on zSeries:PDRTE-PD-5.1.0-0.s390.rpm
v Linux on pSeries and iSeries:PDRTE-PD-5.1.0-0.ppc.rpm
8. *9C}"o(1!oT)TbDoTi44,M{",XkZdCm~|.02
0oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
9. gBy>dC Access Manager Runtime m~|:
a. t/dC5CLr:
pdconfig
+T> Tivoli Access Manager hCK%#
b. t!qdCm~|,rdkK%E 1#+T> Tivoli Access Manager dCK
%#
1vV{"8>QI&dCm~|1,!q x !n=NTXUdC5CLr#
bMjIK Tivoli Access Manager runtime 53D20#*20m;v Tivoli Access
Manager 53,kq-Z 24 3D:20}L;PD=h#
Solaris:20 runtime 53
TB}L9C pkgadd 420m~|,"R9C pdconfig 5CLr4dC|G#
*20 Tivoli Access Manager m~|,kq-TBb)=h:
1. T root C'm]G<#
2. 7#"am~qwM policy server Qt/"ZKP(Z}#==B)#
3. ek IBM Tivoli Access Manager Base for Solaris CD#
4. 20 GSKit#`X8>E",kNDZ 235 3#
5. 20 IBM Tivoli Directory Client#`X8>E",kNDZ 239 3#
6. 20 Access Manager Runtime m~|:
pkgadd -d /cdrom/cdrom0/solaris -a /cdrom/cdrom0/solaris/pddefault PDRTE
20 runtime 53
132 IBM Tivoli Access Manager for e-business: Web Security 208O
d P - d / c d r o m / c d r o m 0 / s o l a r i s 8 ( m ~ | D ; C x - a
/cdrom/cdrom0/solaris/pddefault 8(20\mE>D;C#
1?vm~|D20}L<QjI1,+T>TB{":
m~|20I&#
7. *9C}"o(1!oT)TbDoTi44,M{",XkZdCm~|.02
0oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
8. gBy>dC Access Manager Runtime m~|:
a. t/dC5CLr:
pdconfig
+T> Tivoli Access Manager hCK%#
b. t!qdCm~|,rdkK%E 1#+T> Tivoli Access Manager dCK
%#
c. !qk*dCDm~|DK%E#PXdC!nDoz,kNDZ 319 3DZ 23
B, :pdconfig !n;#
1vV{"8>QI&dCm~|1,4 Enter |dCm;vm~|r_!q x !n
=NTXUdC5CLr#
bMjIK Tivoli Access Manager runtime 53D20#*20m;v Tivoli Access
Manager 53,kq-Z 24 3D:20}L;PD=h#
Windows:20 runtime 53
TB}L9C setup.exe Lr420m~|,"R9C pdconfig 5CLr4dC|
G#
*20 Tivoli Access Manager runtime 53,kq-TBb)=h:
1. T_P\m1X(DC'm]G<#
2. 7#"am~qwM policy server Qt/"ZKP(Z}#==B)#
3. ek IBM Tivoli Access Manager Base for Windows NT, Windows XP, Windows 2000
and Windows 2003 CD#
4. 20 GSKit#`X8>E",kNDZ 235 3#
5. 20 IBM Tivoli Directory Client#`X8>E",kNDZ 240 3#
6. 20 Access Manager Runtime m~|#*jIbnYw,kKP;ZTB?<D
setup.exe Lr:
windows\PolicyDirector\Disk Images\Disk1
q-*z8>E"TjI20#
7. *9C}"o(1!oT)TbDoTi44,M{",kZdCm~|.020
oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
8. gBy>dC Access Manager Runtime m~|:
a. t/dC5CLr:
pdconfig
+T> Access Manager dC0Z#
20 runtime 53
Z 10 B 20 runtime 53 133
b. !q Access Manager Runtime m~|"%wdC#
arza>dC!n#PXb)dC!nDoz,kNDZ 319 3DZ 23 B,
:pdconfig !n;#
bMjIK Tivoli Access Manager runtime 53D20#*20m;v Tivoli Access
Manager 53,kq-Z 24 3D:20}L;PD=h#
20 runtime 53
134 IBM Tivoli Access Manager for e-business: Web Security 208O
Z 11 B 20 Web Portal Manager 53
>Ba)PX20MdC Tivoli Access Manager Web Portal Manager 53DE"#
zIT9CTB20=(.;420K53:
v :9C20r<20;
v Z 137 3D:9C>z5CLr20;
9C20r<20
install_amwpm 20r<(}TJ13r20MdCTBi~r/K Tivoli Access
Manager Web Portal Manager 53D20:
v IBM WebSphere Application Server V5.0.2,|( IBM HTTP Server V1.3.26
v Access Manager Java Runtime Environment V5.1
v Access Manager Web Portal Manager V5.1
":Cr<lbi~GqQ20,R;"TYN20|#
*9C install_amwpm r<20MdC Web Portal Manager 53,kq-TBb)
=h#
":Web Portal Manager 20r<Z HP-UX O;IC#g{}Z HP-UX O20 IBM
Tivoli Directory Server,kNDZ 139 3D:HP-UX:20 Web Portal Manager 5
3;PD8>E"#
1. 7#Q20yPX*DYw539!#`XE",kNDZ 33 3D:\'VD=
((|(Xh9!);#
2. 7#"am~qwM policy server Qt/"ZKP(Z}#==B)#
3. 7#ZKP20r<.0Q20 IBM JRE 1.3.1(Z AIX O* 1.3.1.5)#`X8>
E",kNDZ 241 3#
":g{kT\'VD IBM JRE TbD JRE dC Web Portal Manager,dCI
\a'\#
4. *9C}"o(1!oT)TbDoTi44,M{",XkZKP20r<.0
20oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
5. k7#ZzD2+rPD53OQ20\'VD Web /@w#Web Portal Manager
'V:
v Netscape Navigator 4.7x M 7.0
v Microsoft Internet Explorer 5.5 M 6.0
6. vZ Windows 53O,SyPKPPDLrKv#
7. KP install_amwpm Lr,CLr;Z) AIX"Linux"Solaris"Windows 2000 M
Windows 2003 =(9CD Tivoli Access Manager Web Administration Interfaces CD
ODy?<P#
© Copyright IBM Corp. 2001, 2003 135
20r<(}a>zdkZ 315 3D:install_amwpm;PhvDdCE"*<K
P#Zza)KE"(rS\1!5).s,i~Z;Px;=I$DivBjI
20MdC#
8. g{}Z AIX"Linux on xSeries"Solaris r Windows 2000 O20,rgBy>
20^)| 2#
":d|\'VD=(Q20Z WebSphere Application Server 5.0.2 6pO#
a. #9 WebSphere Application Server M IBM HTTP Server#g{Z,;vzwO
20K LDAP "am~qw,r9k7##9 LDAP ~qw#
b. 7#QhC JAVA_HOME 53d?#
c. ekCZzD=(D IBM Tivoli Access Manager WebSphere Fix Pack CD#
d. + CD DZ]4F=2L}/wOD;vY1?<P#
e. KP updateWizard E>(UNIX)rz&mD~(Windows),CE>rD~;
Z platform/websphere_fixpack S?<(z4F CD Z]D;C)#
+T>0|B20r<1#
f. q-*z8>E"20^)| 2#k7#dk4F^)|D~DGvY1?<#
}g,g{+ websphere_fixpack ?<S CD 4F=z53OD C:\temp ?<,
rZ0^)|?<1VNPdkTBZ]:
C:\temp\websphere_fixpack\fixpacks
120jI1,%wjI#
":Tivoli Access Manager ;*s06k={"+]1#K20r<;20b;
&\?~#g{Q* WebSphere Application Server 5.0 hCK06k={
"+]1,rIT!q|BK&\?~#
g. + Access Manager Java Runtime Environment i~dC*CZf WebSphere ;
p20D JRE#*jIbnYw,kq-TBb)=h:
1) P;A /opt/PolicyDirector/sbin ?<"dkTB|n:
./pdjrtecfg -action config -interactive
2) !qj+dC`M#
3) 8(f IBM WebSphere Application Server ;p20D JRE#}g:
/usr/WebSphere/AppServer/java/jre
4) 8( policy server wz{"KZMr#
":PXK5CLrD|`E",kNDZ 412 3D:pdjrtecfg;#
h. gBy>XBt/ WebSphere Application Server M IBM HTTP Server:
1) *XBt/ WebSphere Application Server,k4PTBYw.;:
v Z UNIX 53O,gBy>KP star tServer .sh E>(;Z
/usr/WebSphere/AppServer/bin ?<):
./stopServer.sh server1
./startServer.sh server1
v TZ Windows 2000 53,!q*< → hC → XFfe → \m$_,
;s+w~q<jTXBt/K~qw#
2) *XBt/ IBM HTTP Server,k4PTBYw.;:
v Z AIX 53O,dkTB|n:
20 Web Portal Manager 53
136 IBM Tivoli Access Manager for e-business: Web Security 208O
/usr/HTTPServer/apachectl restart
v Z HP-UX"Linux on xSeries M Solaris 53O,dkTB|n:
/opt/IBMHTTPServer/apachectl restart
v TZ Windows 2000 53,!q*< → hC → XFfe → \m$_,
;s+w~q<jTXBt/K~qw#
9. *CJ Web Portal Manager gf,kZ Web /@wPdkTBX7:
http://hostname/pdadmin
dP,hostname G IBM WebSphere Application Server }ZKP IBM HTTP Server
DGv53D{F#
bMjIK Web Portal Manager 53D20#*20m;v Tivoli Access Manager 5
3,kq-Z 24 3D:20}L;PD=h#PX Web Portal Manager \mNqDE
",kND6IBM Tivoli Access Manager Base \m8O7#
"b,Tivoli Access Manager ;a)1!$iT9 Web Portal Manager Z/@wM
WebSphere Application Server 9CD HTTP ~qw.d5V2+,S#(iz:r CA
$i,;s+|dC= Web Portal Manager 73P#
9C>z5CLr20
TBwZ9z\;9Cl$DX(Z=(D5CLr20 Tivoli Access Manager m~#
kT/20r<;,,zXkTJ1D3rV/20?vi~MNNX8m~#*Z
20sdCm~|,k4TB}LPhvDGy9C pdjrtecfg M amwpmcfg 5CL
r#
jIJCZzDYw53D8>E":
v AIX,ZZ 137 3O
v HP-UX,ZZ 139 3O
v Linux,ZZ 141 3O
v Solaris,ZZ 142 3O
v Windows,ZZ 144 3O
AIX:20 Web Portal Manager 53
TB}L9C installp 420m~|,"R9C pdjrtecfg M amwpmcfg 5CLr
4dC|G#
*Z AIX O20 Tivoli Access Manager Web Portal Manager 53,kjITB=h:
1. T root C'm]G<#
2. 7#"am~qwM policy server Qt/"ZKP(Z}#==B)#
3. k7#ZzD2+rPD53OQ20\'VD Web /@w#Web Portal Manager
'V:
v Netscape Navigator 4.7x M 7.0
v Microsoft Internet Explorer 5.5 M 6.0
4. k7#Q20 IBM JRE 1.3.1.5#`X8>E",kNDZ 241 3#
20 Web Portal Manager 53
Z 11 B 20 Web Portal Manager 53 137
":g{kT\'VD IBM JRE TbD JRE dC Web Portal Manager,dCI
\a'\#
5. 20 IBM WebSphere Application Server#`X8>E",kNDZ 245 3#
6. ek IBM Tivoli Access Manager Web Administration Interfaces for AIX CD "2
0|#
7. 20TBm~|:
installp -acgXd cd_mount_point/usr/sys/inst.images packages
dP cd_mount_point/usr/sys/inst.images G20 CD D?<,packages gB:
PDJ.rte 8( Access Manager Java Runtime Environment m~|#
PD.WPM 8( Access Manager Web Portal Manager m~|#
":b)m~|Xk20Zk IBM WebSphere Application Server `,D53O#
8. *9C}"o(1!oT)TbDoTi44,M{",kZdCm~|.02
0oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
9. + Access Manager Java Runtime Environment i~dC*CZf WebSphere ;
p20D JRE#*jIbnYw,kq-TBb)=h:
a. P;A /opt/PolicyDirector/sbin ?<"dkTB|n:
./pdjrtecfg -action config -interactive
b. !qj+dC`M#
c. 8(f IBM WebSphere Application Server ;p20D JRE#}g:
/usr/WebSphere/AppServer/java/jre
d. 8( policy server wz{"KZMr#
":PXK5CLrD|`E",kNDZ 412 3D:pdjrtecfg;#
10. dC Access Manager Web Portal Manager m~|:
./amwpmcfg -action config -interactive
":PXK5CLrD|`E",kNDZ 392 3D:amwpmcfg;#
11. Zt/ Web Portal Manager gf.0,XBt/ WebSphere Application Server M
IBM HTTP Server#
*XBt/ WebSphere Application Server,kgBy>KP startServer.sh E>
(;Z /usr/WebSphere/AppServer/bin ?<):
./stopServer.sh server1
./startServer.sh server1
*XBt/ IBM HTTP Server,kdkTB|n:
/usr/HTTPServer/apachectl restart
":g{20K;9C IBM HTTP Server D"am~qw,"R}Z,;v53
O20 Web Portal Manager,k7# Web ~qwKZG;,D#*|D IBM
HTTP Server 1!KZ,k`- /usr/HTTPServer/conf/httpd.conf D~,
gBy>+1!KZ 80 |D* 8080,;sXBt/ IBM HTTP Server#
# Port: The port the standalone listens to.Port 8080
12. *CJ Web Portal Manager gf,kZ Web /@wPdkTBX7:
20 Web Portal Manager 53
138 IBM Tivoli Access Manager for e-business: Web Security 208O
http://hostname/pdadmin
dP,hostname G IBM WebSphere Application Server }ZKP IBM HTTP Server
DGv53D{F#
bMjIK Web Portal Manager 53D20#*20m;v Tivoli Access Manager 5
3,kq-Z 24 3D:20}L;PD=h#PX Web Portal Manager \mNqDE
",kND6IBM Tivoli Access Manager Base \m8O7#
"b,Tivoli Access Manager ;a)1!$iT9 Web Portal Manager Z/@wM
WebSphere Application Server 9CD HTTP ~qw.d5V2+,S#(iz:r CA
$i,;s+|dC= Web Portal Manager 73P#
HP-UX:20 Web Portal Manager 53
TB}L9C swinstall 420m~|,"R9C pdjrtecfg M amwpmcfg 5CL
r4dC|G#
*Z HP-UX O20 Tivoli Access Manager Web Portal Manager 53,kjITB=
h:
1. T root C'm]G<#
2. 7#"am~qwM policy server Qt/"ZKP(Z}#==B)#
3. k7#ZzD2+rPD53OQ20\'VD Web /@w#Web Portal Manager
'V:
v Netscape Navigator 4.7x M 7.0
v Microsoft Internet Explorer 5.5 M 6.0
4. k7#Q20 IBM JRE 1.3.1#`X8>E",kNDZ 241 3#
":g{kT\'VD IBM JRE TbD JRE dC Web Portal Manager,dCI
\a'\#
5. 20 IBM WebSphere Application Server#`X8>E",kNDZ 247 3#
6. ek IBM Tivoli Access Manager Web Administration Interfaces for HP-UX CD#
7. Zs(Ht/ pfs_mountd,;sYt/ pfsd(g{|GP4KP)#9C
pfs_mount |n20 CD#}g,dkBP|n:
/usr/sbin/pfs_mount /dev/dsk/c0t0d0 /cd-rom
dP /dev/dsk/c0t0d0 G CD h8x /cd-rom G20c#
8. 20TBm~|:
swinstall -s /cd-rom/hp packages
dP /cd-rom/hp 8(?<,packages gB:
PDJrte 8( Access Manager Java Runtime Environment m~|#
PDWPM 8( Access Manager Web Portal Manager m~|#
":b)m~|Xk20Zk IBM WebSphere Application Server `,D53O#
9. *9C}"o(1!oT)TbDoTi44,M{",kZdCm~|.02
0oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
20 Web Portal Manager 53
Z 11 B 20 Web Portal Manager 53 139
10. + Access Manager Java Runtime Environment i~dC*CZf WebSphere ;
p20D JRE#*jIbnYw,kq-TBb)=h:
a. P;A /opt/PolicyDirector/sbin ?<"dkTB|n:
./pdjrtecfg -action config -interactive
b. !qj+dC`M#
c. 8(f IBM WebSphere Application Server ;p20D JRE#}g:
/usr/WebSphere/AppServer/java/jre
d. 8( policy server wz{"KZMr#
":PXK5CLrD|`E",kNDZ 412 3D:pdjrtecfg;#
11. dC Access Manager Web Portal Manager m~|:
./amwpmcfg -action config -interactive
":PXK5CLrD|`E",kNDZ 392 3D:amwpmcfg;#
12. gBy>6B CD:
pfs_umount -c /cd-rom
dP /cd-rom G20c#
13. Zt/ Web Portal Manager gf.0,XBt/ WebSphere Application Server M
IBM HTTP Server#
*XBt/ WebSphere Application Server,kgBy>KP startServer.sh E>
(;Z /usr/WebSphere/AppServer/bin ?<):
./stopServer.sh server1
./startServer.sh server1
*XBt/ IBM HTTP Server,kdkTB|n:
/opt/IBMHTTPServer/apachectl restart
":g{20K;9C IBM HTTP Server D"am~qw,"R}Z,;v53
O20 Web Portal Manager,k7# Web ~qwKZG;,D#*|D IBM
HTTP Server 1!KZ,k`- /opt/IBMHTTPServer/conf/httpd.conf D~,
gBy>+1!KZ 80 |D* 8080,;sXBt/ IBM HTTP Server#
# Port: The port the standalone listens to.Port 8080
14. *CJ Web Portal Manager gf,kZ Web /@wPdkTBX7:
http://hostname/pdadmin
dP,hostname G IBM WebSphere Application Server }ZKP IBM HTTP Server
DGv53D{F#
bMjIK Web Portal Manager 53D20#*20m;v Tivoli Access Manager 5
3,kq-Z 24 3D:20}L;PD=h#PX Web Portal Manager \mNqDE
",kND6IBM Tivoli Access Manager Base \m8O7#
"b,Tivoli Access Manager ;a)1!$iT9 Web Portal Manager Z/@wM
WebSphere Application Server 9CD HTTP ~qw.d5V2+,S#(iz:r CA
$i,;s+|dC= Web Portal Manager 73P#
20 Web Portal Manager 53
140 IBM Tivoli Access Manager for e-business: Web Security 208O
Linux:20 Web Portal Manager 53
TB}L9C rpm 420m~|,"R9C pdjrtecfg M amwpmcfg 5CLr4d
C|G#
*Z Linux O20 Tivoli Access Manager Web Portal Manager 53,kjITB=
h:
1. T root C'm]G<#
2. 7#"am~qwM policy server Qt/"ZKP(Z}#==B)#
3. k7#ZzD2+rPD53OQ20\'VD Web /@w#Web Portal Manager
'V:
v Netscape Navigator 4.7x M 7.0
v Microsoft Internet Explorer 5.5 M 6.0
4. k7#Q20 IBM JRE 1.3.1#`X8>E",kNDZ 242 3#
":g{kT\'VD IBM JRE TbD JRE dC Web Portal Manager,dCI
\a'\#
5. 20 IBM WebSphere Application Server#`X8>E",kNDZ 248 3#
6. ek IBM Tivoli Access Manager Web Administration Interfaces CD for xSeries,
zSeries, or pSeries and iSeries "20|#
7. P;= /mnt/cdrom/series ?<,dP /mnt/cdrom G CD D20cx series 8
( xSeries"zSeries r pSeries#
8. 20TBm~|:
rpm -ihv packages
dP packages gB:
Access Manager Java RuntimeEnvironment
Access Manager Web PortalManager
Linux on xSeries PDJrte-PD-5.1.0-0.i386.rpm PDWPM-PD-5.1.0-0.i386.rpm
Linux on zSeries PDJrte-PD-5.1.0-0.s390.rpm PDWPM-PD-5.1.0-0.s390.rpm
Linux on pSeries and
iSeries
PDJrte-PD-5.1.0-0.ppc.rpm PDWPM-PD-5.1.0-0.ppc.rpm
":b)m~|Xk20Zk IBM WebSphere Application Server `,D53O#
9. *9C}"o(1!oT)TbDoTi44,M{",kZdCm~|.02
0oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
10. + Access Manager Java Runtime Environment i~dC*CZf WebSphere ;
p20D JRE#*jIbnYw,kq-TBb)=h:
a. P;A /opt/PolicyDirector/sbin ?<"dkTB|n:
./pdjrtecfg -action config -interactive
b. !qj+dC`M#
c. 8(f IBM WebSphere Application Server ;p20D JRE#}g:
/opt/WebSphere/AppServer/java/jre
d. 8( policy server wz{"KZMr#
20 Web Portal Manager 53
Z 11 B 20 Web Portal Manager 53 141
":PXK5CLrD|`E",kNDZ 412 3D:pdjrtecfg;#
11. dC Access Manager Web Portal Manager m~|:
./amwpmcfg -action config -interactive
":PXK5CLrD|`E",kNDZ 392 3D:amwpmcfg;#
12. Zt/ Web Portal Manager gf.0,XBt/ WebSphere Application Server M
IBM HTTP Server#
*XBt/ WebSphere Application Server,kgBy>KP startServer.sh E>
(;Z /opt/WebSphere/AppServer/bin ?<):
./stopServer.sh server1
./startServer.sh server1
*XBt/ IBM HTTP Server,kdkTB|n:
/opt/IBMHTTPServer/apachectl restart
":g{20K;9C IBM HTTP Server D"am~qw,"R}Z,;v53
O20 Web Portal Manager,k7# Web ~qwKZG;,D#*|D IBM
HTTP Server 1!KZ,k`- /opt/IBMHTTPServer/conf/httpd.conf D~,
gBy>+1!KZ 80 |D* 8080,;sXBt/ IBM HTTP Server#
# Port: The port the standalone listens to.Port 8080
13. *CJ Web Portal Manager gf,kZ Web /@wPdkTBX7:
http://hostname/pdadmin
dP,hostname G IBM WebSphere Application Server }ZKP IBM HTTP Server
DGv53D{F#
bMjIK Web Portal Manager 53D20#*20m;v Tivoli Access Manager 5
3,kq-Z 24 3D:20}L;PD=h#PX Web Portal Manager \mNqDE
",kND6IBM Tivoli Access Manager Base \m8O7#
"b,Tivoli Access Manager ;a)1!$iT9 Web Portal Manager Z/@wM
WebSphere Application Server 9CD HTTP ~qw.d5V2+,S#(iz:r CA
$i,;s+|dC= Web Portal Manager 73P#
Solaris:20 Web Portal Manager 53
TB}L9C pkgadd 420m~|,"R9C pdjrtecfg M amwpmcfg 5CLr
4dC|G#
*Z Solaris O20MdC Web Portal Manager 53,kq-TBb)=h:
1. T root C'm]G<#
2. 7#"am~qwM policy server Qt/"ZKP(Z}#==B)#
3. k7#ZzD2+rPD53OQ20\'VD Web /@w#Web Portal Manager
'V:
v Netscape Navigator 4.7x M 7.0
v Microsoft Internet Explorer 5.5 M 6.0
4. k7#Q20 IBM JRE 1.3.1#`X8>E",kNDZ 243 3#
20 Web Portal Manager 53
142 IBM Tivoli Access Manager for e-business: Web Security 208O
":g{kT\'VD IBM JRE TbD JRE dC Web Portal Manager,dCI
\a'\#
5. 20 IBM WebSphere Application Server#`X8>E",kNDZ 250 3#
6. ek IBM Tivoli Access Manager Web Administration Interfaces for Solaris CD#
7. 20TBm~|(;N;v):
pkgadd -d /cdrom/cdrom0/solaris -a /cdrom/cdrom0/solaris/pddefault packages
dP:
-d /cdrom/cdrom0/solaris
8(m~|D;C#
-a /cdrom/cdrom0/solaris/pddefault
8(20\mE>D;C#
packages gB:
PDJrte 8( Access Manager Java Runtime Environment m~|#
PDWPM 8( Access Manager Web Portal Manager m~|#
":b)m~|Xk20Zk IBM WebSphere Application Server `,D53O#
8. *9C}"o(1!oT)TbDoTi44,M{",kZdCm~|.02
0oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
9. + Access Manager Java Runtime Environment i~dC*CZf WebSphere ;
p20D JRE#*jIbnYw,kq-TBb)=h:
a. P;A /opt/PolicyDirector/sbin ?<"dkTB|n:
./pdjrtecfg -action config -interactive
b. !qj+dC`M#
c. 8(f IBM WebSphere Application Server ;p20D JRE#}g:
/opt/WebSphere/AppServer/java/jre
d. 8( policy server wz{"KZMr#
":PXK5CLrD|`E",kNDZ 412 3D:pdjrtecfg;#
e. dC Accr iess Manager Web Portal Manager m~|:
./amwpmcfg -action config -interactive
":PXK5CLrD|`E",kNDZ 392 3D:amwpmcfg;#
10. Zt/ Web Portal Manager gf.0,XBt/ WebSphere Application Server M
IBM HTTP Server#
*XBt/ WebSphere Application Server,kgBy>KP startServer.sh E>
(;Z /opt/WebSphere/AppServer/bin ?<):
./stopServer.sh server1
./startServer.sh server1
*XBt/ IBM HTTP Server,kdkTB|n:
/opt/IBMHTTPServer/bin/apachectl restart
20 Web Portal Manager 53
Z 11 B 20 Web Portal Manager 53 143
":g{20K;9C IBM HTTP Server D"am~qw,"R}Z,;v53
O20 Web Portal Manager,k7# Web ~qwKZG;,D#*|D IBM
HTTP Server 1!KZ,k`- /opt/IBMHTTPServer/conf/httpd.conf D~,
gBy>+1!KZ 80 |D* 8080,;sXBt/ IBM HTTP Server#
# Port: The port the standalone listens to.Port 8080
11. *CJ Web Portal Manager gf,kZ Web /@wPdkTBX7:
http://hostname/pdadmin
dP,hostname G IBM WebSphere Application Server }ZKP IBM HTTP Server
DGv53D{F#
bMjIK Web Portal Manager 53D20#*20m;v Tivoli Access Manager 5
3,kq-Z 24 3D:20}L;PD=h#PX Web Portal Manager \mNqDE
",kND6IBM Tivoli Access Manager Base \m8O7#
"b,Tivoli Access Manager ;a)1!$iT9 Web Portal Manager Z/@wM
WebSphere Application Server 9CD HTTP ~qw.d5V2+,S#(iz:r CA
$i,;s+|dC= Web Portal Manager 73P#
Windows:20 Web Portal Manager 53
TB}L9C setup.exe 420m~|,"R9C pdjrtecfg M amwpmcfg 5CL
r4dC|G#
*Z Windows O20MdC Web Portal Manager 53,kq-TBb)=h:
1. T_P\m1X(DC'm]G<#
2. 7#"am~qwM policy server Qt/"ZKP(Z}#==B)#
3. k7#ZzD2+rPD53OQ20\'VD Web /@w#Web Portal Manager
'V:
v Netscape Navigator 4.7x M 7.0
v Microsoft Internet Explorer 5.5 M 6.0
4. k7#Q20 IBM JRE 1.3.1#`X8>E",kNDZ 243 3#
":g{kT\'VD IBM JRE TbD JRE dC Web Portal Manager,dCI
\a'\#
5. 20 IBM WebSphere Application Server#kNDZ 252 3D:Windows:20
WebSphere Application Server;#
6. ek IBM Tivoli Access Manager Web Administration Interfaces CD for Windows
2000 / Windows 2003#
7. 20 Access Manager Java Runtime Environment M Access Manager Web Portal
Manager m~|#*jIbnYw,kKP;ZTB?<D setup.exe D~:
windows\PolicyDirector\Disk Images\Disk1
q-*z8>E"TjI20#
":b)m~|Xk20Zk IBM WebSphere Application Server `,D53O#
20 Web Portal Manager 53
144 IBM Tivoli Access Manager for e-business: Web Security 208O
8. *9C}"o(1!oT)TbDoTi44,M{",kZdCm~|.02
0oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
9. + Access Manager Java Runtime Environment i~dC*CZf WebSphere ;
p20D JRE#*jIbnYw,kq-TBb)=h:
a. P;A install_dir\sbin ?<(}g,C:\Program Files\Tivoli\Policy
Director\sbin),"dkTB|n:
pdjrtecfg -action config -interactive
b. !qj+ dC`M"%wB;=#PXdC!nDhv,k%woz#
c. 8(f IBM WebSphere Application Server ;p20D JRE#}g:
C:\Program Files\WebSphere\AppServer\java\jre
%wB;=Lx#
d. 8( policy server wz{"KZMr#%w7(Tt/dC#
e. 1dCI&jI1,%w7(TKvdC5CLr#
":PXK5CLrD|`E",kNDZ 412 3D:pdjrtecfg;#
10. dC Access Manager Web Portal Manager m~|#*jIbnYw,kq-TB
b)=h:
a. P;A install_dir\sbin ?<(}g,C:\Program Files\Tivoli\Policy
Director\sbin),"dkTB|n:
amwpmcfg -action config -interactive
":PXK5CLrD|`E",kNDZ 392 3D:amwpmcfg;#
b. 8(20 IBM WebSphere Application Server D2076#}g,1!76G:
C:\Program Files\WebSphere\AppServer
%wB;=Lx#
c. 8( policy server wz{MKZ#%w7(TLx#
d. 8( Tivoli Access Manager \m1{F(sec_master)"\m1\kMr#
%w7(Tt/dC#
e. 1dCI&jI1,%w7(TKvdC5CLr#
11. (i:XBt/ IBM WebSphere Application Server M IBM HTTP Server#}g,
!q*< → hC → XFfe → \m$_,;s+w~q<jTXBt/b)~
qw#
":g{20K;9C IBM HTTP Server D"am~qw,"R}Z,;v53
O20 Web Portal Manager,k7# Web ~qwKZG;,D#*|D IBM
HTTP Server 1!KZ,k`- C:\Program Files
\IBMHTTPServer\conf\httpd.conf D~,gBy>+1!KZ 80 |D*
8080,;sXBt/ IBM HTTP Server#
# Port: The port the standalone listens to.Port 8080
12. *t/ Web Portal Manager,kZ Web /@wPdkTBX7:
http://hostname/pdadmin
20 Web Portal Manager 53
Z 11 B 20 Web Portal Manager 53 145
dP,hostname G IBM WebSphere Application Server }ZKP IBM HTTP Server
DGv53D{F#
bMjIK Web Portal Manager 53D20#*20m;v Tivoli Access Manager 5
3,kq-Z 24 3D:20}L;PD=h#PX Web Portal Manager \mNqDE
",kND6IBM Tivoli Access Manager Base \m8O7#
"b,Tivoli Access Manager ;a)1!$iT9 Web Portal Manager Z/@wM
WebSphere Application Server 9CD HTTP ~qw.d5V2+,S#(iz:r CA
$i,;s+|dC= Web Portal Manager 73P#
20 Web Portal Manager 53
146 IBM Tivoli Access Manager for e-business: Web Security 208O
Z 3 ?V Web Security 5320
Z 12 B 20 Attribute Retrieval Service. . . 1499C20r<20 . . . . . . . . . . . . 1499C>z5CLr20 . . . . . . . . . . 150
AIX:20 Attribute Retrieval Service . . . . 150HP-UX:20 Attribute Retrieval Service . . . 151Linux:20 Attribute Retrieval Service . . . . 152Solaris:20 Attribute Retrieval Service . . . . 153Windows:20 Attribute Retrieval Service . . . 154
Z 13 B 20 plug-in for Edge Server . . . 155200*s . . . . . . . . . . . . . . 155AIX:20 Tivoli Access Manager plug-in for EdgeServer . . . . . . . . . . . . . . . . 156Red Hat Enterprise Linux 2.1:20 Tivoli AccessManager plug-in for Edge Server . . . . . . . 157Solaris:20 Tivoli Access Manager plug-in forEdge Server . . . . . . . . . . . . . . 158Windows:20 Tivoli Access Manager plug-in forEdge Server . . . . . . . . . . . . . . 159Kb plug-in for Edge Server dC . . . . . . 160
~qwdC#M . . . . . . . . . . . . 161&CD~qwdCEn . . . . . . . . . 162TsUddC#M . . . . . . . . . . . 164%cG<dC#M . . . . . . . . . . . 165E(DdC}L . . . . . . . . . . . . 166
Z 14 B 20 plug-in for Web Servers . . . 167200*s . . . . . . . . . . . . . . 1679C20r<20 . . . . . . . . . . . . 1689C>z5CLr20 . . . . . . . . . . 169
20 plug-in for Apache Web Server . . . . . 169Linux on zSeries:20 plug-in for ApacheWeb Server . . . . . . . . . . . . 169Solaris:20 plug-in for Apache Web Server 170
20 plug-in for IBM HTTP Server . . . . . 172AIX:20 plug-in for IBM HTTP Server . . 172Linux:20 plug-in for IBM HTTP Server 173Solaris:20 plug-in for IBM HTTP Server 174
20 plug-in for Internet Information Services . . 17520 plug-in for Sun ONE Web Server . . . . 176
AIX:20 plug-in for Sun ONE Web Server 176Solaris:20 plug-in for Sun ONE WebServer . . . . . . . . . . . . . . 177
Z 15 B 20 Tivoli Access Manager forWebLogic . . . . . . . . . . . . . . 179200*s . . . . . . . . . . . . . . 1809C20r<20 . . . . . . . . . . . . 1809C>z5CLr20 . . . . . . . . . . 182
AIX:20 Tivoli Access Manager for WebLogic 182
HP-UX:20 Tivoli Access Manager forWebLogic . . . . . . . . . . . . . . 184Solaris:20 Tivoli Access Manager forWebLogic . . . . . . . . . . . . . . 186Windows:20 Tivoli Access Manager forWebLogic . . . . . . . . . . . . . . 188
* startWebLogic |nhC CLASSPATH . . . . 190dC Tivoli Access Manager for WebLogic . . . . 191
9C Console Extension Web &CLr . . . . 1919C|nP . . . . . . . . . . . . . 192
4( Tivoli Access Manager r . . . . . . . 1929C Console Extension Web &CLr . . . . 1939C|nP . . . . . . . . . . . . . 193
dC BEA WebLogic Server %;"a . . . . . 195bTdC . . . . . . . . . . . . . . . 197
Z 16 B 20 Tivoli Access Manager forWebSphere . . . . . . . . . . . . . 199200*s . . . . . . . . . . . . . . 1999C20r<20 . . . . . . . . . . . . 2009C>z5CLr20 . . . . . . . . . . 201
AIX:20 Tivoli Access Manager for WebSphere 201HP-UX:20 Tivoli Access Manager forWebSphere . . . . . . . . . . . . . 202Linux:20 Tivoli Access Manager forWebSphere . . . . . . . . . . . . . 203Solaris:20 Tivoli Access Manager forWebSphere . . . . . . . . . . . . . 204Windows:20 Tivoli Access Manager forWebSphere . . . . . . . . . . . . . 206
<kVPDC'Mi . . . . . . . . . . . 207* WebSphere 4( Tivoli Access Manager \mC
' . . . . . . . . . . . . . . . . . 207tC WebSphere 2+T . . . . . . . . . . 208
tC WebSphere V4.0.6 2+T . . . . . . 208tC WebSphere V5.0.2 r 5.1 2+T . . . . 209
dC Tivoli Access Manager for WebSphere . . . 210(F WebSphere 2+ThC . . . . . . . . 211
(F WebSphere V4.0.6 2+ThC . . . . . 211(F WebSphere V5.0.2 r 5.1 2+ThC . . 213
Z 17 B 20 WebSEAL development(ADK)
53 . . . . . . . . . . . . . . . . 2159C20r<20 . . . . . . . . . . . . 2159C>z5CLr20 . . . . . . . . . . 216
AIX:20 WebSEAL development(ADK)53 216HP-UX:20 WebSEAL development(ADK)5
3 . . . . . . . . . . . . . . . . 217Linux:20 WebSEAL development(ADK)5
3 . . . . . . . . . . . . . . . . 218
© Copyright IBM Corp. 2001, 2003 147
Solaris:20 WebSEAL development(ADK)5
3 . . . . . . . . . . . . . . . . 219Windows:20 WebSEAL development(ADK)
53 . . . . . . . . . . . . . . . 220
Z 18 B 20 WebSEAL server . . . . . . 2239C20r<20 . . . . . . . . . . . . 2239C>z5CLr20 . . . . . . . . . . 224
AIX:20 WebSEAL Server . . . . . . . 224HP-UX:20 WebSEAL server . . . . . . 225Linux:20 WebSEAL Server . . . . . . . 226Solaris:20 WebSEAL Server . . . . . . 227Windows:20 WebSEAL Server . . . . . . 228
148 IBM Tivoli Access Manager for e-business: Web Security 208O
Z 12 B 20 Attribute Retrieval Service
>Ba)PX20MdC attribute retrieval service DE"#
zIT9CTB20=(.;420K53:
v Z 135 3D:9C20r<20;
v Z 137 3D:9C>z5CLr20;
9C20r<20
install_amwebars 20r<(}20MdCTBi~r/K attribute retrieval service
D20:
v IBM WebSphere Application Server V5.0.2,|( IBM HTTP Server V1.3.26
v Access Manager Attribute Retrieval Service V5.1
":Cr<lbi~GqQ20,R;"TYN20|#
*9C install_amwebars r<20MdC attribute retrieval service,kq-TBb)
=h:
":attribute retrieval service 20r<Z HP-UX O;IC#g{}Z HP-UX OxP
20,kNDZ 150 3D:9C>z5CLr20;PD8>E"#
1. 7#Q20yPX*DYw539!#`XE",kNDZ 33 3D:\'VD=
((|(Xh9!);#
2. 7#"am~qwM policy server Qt/"ZKP(Z}#==B)#
3. 7#ZKP20r<.0Q20 IBM JRE 1.3.1(Z AIX O* 1.3.1.5)#`X8>
E",kNDZ 241 3#
":g{kT}\'VD IBM JRE TbD JRE dC attribute retrieval service,r
dCI\a'\#
4. *9C}"o(1!oT)TbDoTi44,M{",XkZKP20r<.0
20oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
5. vZ Windows 53O,KvyP}ZKPDLr#
6. KP install_amwebars Lr,CLr;ZT&Z AIX"Linux"Solaris"Windows
2000 M Windows 2003 =(D IBM Tivoli Access Manager Attribute Retrieval Service
CD ODy?<P#
20r<(}a>zdkZ 308 3D:install_amwebars;PhvDdCE"*<K
P#Zza)KE"(rS\1!5).s,i~Z;Px;=I$DivBjI
20MdC#
7. g{}Z AIX"Linux on xSeries r Windows 2000 OxP20,rgBy>20
^)| 2#
":d|\'VD=(Q20Z WebSphere Application Server 5.0.2 6pO#
© Copyright IBM Corp. 2001, 2003 149
a. #9 WebSphere Application Server M IBM HTTP Server#g{Z,;vzwO
20K LDAP "am~qw,r9k7##9 LDAP ~qw#
b. 7#QhC JAVA_HOME 53d?#
c. ekCZzD=(D IBM Tivoli Access Manager WebSphere Fix Pack CD#
d. + CD DZ]4F=2L}/wOD;vY1?<P#
e. KP updateWizard E>(UNIX)rz&mD~(Windows),CE>rD~;
Z platform/websphere_fixpack S?<(z4F CD Z]D;C)#
+T>0|B20r<1#
f. q-*z8>E"20^)| 2#k7#dk4F^)|D~DGvY1?<#
}g,g{+ websphere_fixpack ?<S CD 4F=z53OD C:\temp ?<,
rZ0^)|?<1VNPdkTBZ]:
C:\temp\websphere_fixpack\fixpacks
120jI1,%wjI#
":Tivoli Access Manager ;*s06k={"+]1#g{Q* WebSphere
Application Server 5.0 hCK06k={"+]1,rIT!q|BK&\
?~#
g. *+ attribute retrieval service ?p= WebSphere Application Server 73"+
WebSEAL dC*9C attribute retrieval service,kND6IBM Tivoli Access
Manager for e-business WebSEAL \m8O7#
bMjIK attribute retrieval service D20#*20m;v Tivoli Access Manager 5
3,kq-Z 24 3D:20}L;PD=h#
PX attribute retrieval service DE",kND6IBM Tivoli Access Manager for e-business
WebSEAL \m8O7#
9C>z5CLr20
TBwZ9z\;9Cl$DX(Z=(D5CLr20 Tivoli Access Manager m~#
kT/20r<;,,zXkTJ1D3rV/20?vi~MNNX8m~#
jIJCZzDYw53D8>E":
v AIX,ZZ 150 3O
v HP-UX,ZZ 151 3O
v Linux,ZZ 152 3O
v Solaris,ZZ 153 3O
v Windows,ZZ 154 3O
AIX:20 Attribute Retrieval ServiceTB}L9C installp 420m~|#
*Z AIX O20 attribute retrieval service,kjITB=h:
1. T root C'm]G<#
2. 7#"am~qwM policy server Qt/"ZKP(Z}#==B)#
20 Attribute Retrieval Service
150 IBM Tivoli Access Manager for e-business: Web Security 208O
3. k7#Q20 IBM JRE 1.3.1.5#`X8>E",kNDZ 241 3#
4. 20 IBM WebSphere Application Server#`X8>E",kNDZ 245 3#
5. ek IBM Tivoli Access Manager Attribute Retrieval Service for AIX CD "20|#
6. 20TBm~|:
installp -acgXd cd_mount_point/usr/sys/inst.images PDWeb.ARS
dP cd_mount_point/usr/sys/inst.images G20C CD D?<,x PDWeb.ARS
G Access Manager Attribute Retrieval Service m~|#
":Cm~|Xk20Zk IBM WebSphere Application Server `,D53O#
7. *9C}"o(1!oT)TbDoTi44,M{",k20oT'Vm~|#
`X8>E",kNDZ 43 3D:20oT'V|;#
8. *+ attribute retrieval service ?p= WebSphere Application Server 73,kKP
Deploy.sh D~"q-;Z /opt/pdwebars/ ?<PD Readme.deploy D~PD8
>E"#
9. *+ WebSEAL dC*9C attribute retrieval service,kND6IBM Tivoli Access
Manager for e-business WebSEAL \m8O7#
bMjIK attribute retrieval service D20#*20m;v Tivoli Access Manager 5
3,kq-Z 24 3D:20}L;PD=h#
PX attribute retrieval service DE",kND6IBM Tivoli Access Manager for e-business
WebSEAL \m8O7#
HP-UX:20 Attribute Retrieval ServiceTB}L9C swinstall 420m~|#
*Z HP-UX O20 attribute retrieval service,kjITB=h:
1. T root C'm]G<#
2. 7#"am~qwM policy server Qt/"ZKP(Z}#==B)#
3. k7#Q20 IBM JRE 1.3.1#`X8>E",kNDZ 241 3#
4. 20 IBM WebSphere Application Server#`X8>E",kNDZ 247 3#
5. ek IBM Tivoli Access Manager Attribute Retrieval Service for HP-UX CD#
6. Zs(Ht/ pfs_mountd,;sYt/ pfsd(g{|GP4KP)#9C
pfs_mount |n20 CD#}g,dkBP|n:
/usr/sbin/pfs_mount /dev/dsk/c0t0d0 /cd-rom
dP /dev/dsk/c0t0d0 G CD h8x /cd-rom G20c#
7. 20TBm~|:
swinstall -s /cd-rom/hp PDWebARS
dP /cd-rom/hp 8(?<,x PDWebARS 8( Access Manager Attribute Retrieval
Service#
":Cm~|Xk20Zk IBM WebSphere Application Server `,D53O#
8. *9C}"o(1!oT)TbDoTi44,M{",k20oT'Vm~
|#`X8>E",kNDZ 43 3D:20oT'V|;#
20 Attribute Retrieval Service
Z 12 B 20 Attribute Retrieval Service 151
9. *+ attribute retrieval service ?p= WebSphere Application Server 73,kK
P Deploy.sh D~"q-;Z /opt/pdwebars/ ?<PD Readme.deploy D~P
D8>E"#
10. *+ WebSEAL dC*9C attribute retrieval service,kND6IBM Tivoli Access
Manager for e-business WebSEAL \m8O7#
11. gBy>6B CD:
pfs_umount -c /cd-rom
dP /cd-rom G20c#
bMjIK attribute retrieval service D20#*20m;v Tivoli Access Manager 5
3,kq-Z 24 3D:20}L;PD=h#
PX attribute retrieval service DE",kND6IBM Tivoli Access Manager for e-business
WebSEAL \m8O7#
Linux:20 Attribute Retrieval ServiceTB}L9C rpm 420m~|#
*Z Linux O20 attribute retrieval service,kjITB=h:
1. T root C'm]G<#
2. 7#"am~qwM policy server Qt/"ZKP(Z}#==B)#
3. k7#Q20 IBM JRE 1.3.1#`X8>E",kNDZ 242 3#
4. 20 IBM WebSphere Application Server#`X8>E",kNDZ 248 3#
5. ekT&Z xSeries r zSeries D IBM Tivoli Access Manager Attribute Retrieval
Service CD "20|#
6. P;A /mnt/cdrom/series ?<,dP /mnt/cdrom G CD D20cx series 8
( xSeries r zSeries#
7. 20TBm~|:
rpm -ihv package
dP package gB:
Access Manager Attribute Retrieval Service
Linux on xSeries PDWebARS-PD-5.1.0-0.i386.rpm
Linux on zSeries PDWebARS-PD-5.1.0-0.s390.rpm
":Cm~|Xk20Zk IBM WebSphere Application Server `,D53O#
8. *9C}"o(1!oT)TbDoTi44,M{",k20oT'Vm~
|#`X8>E",kNDZ 43 3D:20oT'V|;#
9. *+ attribute retrieval service ?p= WebSphere Application Server 73,kK
P Deploy.sh D~"q-;Z /opt/pdwebars/ ?<PD Readme.deploy D~P
D8>E"#
10. *+ WebSEAL dC*9C attribute retrieval service,kND6IBM Tivoli Access
Manager for e-business WebSEAL \m8O7#
20 Attribute Retrieval Service
152 IBM Tivoli Access Manager for e-business: Web Security 208O
bMjIK attribute retrieval service D20#*20m;v Tivoli Access Manager 5
3,kq-Z 24 3D:20}L;PD=h#
PX attribute retrieval service DE",kND6IBM Tivoli Access Manager for e-business
WebSEAL \m8O7#
Solaris:20 Attribute Retrieval ServiceTB}L9C pkgadd 420m~|#
*Z Solaris O20 attribute retrieval service,kq-TBb)=h:
1. T root C'm]G<#
2. 7#"am~qwM policy server Qt/"ZKP(Z}#==B)#
3. k7#Q20 IBM JRE 1.3.1#`X8>E",kNDZ 243 3#
":g{kT}\'VD IBM JRE TbD JRE dC attribute retrieval service,r
dCI\a'\#
4. 20 IBM WebSphere Application Server#`X8>E",kNDZ 250 3#
5. ek IBM Tivoli Access Manager Attribute Retrieval Service for Solaris CD#
6. 20TBm~|(;N;v):
pkgadd -d /cdrom/cdrom0/solaris -a /cdrom/cdrom0/solaris/pddefault PDWebARS
dP:
-d /cdrom/cdrom0/solaris
8(m~|D;C#
-a /cdrom/cdrom0/solaris/pddefault
8(20\mE>D;C#
PDWebARS 8( Access Manager Attribute Retrieval Service m~|#
":Cm~|Xk20Zk IBM WebSphere Application Server `,D53O#
7. *9C}"o(1!oT)TbDoTi44,M{",k20oT'Vm~|#
`X8>E",kNDZ 43 3D:20oT'V|;#
8. *+ attribute retrieval service ?p= WebSphere Application Server 73,kKP
Deploy.sh D~"q-;Z /opt/pdwebars/ ?<PD Readme.deploy D~PD8
>E"#
9. *+ WebSEAL dC*9C attribute retrieval service,kND6IBM Tivoli Access
Manager for e-business WebSEAL \m8O7#
bMjIK attribute retrieval service D20#*20m;v Tivoli Access Manager 5
3,kq-Z 24 3D:20}L;PD=h#
PX attribute retrieval service DE",kND6IBM Tivoli Access Manager for e-business
WebSEAL \m8O7#
20 Attribute Retrieval Service
Z 12 B 20 Attribute Retrieval Service 153
Windows:20 Attribute Retrieval ServiceTB}L9C setup.exe 420m~|#
*Z Windows O20 attribute retrieval service,kq-TBb)=h:
1. T_P\m1X(DC'm]G<#
2. 7#"am~qwM policy server Qt/"ZKP(Z}#==B)#
3. k7#Q20 IBM JRE 1.3.1#`X8>E",kNDZ 243 3#
4. 20 IBM WebSphere Application Server#kNDZ 252 3D:Windows:20
WebSphere Application Server;#
5. ekT&Z Windows 2000 r Windows 2003 D IBM Tivoli Access Manager Attribute
Retrieval Service CD#
6. 20 Access Manager Attribute Retrieval Service m~|#*jIbnYw,kKP
;ZTB?<D setup.exe D~:
windows\PolicyDirector\Disk Images\Disk1
q-*z8>E"TjI20#
":Cm~|Xk20Zk IBM WebSphere Application Server `,D53O#
7. *9C}"o(1!oT)TbDoTi44,M{",k20oT'Vm~|#
`X8>E",kNDZ 43 3D:20oT'V|;#
8. *+ attribute retrieval service ?p= WebSphere Application Server 73,kKP
Deploy.bat D~"q-;Z C:\Program Files\Tivoi\AMWebARS\ ?<PD
Readme.deploy D~PD8>E"#
9. *+ WebSEAL dC*9C attribute retrieval service,kND6IBM Tivoli Access
Manager for e-business WebSEAL \m8O7#
bMjIK attribute retrieval service D20#*20m;v Tivoli Access Manager 5
3,kq-Z 24 3D:20}L;PD=h#
PX attribute retrieval service DE",kND6IBM Tivoli Access Manager for e-business
WebSEAL \m8O7#
20 Attribute Retrieval Service
154 IBM Tivoli Access Manager for e-business: Web Security 208O
Z 13 B 20 plug-in for Edge Server
>Ba)PX20"dC Tivoli Access Manager plug-in for Edge Server 53DE"#
XZK Web Security 53D|`E",kND IBM Tivoli Access Manager for e-business
IBM WebSphere Edge Server Integration Guide#
Access Manager plug–in for Edge Server 'V IBM WebSphere Edge Server V5.1,"
h*TBi~MX8z7:
v IBM WebSphere Edge Server V5.1
v Global Security Kit V7
v IBM Tivoli Directory Client V5.2
v Access Manager Runtime V5.1
v Access Manager Web Security Runtime V5.1(Linux O}b)
v Access Manager Plug-in for Edge Server V5.1
;\9C>z20=(420K53#4a)20r<#*Z20sdCm~|,k
9C pdconfig 5CLr#
jIJCZzDYw53D8>E":
v AIX,ZZ 156 3O
v Red Hat Enterprise Linux 2.1,ZZ 157 3O
v Solaris,ZZ 158 3O
v Windows,ZZ 159 3O
PX|`E",kND6IBM Tivoli Access Manager for e-business Plug-in for Web
Servers /I8O7#
200*s
Z20MdC Tivoli Access Manager Plug–in for Web Servers 53.0,7#zcT
B*s#;\zF.9CDV20=(,b)*syJC#
v 7#2+rP20K Tivoli Access Manager "am~qwM policy server#XZ2
0b)53D8>E",kNDZ 53 3DZ 2 ?V, :Base 5320;#
v 7#K53O20"dCK IBM WebSphere Edge Server V5.1#
v 7# Tivoli Access Manager 'VKP IBM WebSphere Edge Server D=(#9k
7#20KyPX*DYw539!#`XE",kNDZ 33 3D:\'VD=(
(|(Xh9!);#
© Copyright IBM Corp. 2001, 2003 155
AIX:20 Tivoli Access Manager plug-in for Edge ServerTB}L9C installp 420m~|#*Z AIX O20 Tivoli Access Manager plug-in
for Edge Server,kq-TBb)=h:
1. T root C'm]G<=53#
2. 7#QzcZZ 155 3D:200*s;PPvD*s#
3. ek IBM Tivoli Access Manager Web Security for AIX CD "20|#
4. 20 GSKit#`X8>E",kNDZ 233 3#
5. 20 IBM Tivoli Directory Client#`X8>E",kNDZ 238 3#
6. 20TBm~|:
installp -acgXd cd_mount_point/usr/sys/inst.images packages
dP cd_mount_point/usr/sys/inst.images G20 CD D?<,packages gB:
PD.RTE 8( Access Manager Runtime m~|#
PDWeb.RTE 8( Access Manager Web Security Runtime m~|#
PDPlgES 8( Access Manager Plug-in for Edge Server m~|#
7. *9C}"o(1!oT)TbDoTi44,M{",XkZdCm~|.02
0oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
8. dC Access Manager Runtime,;sdC Access Manager Plug-in for Edge Server
m~|,gBy>:
a. t/dC5CLr:
pdconfig
+T> Tivoli Access Manager hCK%#
b. t!qdCm~|,rdkK%E 1#+T> Tivoli Access Manager dCK
%#
c. !qk*dCDm~|DK%E,;N!q;v#PXdC!nDoz,kN
DZ 319 3DZ 23 B, :pdconfig !n;#
1vV{"8>QI&dCm~|1,!q x !n=NTXUdC5CLr#
dC5CLrjITBNq:
v 4(~qwD"amTs#
v +~qwmS=2+i ivacld-servers M SecurityGroup#
v 4( SSL $i#
v q!4T Tivoli Access Manager policy server D SSL )p$i#
v (}Z Edge Server _Y:fzmdCD~ ibmproxy.conf PhC18n,+zm
dC*9C plug-in for Edge Server#
v XBt/ Edge Server _Y:fzmxL ibmproxy#
v (}9C wesosm 5CLr,t/ plug-in for Edge Server TsUd\mw5CL
r#K5CLr|B Tivoli Access Manager TsUd4* plug-in for Edge Server
4(BDTsUd]w#PXK5CLrD|`E",kNDZ 4 3 1 3D
:wesosm;#
20 plug-in for Edge Server
156 IBM Tivoli Access Manager for e-business: Web Security 208O
bMjIK Tivoli Access Manager plug-in for Edge Server 53D20# Edge Server
_Y:fzmVZMk0kD plug-in for Edge Server ;pKPK#IT9C\mC'
sec_master 4CJ_Y:fzmDw3#
Red Hat Enterprise Linux 2.1:20 Tivoli Access Manager plug-infor Edge Server
TB}L9C rpm 420m~|#*Z Red Hat Enterprise Linux 2.1 O20 Access
Manager Plug-in for Edge Server,kq-TBb)=h#
":Red Hat Enterprise Linux 2.1 O;h* Access Manager Web Security Runtime#
1. T root C'm]G<=53#
2. 7#QzcZZ 155 3D:200*s;PPvD*s#
3. ek IBM Tivoli Access Manager Web Security for xSeries CD "20|#
4. P;= /mnt/cdrom/xseries ?<,dP /mnt/cdrom G CD D20c#
5. 20 GSKit#`X8>E",kNDZ 234 3#
6. 20 IBM Tivoli Directory Client#`X8>E",kNDZ 239 3#
7. 20TBm~|:
rpm -ihv packages
dP packages gB:
PDRTE-PD-GCC295–5.1.0–0.i386.rpm
8( Access Manager Runtime m~|#
PDPlgES-PD-5.1.0–0.i386.rpm
8( Plug-in for Edge Server m~|#
8. *9C}"o(1!oT)TbDoTi44,M{",XkZdCm~|.02
0oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
9. dC Access Manager Runtime,;sdC Access Manager Plug-in for Edge Server
m~|,gBy>:
a. t/dC5CLr:
pdconfig
+T> Tivoli Access Manager hCK%#
b. t!qdCm~|,rdkK%E 1#+T> Tivoli Access Manager dCK
%#
c. !qk*dCDm~|DK%E,;N!q;v#PXdC!nDoz,kN
DZ 319 3DZ 23 B, :pdconfig !n;#
1vV{"8>QI&dCm~|1,!q x !n=NTXUdC5CLr#
dC5CLrjITBNq:
v 4(~qwD"amTs#
v +~qwmS=2+i ivacld-servers M SecurityGroup#
v 4( SSL $i#
v q!4T Tivoli Access Manager policy server D SSL )p$i#
20 plug-in for Edge Server
Z 13 B 20 plug-in for Edge Server 157
v (}Z Edge Server _Y:fzmdCD~ ibmproxy.conf PhC18n,+zm
dC*9C plug-in for Edge Server#
v XBt/ Edge Server _Y:fzmxL ibmproxy#
v (}9C wesosm 5CLr,t/ plug-in for Edge Server TsUd\mw5CL
r#K5CLr|B Tivoli Access Manager TsUd4* plug-in for Edge Server
4(BDTsUd]w#PXK5CLrD|`E",kNDZ 4 3 1 3D
:wesosm;#
bMjIK Tivoli Access Manager plug-in for Edge Server 53D20#*20m;
v Tivoli Access Manager 53,kq-Z 24 3D:20}L;PD=h#
Edge Server _Y:fzmVZMk0kD plug-in for Edge Server ;pKPK#IT
9C\mC' sec_master 4CJ_Y:fzmDw3#
Solaris:20 Tivoli Access Manager plug-in for Edge ServerTB}L9C pkgadd 420m~|#*Z Solaris O20 Tivoli Access Manager
plug-in for Edge Server,kq-TBb)=h:
1. T root C'm]G<#
2. 7#QzcZZ 155 3D:200*s;PPvD*s#
3. ek IBM Tivoli Access Manager Web Security for Solaris CD#
4. 20 GSKit#`X8>E",kNDZ 235 3#
5. 20 IBM Tivoli Directory Client#`X8>E",kNDZ 239 3#
6. 20TBm~|(;N;v):
pkgadd -d /cdrom/cdrom0/solaris -a /cdrom/cdrom0/solaris/pddefault packages
dP:
-d /cdrom/cdrom0/solaris
8(m~|D;C#
-a /cdrom/cdrom0/solaris/pddefault
8(20\mE>D;C#
packages gB:
PDRTE 8( Access Manager Runtime m~|#
PDWebRTE 8( Access Manager Web Security Runtime m~|#
PDPlgES 8( Plug-in for Edge Server m~|#
7. *9C}"o(1!oT)TbDoTi44,M{",XkZdCm~|.02
0oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
8. dC Access Manager Runtime,;sdC Access Manager Plug-in for Edge Server
m~|,gBy>:
a. t/dC5CLr:
pdconfig
+T> Tivoli Access Manager hCK%#
20 plug-in for Edge Server
158 IBM Tivoli Access Manager for e-business: Web Security 208O
b. t!qdCm~|,rdkK%E 1#+T> Tivoli Access Manager dCK
%#
c. !qk*dCDm~|DK%E,;N!q;v#PXdC!nDoz,kN
DZ 319 3DZ 23 B, :pdconfig !n;#
1vV{"8>QI&dCm~|1,!q x !n=NTXUdC5CLr#
dC5CLrjITBNq:
v 4(~qwD"amTs#
v +~qwmS=2+i ivacld-servers M SecurityGroup#
v 4( SSL $i#
v q!4T Tivoli Access Manager policy server D SSL )p$i#
v (}Z Edge Server _Y:fzmdCD~ ibmproxy.conf PhC18n,+zm
dC*9C plug-in for Edge Server#
v XBt/ Edge Server _Y:fzmxL ibmproxy#
v (}9C wesosm 5CLr,t/ plug-in for Edge Server TsUd\mw5CL
r#K5CLr|B Tivoli Access Manager TsUd4* plug-in for Edge Server
4(BDTsUd]w#PXK5CLrD|`E",kNDZ 4 3 1 3D
:wesosm;#
bMjIK Tivoli Access Manager plug-in for Edge Server 53D20#*20m;
v Tivoli Access Manager 53,kq-Z 24 3D:20}L;PD=h#
Edge Server _Y:fzmVZMk0kD plug-in for Edge Server ;pKPK#IT
9C\mC' sec_master 4CJ_Y:fzmDw3#
Windows:20 Tivoli Access Manager plug-in for Edge ServerTB}L9C setup.exe Lr420m~|#*Z Windows O20 Tivoli Access
Manager plug-in for Edge Server,kq-TBb)=h:
1. T_P\m1X(DC'm]G<#
2. 7#QzcZZ 155 3D:200*s;PPvD*s#
3. 20 GSKit#`X8>E",kNDZ 235 3#
4. 20 IBM Tivoli Directory Client#`X8>E",kNDZ 240 3#
5. ek IBM Tivoli Access Manager Web Security for Windows 2000 and Windows 2003
CD#
6. KP;ZTB?<D setup.exe D~:
\windows\PolicyDirector\Disk Images\Disk1\setup.exe
+T>0!q20oT1T0r#
7. !qk*CZ20DoT,"%w7(#
8. +T>06-1T0r#%wB;=Lx#
9. DAmI$-i,g{,bb)un,r%wG#
10. !qTBm~|"%wB;=:
v Access Manager Runtime
v Access Manager Web Security Runtime
20 plug-in for Edge Server
Z 13 B 20 plug-in for Edge Server 159
v Access Manager Plug-in for Edge Server
11. S\1!?DX?<,r%w/@TZ>X53O!qm;v?<D76#g{
C?<;fZ,rzXk7O*4(C?<,r_8(QfZD?<#
12. **<4FD~=?DXD~P,%wB;=#
13. %wjIKv20Lr#
14. *9C}"o(1!oT)TbDoTi44,M{",XkZdCm~|.0
20oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
15. dC Access Manager Runtime,;sdC Access Manager Plug-in for Edge Server
m~|,gBy>:
a. t/dC5CLr:
pdconfig
+T> Access Manager dC0Z#
b. !q Access Manager Runtime m~|"%wdC#
c. !q Access Manager Plug-in for Edge Server m~|"%wdC#
PXb)dC!nDoz,kNDZ 319 3DZ 23 B, :pdconfig !n;#
dC5CLrjITBNq:
v 4(~qwD"amTs#
v +~qwmS=2+i ivacld-servers M SecurityGroup#
v 4( SSL $i#
v q!4T Tivoli Access Manager policy server D SSL )p$i#
v (}Z Edge Server _Y:fzmdCD~ ibmproxy.conf PhC18n,+zm
dC*9C plug-in for Edge Server#
v XBt/ Edge Server _Y:fzmxL ibmproxy#
v (}9C wesosm 5CLr,t/ plug-in for Edge Server TsUd\mw5CL
r#K5CLr|B Tivoli Access Manager TsUd4* plug-in for Edge Server
4(BDTsUd]w#PXK5CLrD|`E",kNDZ 4 3 1 3D
:wesosm;#
bMjIK Tivoli Access Manager plug-in for Edge Server 53D20#*20m;
v Tivoli Access Manager 53,kq-Z 24 3D:20}L;PD=h#
Edge Server _Y:fzmVZMk0kD plug-in for Edge Server ;pKPK#IT
9C\mC' sec_master 4CJ_Y:fzmDw3#
Kb plug-in for Edge Server dC
>Ba)K plug-in for Edge Server dCDEv,bMKPXEn"#MM}L#>B
|,TBwZ:
v Z 161 3D:~qwdC#M;
v Z 162 3D:&CD~qwdCEn;
v Z 164 3D:TsUddC#M;
v Z 165 3D:%cG<dC#M;
20 plug-in for Edge Server
160 IBM Tivoli Access Manager for e-business: Web Security 208O
v Z 166 3D:E(DdC}L;
~qwdC#M
(}Z Edge Server zmOx;GZ Web ~qwO?F5)2+T,Plug-in for Edge
Server *\#$rZD Web ~qwa)O$MZ(~q#(}5VZzmO?F5)
D2+T,Ce~*\#$rZDyP Web ~qw/Pa)2+~q#;) Edge
Server e~Q7(X(C'C=KCJ;ksJ4DZ(,CksakC'E";p*
"= Web ~qw#
vZT\MZ]V"D-r,;v Web >cDZ]I\ag`v Web ~qw#!\
;) Web ~qwI\w\Z],+d| Web ~qwrI\w\;5P Web &CL
r,?v Web &CLr_P;,D2+T*s#}g,;)~qwI\;*sO$,
xd|~qwr*sO$#?v*sO$D~qwI\*sT(;Dq=a;C'E
"#!\P)2+ThCTyP~qwG+2D(}gm%a0,1MU>G<6
p),+P)hCT?v~qw4G(;D(}gG<=(M%cG<)#IZKV<
=TJ,Ce~h*\*;v2+rPD`v Web ~qwa)2+~q#
Ce~9C0TsUd(e1dCD~ osdef.conf 4#$V<= Web ~qw#Kd
CD~V*?v\#$D Web ~qwDdChC,Sx9CX(Z Web ~qwDd
CI*I\#P}`~qw(eCZdCD~P,gBmy>#
~qw(e hv
[Global] KZBPvDhCJCZyP Web ~qw#KZ;P;v5
}#
[Local] [Local] ZBPvDhCvJCZ Edge Server _Y:fzm#
KZ;P;v5}#
[Remote: Tivoli Access Manager
Object Space Name]
[Remote: ...] ZBPvDhCJCZ\e~#$Db?r6L
Web ~qw#KZITP`v5}#
}KZ osdef.conf D~PG<DY}}bivTb,NNhCyITECZNN(e
B#}g,form_session_timeout hCITECZ [Global] ZBr_ [Remote] Z
B,gBy>:
[Global]login_method = formsform_login_file = /opt/pdweb-lite/samples/forms/welcome.htmlform_session_timeout = 10
[Remote: /ESproxy/reverse/anyother.com]domains = anyother.com
[Remote: /ESproxy/reverse/verysecure.com]domains = verysecure.comform_session_timeout = 1
ZOfD>}P,NNG<= verysecure.com DC';Jm#VUP,};VS,qr
{GDa0+=Z#+G,TZNNG<= anyother.com MyPd|rDC',UP,
1* 10 VS,r*|QZ [Global] (ePhC#}Y}}biv([SSO] hC)T
b,KLP#MITCZdCD~PDNN~qwhCO,g< 1 y>#
< 1. 9CLP#MD Plug-in for Edge Server
20 plug-in for Edge Server
Z 13 B 20 plug-in for Edge Server 161
(}9CKLP#M,T?v Web ~qwy`,DhC^hZ?v~qw(eBX4,
xIT;ZdCD~D [Global] (eBPv;N#}g,g{yP~qw9C`,D
m%G<D~,rChCITPZ [Global] (eP#
&CD~qwdCEn
PKTdCD~Dy>Kb,|]WmbCe~gN9CKdCD~?F5)2+
T#;)e~SU=ks,|Mq-TBy>=hTC'xPZ(#
1. g{C'QO$(}gQIIEDxXO$),rS\CC'%cG<E""Lx
==h 4#
2. y]TBG<=(.;q!C'm]:
v TZy>O$Mm%G<,q!C'j6M\k#
v TZ$iG<,q!$iD(P{F#
3. TU Tivoli Access Manager C'"amO$C'#
4. TU Tivoli Access Manager TsUdTC'xPZ(#
5. a;C'D%cG<E"#
6. +ks*"=`&D Web ~qw#
*4Pb)Z(=h,e~XkN<dCD~Tq!XZksDdCE"#?;=<
h*S osdef.conf dCD~lw;vr`vhC#}g,=h 2 h*lw
login_method hC#
*TkslwhC,e~h*WH7(&1SDv(elwhC#|h*+kskd
CD~PX(D~qw(eX*p4#!\Ce~IT*4rM}rzmks?F5
)2+T,+|";<GksG4rD9G}rDzmks#
r{Gw\\#$J4D`& Web ~qwD+Cj6#Z4rzmivP,bah*
Ze~53O4(p{r+Cr{,g< 2 Py>#
< 2. e~53Op{D4(
20 plug-in for Edge Server
162 IBM Tivoli Access Manager for e-business: Web Security 208O
ZKdCP,yPT www.newbooks.com"newbooks.com"newnovels.com M
newpoems.com Dks<=o Edge Server zm,R\e~#$#(}+r{Cwks
D(;j6,e~VZITZdCD~PQwkr{%dD~qw(e#
<GTB osdef.conf dCD~:
[Global]login_method = basic
# Definition 1[Remote: /ESproxy/reverse/newbooks.com]domains = newbooks.com *.newbooks.comlogin_method = formsroute = http://backend1.com
# Definition 2[Remote: /ESproxy/reverse/label2]domains = newnovels.comlogin_method = certificateroute = http://backend2.com
# Definition 3[Remote: /ESproxy/check_here/this_is_just_a_label]domains = newpoems.comroute = http://backend3.com
<GTBks,dPe~7(G<=("TC'xPZ(DTsUd;CT0*"k
sD?j Web ~qw:
v g{C'dkTB URL,re~+ks%d=(e 1,r*rhC|,5
*.newbooks.com:
http://www.newbooks.com/private.html
G<=(*m%,r*|QZK(eBxPKw7DhC#TZ(^li,+C(
^ V { . 4 f ; r { , R + 7 S U R L 7 6 # Z K > } P , + Z
/ESproxy/reverse/newbooks.com/private.html 4PA(r)mI(D(^li#I
Z7IhC,ksa*"= backend1.com#
v g{C'dkTB URL,re~WHZ IP X7O4P4r DNS iR,"a+ks
%d=(e 2,r*rhC|,5 newnovels.com:
http://IP_address_of_newnovels.com/gifs/private.html
20 plug-in for Edge Server
Z 13 B 20 plug-in for Edge Server 163
G < = ( * $ i , r * | Q Z K ( e B x P K w 7 D h C # Z
/ESproxy/reverse/label2/gifs/private.html 4PA(r)mI(D(^li#IZ
7IhC,ksa*"= backend2.com#
v g{C'dkTB URL,re~+ks%d=(e 3,r*rhC|,5
newpoems.com:
http://newpoems.com/logo.gif
G<=(*y>,r*4ZK(eBxPw7hC,xS [Global] (ePlw#Z
/ESproxy/check_here/this_is_just_a_label /logo.gif 4PA(r)mI(D(^
li#IZ7IhC,ksa*"= backend3.com#
v g{C'+d/@wdC*9C Edge Server w*zm,"dkTB URL,re~
R;=CksD%dZ],+9C [Global] (e:
http://internet.com/mail/logo.gif
G < = ( * y > # T Z ( ^ l i , + 9 C 1 ! * " z m # e
/ E S p r o x y / f o r w a r d / d o m a i n / p a t h # Z K > } P , Z
/ESproxy/forward/internet.com/mail/logo.gif 4PA(r)mI(D(^li#I
ZKTsI\;fZZTsUdP,P'DmI(+LPT=S= /ESproxy/forward
D ACL#ksT/*"= internet.com,r*|G*"zmks#+G,I\ZdC
D~P4(;v(e,C(eZTsUdPDd|;C4PK(^li,"+
internet.com ks*"=p&#e~;<GksG}r9G4rzmks#Z=VdC
P,ksT`,D==&m#
TsUddC#M
1e~Z Tivoli Access Manager TsUdPD;vV'B4P(^li1,|a+;
ksDJ4r URL 3d=TsUd#}g,Z~qw(e 1 P,*(^li4PTB
3d:
URL Ts:http://www.newbooks.com/private.htmlTivoli Access Manager Ts:/ESproxy/reverse/newbooks.com/private.html
*9C Tivoli Access Manager ACL +CJXF&C=X(DTs,9lTsUdD=
=Xk9CC'Z{GD URL PksDTs/MI Web ~qwa)DTs/.df
Z1S3d#nr%DivG URL PD}CD~M Web ~qwOD5JD~.dD
1S3d,gBy>:
Tivoli Access Manager Ts:/ESproxy/reverse/newbooks.com/server files/ESproxy/reverse/newbooks.com/private.html/ESproxy/reverse/newbooks.com/public.html/ESproxy/reverse/newbooks.com/gifs/ESproxy/reverse/newbooks.com/gifs/logo.gif
URL Ts:http://www.newbooks.com/server fileshttp://www.newbooks.com/private.htmlhttp://www.newbooks.com/public.htmlhttp://www.newbooks.com/gifshttp://www.newbooks.com/gifs/logo.gif
y> query_contents 5CLrr wesosm 5CLra) Web ~qwOyPD~D
76#D~E"4F=TsUdP,by1e~4P(^li1,Z URL Ts.dM
~qwTs.dafZ1S3d#
20 plug-in for Edge Server
164 IBM Tivoli Access Manager for e-business: Web Security 208O
g{ URL Ts/<UG query_contents 5CLrZ?j Web ~qwOiRDom
D~,rK#M+$w<C#P)ivP URL Ts/I\;1ST&Z Web ~qw
ODomD~#ZKivB,I+ query_contents 5CLr^D*5XI Web ~q
wa)~qDibTs,gBy>:
Tivoli Access Manager Ts:/ESproxy/reverse/newbooks.com/virtual objects/ESproxy/reverse/newbooks.com/object1/ESproxy/reverse/newbooks.com/object2/ESproxy/reverse/newbooks.com/object3/ESproxy/reverse/newbooks.com/object3/object3.1
URL Ts:http://www.newbooks.com/virtual objectshttp://www.newbooks.com/object1http://www.newbooks.com/object2http://www.newbooks.com/object3http://www.newbooks.com/object3/object3.1
ZKivB,I Web ~qwa)~qDTs;1ST&Z Web ~qwODomD~#
+G,Web ~qwKbb)TsG24,R*@gNlw|G#;* query_contents5CLrIT* wesosm 5CLr6Yb)ibTs,e~MITTb)ibTs4
P(^li#
e~(}Z Tivoli Access Manager TsUdPi$J1DmI(44P(^li#|
+ URL 3d=TsUd,T7(*4P(^liD+7;C#*KZ\e~#$DX
(TsO&C ACL,PX*7#ZTsUdPm>DTs/T&Z\#$ Web ~qw
D URL ksPm>DTs/#
%cG<dC#M
e~'VZTsUd(edCD~D [SSO] `pB4(DI(F%cG<jG,gBm
y>#
~qw(e hv
[SSO] K(eBPvDhCC4(e%cG<jG#
K(eITP`v5}#
K(ePPvDhCk [Global]"[Local] M [Remote] ~qw(ePPvDhC^
X#}g,trust_list hCZdCD~PDNN~qw(eBy^'#+G,(}Z;v
X=(e%cG<jG,|GITCwZ~qw`pBP'D accept_sso M
submit_sso DN}#TB>}T> iv-user jGD(e,=v Web ~qwh*C(
e:
[Remote: /ESproxy/reverse/newbooks.com]domains = newbooks.comaccept_sso = myssosubmit_sso = myssoroute = http://backend1.com
[Remote: /ESproxy/reverse/newnovels.com]domains = newnovels.comsubmit_sso = myssoroute = http://backend2.com
[SSO: mysso]name = iv-userformat = <userid>trust_basis = IP_Addresstrust_list = 0.0.0.0/0.0.0.0
20 plug-in for Edge Server
Z 13 B 20 plug-in for Edge Server 165
ZK>}P,e~ST newbooks.com xPksDNN IP X7Pli iv-user jGD
fZT#g{R= iv-user jG,|aSCjGPi!C'j6"TCC'xPZ(#
e~9+ iv -user jGa;x`&DsK~qw,Tks newbooks .com M
newnovels.com#
E(DdC}L
Plug-in for Edge Server a)K;vinDr\,TdCT Web ~qwO\#$J4
DCJXF#|JmzhCX(Z~qwDdCn,}gG<=("%cG<jGM
?j~qw#&C=?v~qwDhC;h*Z;vX=hC,X(Z~qwDhC
IT*?(~qwVphC#
dCCe~D(C=(gB:
1. TZ4rzmdC,Ze~zwO*?vh*Z(~qD Web ~qw4(r{p
{#
2. Vp*?v~qw4(`&D [Remote] ~qw(e,"TC(e8(r{p{#
3. ZC~qwD(eBhCX(Z~qwDhC,ZdCD~D [Global] (ePhC
+VhC#TZs`}hC,9C1!Z?e~5Qc;K#
4. KP wesosm 5CLrTzITsUd,"Z Tivoli Access Manager TsUdP
hCJ1D ACL TTC~qwxPCJXF#
ZTdCxP|D.s,&<UXBt/e~#g{^(7(dCmsD-r,Il
iB~U>D~,Tq!hve~gN&mksDE"#TB~U>D~KP UNIX tail
-f |nITozZB~51"z1[lB~#[lB~U>.s,M|]W7(dCJ
bD-rK#
20 plug-in for Edge Server
166 IBM Tivoli Access Manager for e-business: Web Security 208O
Z 14 B 20 plug-in for Web Servers
>Ba)PX Tivoli Access Manager Plug-in for Web Servers DE" - ;vIk Web
~qwm~/I"Z Tivoli Access Manager 2+rPKPD&CLr#
Tivoli Access Manager Plug–in for Web Servers 'V:
v IBM HTTP Server(IHS)V1.3.26,Z AIX"Linux on xSeries and zSeries M Solaris
O
v x mod SSL D Apache Web Server,Z Linux on zSeries(V1.3.26–36)M
Solaris(V1.3.27)O
v Sun ONE Web Server V6.0,Z AIX M Solaris O
v Internet Information Services(IIS)Web Server V5.0 M 6.0,Z Windows O
PXb) Web Security i~D|`E",kND6IBM Tivoli Access Manager for
e-business Plug-in for Web Servers /I8O7#
zIT9CTB20=(.;420\'VD Web server plug-in:
v Z 168 3D:9C20r<20;
v Z 169 3D:9C>z5CLr20;
200*s
Z20MdC Tivoli Access Manager Web Server plug-in .0,k7#zcTB*s#
;\zF.9CDV20=(,b)*syJC#
v 7#2+rP20K Tivoli Access Manager "am~qwM policy server#XZ2
0b)53D8>E",kNDZ 53 3DZ 2 ?V, :Base 5320;#
v 7#Z Web ~qw73P{C}r/4rzm#
v 7#K53O20"dCK Web ~qw#Kb,g{z*tC SSL (E,rXk
dC Web ~qwCZ SSL M/rM'z$i#
v 7# Tivoli Access Manager 'VKP Web ~qwD=(#9k7#20KyPX
*DYw539!#`XE",kNDZ 33 3D:\'VD=((|(Xh9
!);#
© Copyright IBM Corp. 2001, 2003 167
9C20r<20
20r<(}TJ13r20MdCTBi~r/K Tivoli Access Manager Web server
plug-in D20:
v Global Security Kit V7
v IBM Tivoli Directory Client V5.2(4h*)
v Access Manager Runtime V5.1
v Access Manager Web Security Runtime V5.1
v Access Manager Authorization Server V5.1
v Access Manager Plug–in for Web Servers V5.1
v CZX( Web ~qwD Access Manager Plug–in V5.1
":Cr<lbi~GqQ20,R;"TYN20|#
*9C20r<20MdC Tivoli Access Manager Web Server plug-in,kq-TBb
)=h:
1. 7#QzcZZ 167 3D:200*s;PPvD*s#
2. k7#Q20 JRE 1.3.1#`X8>E",kNDZ 241 3#
3. *9C}"o(1!oT)TbDoTi44,M{",XkZKP20r<.0
20oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
4. v^Z Windows OD Web server plug-in for IIS:
v SyPKPPDLrKv#
v g{}Z9C Active Directory,rXkZKPK20r<.020 IBM Tivoli
Directory Client#*jIbnYw,kKP;Z cd_drive:\windows\directory\ D
setup.exe Lr#!q20 Client SDK 5.2 &\?~"jI*z8>E"#
5. KPCZX( Web ~qwD install_amwpi_webserver Lr,CLr;Z\'V
=(D IBM Tivoli Access Manager Web Security CD ODy?<#
Tivoli Access Manager Plug-in for Web Servers a)TB20r<:
v CZ Apache Web Server D install_amwpi_apache(Z Linux on zSeries M
Solaris O)
v CZ IBM HTTP Server D install_amwpi_ihs(Z AIX"Linux on xSeries and
zSeries M Solaris O)
v CZ Internet Information Services D install_amwpi_iis(vZ Windows O)
v CZ Sun ONE Web Server D install_amwpi_iplanet(Z AIX M Solaris O)
20r<(}a>zdkTBBZPhvDdCE"*<KP:
v Z 311 3D:install_amwpi_apache;
v Z 312 3D:install_amwpi_ihs;
v Z 313 3D:install_amwpi_iis;
v Z 314 3D:install_amwpi_iplanet;
Zza)KE"(rS\1!5).s,i~Z;Px;=I$DivBjI20
MdC#
6. 20jIs,kXBt/ Web ~qw#
20 Plug-in for Web Servers
168 IBM Tivoli Access Manager for e-business: Web Security 208O
7. (FCZX( Web ~qwD pdwebpi.conf D~#`XE",kND6IBM Tivoli
Access Manager for e-business Plug-in for Web Servers /I8O7#
8. *t/e~xL,k4PTBYw.;:
v Z UNIX 53O,P;A /opt/pdwebpi/bin ?<"dkTB|n:
pdwebpi_start start
v Z Windows 53O,%w*< → XFfe → \m$_ → ~q#R|%w
Access Manager Plug-in for Web Servers,;s!qt/#
":PXK5CLrD|`E",kNDZ 424 3D:pdwebpi_start;#
bMjIK Tivoli Access Manager Web server plug-in D20#*20m;v Tivoli
Access Manager 53,kq-Z 24 3D:20}L;PD=h#
9C>z5CLr20
TBwZ9z\;9Cl$DX(Z=(D5CLr20 Tivoli Access Manager m~#
kT/20r<;,,zXkTJ1D3rV/20?vi~MNNX8m~#*Z
20sdCm~|,k9C pdconfig 5CLr#
":r_,IT9C pdwpicfg 5CLrdC Plug-in for Web Servers i~,C5C
LrI pdconfig 5CLrwC#PXK5CLrD|`E",kNDZ 427 3D
:pdwpicfg –action config;#
jIJCZzD Web ~qwD8>E":
v :20 plug-in for Apache Web Server;
v Z 172 3D:20 plug-in for IBM HTTP Server;
v Z 175 3D:20 plug-in for Internet Information Services;
v Z 176 3D:20 plug-in for Sun ONE Web Server;
20 plug-in for Apache Web ServerjIJCZzDYw53D8>E":
v Linux on zSeries,ZZ 169 3O
v Solaris,ZZ 170 3O
PX|`E",kND6IBM Tivoli Access Manager for e-business Plug-in for Web
Servers /I8O7#
Linux on zSeries:20 plug-in for Apache Web ServerTB}L9C rpm 420m~|,"R9C pdconfig 5CLr4dC|G#
*Z Linux on zSeries O20 Web Server plug-in for Apache Web Server(v^Z 31–
;),kjITB=h#
":Linux on zSeries C':XkWHS IBM Tivoli Access Manager for Linux on
zSeries CD Oq!T Linux rpm D~DCJ#
1. T root C'm]G<#
2. 7#QzcZZ 167 3D:200*s;PPvD*s#
20 Plug-in for Web Servers
Z 14 B 20 plug-in for Web Servers 169
3. 20 GSKit#`X8>E",kNDZ 234 3#
4. 20 IBM Tivoli Directory Client#`X8>E",kNDZ 239 3#
5. 20TBm~|:
rpm -ihv packages
dP packages gB:
PDRTE-PD-5.1.0-0.s390.rpm
8( Access Manager Runtime m~|#
PDWebRTE-PD-5.1.0-0.s390.rpm
8( Access Manager Web Security Runtime m~|#
PDWPI-PD-5.1.0-0.s390.rpm
8( Access Manager Plug-in for Web Servers m~|#
PDWPI-Apache-5.1.0-0.s390.rpm
8( Access Manager Plug-in for Apache Web Server m~|#
":b)m~|Xkk Apache Web Server 20Z,;v53O#
6. *9C}"o(1!oT)TbDoTi44,M{",XkZdCm~|.0
20oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
7. dC Access Manager Runtime,;sdC Access Manager Plug-in for Web Servers
m~|,gBy>:
a. t/dC5CLr:
pdconfig
+T> Tivoli Access Manager hCK%#
b. t!qdCm~|,rdkK%E 1#+T> Tivoli Access Manager dC
K%#
c. !qk*dCDm~|DK%E,;N!q;v#PXdC!nDoz,kN
DZ 319 3DZ 23 B, :pdconfig !n;#
1vV{"8>QI&dCm~|1,!q x !n=NTXUdC5CLr#
8. XBt/ Web ~qw#
9. (FCZX( Web ~qwD pdwebpi.conf D~#`XE",kND6IBM Tivoli
Access Manager for e-business Plug-in for Web Servers /I8O7#
10. *t/e~xL,kP;A /opt/pdwebpi/bin ?<"dkTB|n:
pdwebpi_start start
PXK5CLrDE",kNDZ 424 3D:pdwebpi_start;#
bMjIKZ Linux on zSeries OT Web server plug-in for Apache Web Server D2
0#*20m;v Tivoli Access Manager 53,kq-Z 24 3D:20}L;PD=
h#
Solaris:20 plug-in for Apache Web ServerTB}L9C pkgadd 420m~|,"R9C pdconfig 5CLr4dC|G#
*Z Solaris O20 Web server plug-in for Apache Web Server,kjITB=h:
20 Plug-in for Web Servers
170 IBM Tivoli Access Manager for e-business: Web Security 208O
1. T root C'm]G<#
2. 7#QzcZZ 167 3D:200*s;PPvD*s#
3. ek IBM Tivoli Access Manager Web Security for Solaris CD#
4. 20 GSKit#`X8>E",kNDZ 235 3#
5. 20 IBM Tivoli Directory Client#`X8>E",kNDZ 239 3#
6. 20TBm~|(;N;v):
pkgadd -d /cdrom/cdrom0/solaris -a /cdrom/cdrom0/solaris/pddefault packages
dP:
-d /cdrom/cdrom0/solaris
8(m~|D;C#
-a /cdrom/cdrom0/solaris/pddefault
8(20\mE>D;C#
packages gB:
PDRTE 8( Access Manager Runtime m~|#
PDWebRTE 8( Access Manager Web Security Runtime m~|#
PDWPI 8( Access Manager Plug-in for Web Servers m~|#
PDWPIapa 8( Access Manager Plug-in for Apache Web Server m~|#
":b)m~|Xkk Apache Web Server 20Z,;v53O#
7. *9C}"o(1!oT)TbDoTi44,M{",XkZdCm~|.0
20oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
8. dC Access Manager Runtime,;sdC Access Manager Plug-in for Web Servers
m~|,gBy>:
a. t/dC5CLr:
pdconfig
+T> Tivoli Access Manager hCK%#
b. t!qdCm~|,rdkK%E 1#+T> Tivoli Access Manager dC
K%#
c. !qk*dCDm~|DK%E,;N!q;v#PXdC!nDoz,kN
DZ 319 3DZ 23 B, :pdconfig !n;#
1vV{"8>QI&dCm~|1,!q x !n=NTXUdC5CLr#
9. XBt/ Web ~qw#
10. (FCZX( Web ~qwD pdwebpi.conf D~#`XE",kND6IBM Tivoli
Access Manager for e-business Plug-in for Web Servers /I8O7#
11. *t/e~xL,kP;A /opt/pdwebpi/bin ?<"dkTB|n:
pdwebpi_start start
PXK5CLrDE",kNDZ 424 3D:pdwebpi_start;#
bMjIKZ Solaris OT Web server plug-in for Apache Web Server D20#*2
0m;v Tivoli Access Manager 53,kq-Z 24 3D:20}L;PD=h#
20 Plug-in for Web Servers
Z 14 B 20 plug-in for Web Servers 171
20 plug-in for IBM HTTP ServerjIJCZzDYw53D8>E":
v AIX,ZZ 172 3O
v Linux on xSeries and zSeries,ZZ 173 3O
v Solaris,ZZ 174 3O
PX|`E",kND6IBM Tivoli Access Manager for e-business Plug-in for Web
Servers /I8O7#
AIX:20 plug-in for IBM HTTP ServerTB}L9C installp 420m~|,"9C pdconfig 5CLr4dC|G#
*Z AIX O20 Web server plug-in for IBM HTTP Server,kq-TBb)=h:
1. T root C'm]G<#
2. 7#QzcZZ 167 3D:200*s;PPvD*s#
3. ek IBM Tivoli Access Manager Web Security for AIX CD "20|#
4. 20 GSKit#`X8>E",kNDZ 233 3#
5. 20 IBM Tivoli Directory Client#`X8>E",kNDZ 238 3#
6. 20TBm~|:
installp -acgXd cd_mount_point/usr/sys/inst.images packages
dP cd_mount_point/usr/sys/inst.images G20 CD D?<,packages gB:
PD.RTE 8( Access Manager Runtime m~|#
PDWeb.RTE 8( Access Manager Web Security Runtime m~|#
PD.WPI 8( Access Manager Plug-in for Web Servers m~|#
PD.WPIIHS 8( Access Manager Plug-in for IBM HTTP Server m~|#
":b)m~|Xkk IBM HTTP Server 20Z,;v53O#
7. *9C}"o(1!oT)TbDoTi44,M{",XkZdCm~|.0
20oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
8. dC Access Manager Runtime,;sdC Access Manager Plug-in for Web Servers
m~|,gBy>:
a. t/dC5CLr:
pdconfig
+T> Tivoli Access Manager hCK%#
b. t!qdCm~|,rdkK%E 1#+T> Tivoli Access Manager dC
K%#
c. !qk*dCDm~|DK%E,;N!q;v#PXdC!nDoz,kN
DZ 319 3DZ 23 B, :pdconfig !n;#
1vV{"8>QI&dCm~|1,!q x !n=NTXUdC5CLr#
9. XBt/ Web ~qw#
10. (FCZX( Web ~qwD pdwebpi.conf D~#`XE",kND6IBM Tivoli
Access Manager for e-business Plug-in for Web Servers /I8O7#
20 Plug-in for Web Servers
172 IBM Tivoli Access Manager for e-business: Web Security 208O
11. *t/e~xL,kP;A /opt/pdwebpi/bin ?<"dkTB|n:
pdwebpi_start start
PXK5CLrDE",kNDZ 424 3D:pdwebpi_start;#
bMjIKZ AIX OT Web server plug-in for IBM HTTP Server D20#*20m
;v Tivoli Access Manager 53,kq-Z 24 3D:20}L;PD=h#
Linux:20 plug-in for IBM HTTP ServerTB}L9C rpm 420m~|,"R9C pdconfig 5CLr4dC|G#
*Z Linux for zSeries and xSeries O20 Web server plug-in for IBM HTTP Server,
kjITBb)=h#
":Linux on zSeries C':XkWHS IBM Tivoli Access Manager for Linux on
zSeries CD Oq!T Linux rpm D~DCJ#
1. T root C'm]G<#
2. 7#QzcZZ 167 3D:200*s;PPvD*s#
3. ek IBM Tivoli Access Manager Web Security CD for xSeries or zSeries "20
|#
4. P;A /mnt/cdrom/series ?<,dP /mnt/cdrom G CD D20cx series 8
( xSeries r zSeries#
5. 20 GSKit#`X8>E",kNDZ 234 3#
6. 20 IBM Tivoli Directory Client#`X8>E",kNDZ 239 3#
7. 20TBm~|:
rpm -ihv packages
dP packages gB:
Linux on xSeries Linux on zSeries
PDRTE-PD-5.1.0-0.i386.rpm PDRTE-PD-5.1.0-0.s390.rpm
PDWebRTE-PD-5.1.0-0.i386.rpm PDWebRTE-PD-5.1.0-0.s390.rpm
PDWPI-PD-5.1.0-0.i386.rpm PDWPI-PD-5.1.0-0.s390.rpm
PDWPI-IHS-5.1.0-0.i386.rpm PDWPI-IHS-5.1.0-0.s390.rpm
":b)m~|Xkk IBM HTTP Server 20Z,;v53O#
8. *9C}"o(1!oT)TbDoTi44,M{",XkZdCm~|.0
20oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
9. dC Access Manager Runtime,;sdC Access Manager Plug-in for Web Servers
m~|,gBy>:
a. t/dC5CLr:
pdconfig
+T> Tivoli Access Manager hCK%#
b. t!qdCm~|,rdkK%E 1#+T> Tivoli Access Manager dC
K%#
20 Plug-in for Web Servers
Z 14 B 20 plug-in for Web Servers 173
c. !qk*dCDm~|DK%E,;N!q;v#PXdC!nDoz,kN
DZ 319 3DZ 23 B, :pdconfig !n;#
1vV{"8>QI&dCm~|1,!q x !n=NTXUdC5CLr#
10. XBt/ Web ~qw#
11. (FCZX( Web ~qwD pdwebpi.conf D~#`XE",kND6IBM Tivoli
Access Manager for e-business Plug-in for Web Servers /I8O7#
12. *t/e~xL,kP;A /opt/pdwebpi/bin ?<"dkTB|n:
pdwebpi_start start
PXK5CLrDE",kNDZ 424 3D:pdwebpi_start;#
bMjIKZ Linux OT Web server plug-in for IBM HTTP Server D20#*20
m;v Tivoli Access Manager 53,kq-Z 24 3D:20}L;PD=h#
Solaris:20 plug-in for IBM HTTP ServerTB}L9C pkgadd 420m~|,"R9C pdconfig 5CLr4dC|G#
*Z Solaris O20 Web server plug-in for IBM HTTP Server,kjITB=h:
1. T root C'm]G<#
2. 7#QzcZZ 167 3D:200*s;PPvD*s#
3. ek IBM Tivoli Access Manager Web Security for Solaris CD#
4. 20 GSKit#`X8>E",kNDZ 235 3#
5. 20 IBM Tivoli Directory Client#`X8>E",kNDZ 239 3#
6. 20TBm~|(;N;v):
pkgadd -d /cdrom/cdrom0/solaris -a /cdrom/cdrom0/solaris/pddefault packages
dP:
-d /cdrom/cdrom0/solaris
8(m~|D;C#
-a /cdrom/cdrom0/solaris/pddefault
8(20\mE>D;C#
packages gB:
PDRTE 8( Access Manager Runtime m~|#
PDWebRTE 8( Access Manager Web Security Runtime m~|#
PDWPI 8( Access Manager Plug-in for Web Servers m~|#
PDWPIihs 8( Access Manager Plug-in for IBM HTTP Server m~|#
":b)m~|Xkk IBM HTTP Server 20Z,;v53O#
7. *9C}"o(1!oT)TbDoTi44,M{",XkZdCm~|.0
20oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
8. dC Access Manager Runtime,;sdC Access Manager Plug-in for Web Servers
m~|,gBy>:
a. t/dC5CLr:
pdconfig
20 Plug-in for Web Servers
174 IBM Tivoli Access Manager for e-business: Web Security 208O
+T> Tivoli Access Manager hCK%#
b. t!qdCm~|,rdkK%E 1#+T> Tivoli Access Manager dC
K%#
c. !qk*dCDm~|DK%E,;N!q;v#PXdC!nDoz,kN
DZ 319 3DZ 23 B, :pdconfig !n;#
1vV{"8>QI&dCm~|1,!q x !n=NTXUdC5CLr#
9. XBt/ Web ~qw#
10. (FCZX( Web ~qwD pdwebpi.conf D~#`XE",kND6IBM Tivoli
Access Manager for e-business Plug-in for Web Servers /I8O7#
11. *t/e~xL,kP;A /opt/pdwebpi/bin ?<"dkTB|n:
pdwebpi_start start
PXK5CLrDE",kNDZ 424 3D:pdwebpi_start;#
bMjIKZ Solaris OT Web server plug-in for IBM HTTP Server D20#*20
m;v Tivoli Access Manager 53,kq-Z 24 3D:20}L;PD=h#
20 plug-in for Internet Information ServicesWeb server plug-in for Internet Information Services ;Z\'VD Windows =(OI
C#
TB}L9C setup.exe Lr420m~|,"R9C pdconfig 5CLr4dC|
G#
*Z Windows O20 Web server plug-in for Internet Information Services,kjIT
Bb)=h:
1. T_P\m1X(DC'm]G<#
2. 7#QzcZZ 167 3D:200*s;PPvD*s#
3. 20 GSKit#`X8>E",kNDZ 235 3#
4. 20 IBM Tivoli Directory Client#`X8>E",kNDZ 240 3#
5. ek IBM Tivoli Access Manager Web Security for Windows 2000 and Windows 2003
CD#
6. KP;ZTB?<D setup.exe D~:
\windows\PolicyDirector\Disk Images\Disk1\setup.exe
+T>0!q20oT1T0r#
7. !qk*CZ20DoT,"%w7(#
8. +T>06-1T0r#%wB;=Lx#
9. DAmI$-i,g{,bb)un,r%wG#
10. !qTBm~|"%wB;=:
v Access Manager Runtime
v Access Manager Web Security Runtime
v Access Manager Plug-in for Web Servers
11. S\1!?DX?<,r%w/@TZ>X53O!qm;v?<D76#g{
C?<;fZ,rzXk7O*4(C?<,r_8(QfZD?<#
20 Plug-in for Web Servers
Z 14 B 20 plug-in for Web Servers 175
12. **<4FD~=?DXD~P,%wB;=#
13. %wjIKv20Lr#!qXBt/FczT9|Dz'#
14. *9C}"o(1!oT)TbDoTi44,M{",XkZdCm~|.0
20oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
15. dC Access Manager Runtime,;sdC Access Manager Plug-in for Web Servers
m~|#*jIbnYw,k%w*< → Lr → IBM Tivoli Access Manager→ dC#
PXdC!nDoz,kNDZ 319 3DZ 23 B, :pdconfig !n;#
":9IT(}S|nP9C pdconfig 5CLr4dC Tivoli Access Manager
i~#
16. XBt/ Web ~qw#
17. (FCZX( Web ~qwD pdwebpi.conf D~#`XE",kND6IBM Tivoli
Access Manager for e-business Plug-in for Web Servers /I8O7#
18. *t/e~xL,k%w*< → XFfe → \m$_ → ~q#R|%we~x
L{F,;s!qt/#
bMjIKZ Windows OT Web server plug-in for IIS Web Server D20#*20
m;v Tivoli Access Manager 53,kq-Z 24 3D:20}L;PD=h#
20 plug-in for Sun ONE Web ServerjIJCZzDYw53D8>E":
v AIX,ZZ 176 3O
v Solaris,ZZ 177 3O
PX|`E",kND6IBM Tivoli Access Manager for e-business Plug-in for Web
Servers /I8O7#
AIX:20 plug-in for Sun ONE Web ServerTB}L9C installp 420m~|,"9C pdconfig 5CLr4dC|G#
*Z AIX O20 Web server plug-in for Sun ONE Web Server,kjITBb)=h:
1. T root C'm]G<#
2. 7#QzcZZ 167 3D:200*s;PPvD*s#
3. ek IBM Tivoli Access Manager Web Security for AIX CD "20|#
4. 20 GSKit#`X8>E",kNDZ 233 3#
5. 20 IBM Tivoli Directory Client#`X8>E",kNDZ 238 3#
6. 20TBm~|:
installp -acgXd cd_mount_point/usr/sys/inst.images packages
dP cd_mount_point/usr/sys/inst.images G20 CD D?<,packages gB:
PD.RTE 8( Access Manager Runtime m~|#
PDWeb.RTE 8( Access Manager Web Security Runtime m~|#
PD.WPI 8( Access Manager Plug-in for Web Servers m~|#
20 Plug-in for Web Servers
176 IBM Tivoli Access Manager for e-business: Web Security 208O
PD.WPIiPlanet 8( Access Manager Plug-in for Sun One Web Server m~|#
":b)m~|Xkk Sun ONE Web Server 20Z,;v53O#
7. *9C}"o(1!oT)TbDoTi44,M{",XkZdCm~|.0
20oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
8. dC Access Manager Runtime,;sdC Access Manager Plug-in for Web Servers
m~|,gBy>:
a. t/dC5CLr:
pdconfig
+T> Tivoli Access Manager hCK%#
b. t!qdCm~|,rdkK%E 1#+T> Tivoli Access Manager dC
K%#
c. !qk*dCDm~|DK%E,;N!q;v#PXdC!nDoz,kN
DZ 319 3DZ 23 B, :pdconfig !n;#
1vV{"8>QI&dCm~|1,!q x !n=NTXUdC5CLr#
9. XBt/ Web ~qw#
10. (FCZX( Web ~qwD pdwebpi.conf D~#`XE",kND6IBM Tivoli
Access Manager for e-business Plug-in for Web Servers /I8O7#
11. *t/e~xL,kP;A /opt/pdwebpi/bin ?<"dkTB|n:
pdwebpi_start start
PXK5CLrDE",kNDZ 424 3D:pdwebpi_start;#
bMjIKZ AIX OT Web server plug-in for Sun ONE Web Server D20#*2
0m;v Tivoli Access Manager 53,kq-Z 24 3D:20}L;PD=h#
Solaris:20 plug-in for Sun ONE Web ServerTB}L9C pkgadd 420m~|,"R9C pdconfig 5CLr4dC|G#
*Z Solaris O20 Web server plug-in for Sun ONE Web Server,kjITB=h:
1. T root C'm]G<#
2. 7#QzcZZ 167 3D:200*s;PPvD*s#
3. ek IBM Tivoli Access Manager Web Security for Solaris CD#
4. 20 GSKit#`X8>E",kNDZ 235 3#
5. 20 IBM Tivoli Directory Client#`X8>E",kNDZ 239 3#
6. 20TBm~|(;N;v):
pkgadd -d /cdrom/cdrom0/solaris -a /cdrom/cdrom0/solaris/pddefault packages
dP:
-d /cdrom/cdrom0/solaris
8(m~|D;C#
-a /cdrom/cdrom0/solaris/pddefault
8(20\mE>D;C#
packages gB:
20 Plug-in for Web Servers
Z 14 B 20 plug-in for Web Servers 177
PDRTE 8( Access Manager Runtime m~|#
PDWebRTE 8( Access Manager Web Security Runtime m~|#
PDWPI 8( Access Manager Plug-in for Web Servers m~|#
PDWPIipl 8( Access Manager Plug-in for Sun ONE Web Server m~|#
":b)m~|Xkk Sun ONE Web Server 20Z,;v53O#
7. *9C}"o(1!oT)TbDoTi44,M{",XkZdCm~|.0
20oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
8. dC Access Manager Runtime,;sdC Access Manager Plug-in for Web Servers
m~|,gBy>:
a. t/dC5CLr:
pdconfig
+T> Tivoli Access Manager hCK%#
b. t!qdCm~|,rdkK%E 1#+T> Tivoli Access Manager dC
K%#
c. !qk*dCDm~|DK%E,;N!q;v#PXdC!nDoz,kN
DZ 319 3DZ 23 B, :pdconfig !n;#
1vV{"8>QI&dCm~|1,!q x !n=NTXUdC5CLr#
9. XBt/ Web ~qw#
10. (FCZX( Web ~qwD pdwebpi.conf D~#`XE",kND6IBM Tivoli
Access Manager for e-business Plug-in for Web Servers /I8O7#
11. *t/e~xL,kP;A /opt/pdwebpi/bin ?<"dkTB|n:
pdwebpi_start start
PXK5CLrDE",kNDZ 424 3D:pdwebpi_start;#
bMjIKZ Solaris OT Web server plug-in for Sun ONE Web Server D20#*
20m;v Tivoli Access Manager 53,kq-Z 24 3D:20}L;PD=h#
20 Plug-in for Web Servers
178 IBM Tivoli Access Manager for e-business: Web Security 208O
Z 15 B 20 Tivoli Access Manager for WebLogic
>Ba)PX20MdC Tivoli Access Manager for WebLogic DE"#
PXK Web Security i~Dj{E",kND6IBM Tivoli Access Manager for
e-business BEA WebLogic Server /I8O7#
zIT9CTB20=(.;420 Tivoli Access Manager for WebLogic:
v Z 180 3D:9C20r<20;
(v^Z BEA WebLogic Server V7.0)
v Z 182 3D:9C>z5CLr20;
*q! BEA WebLogic Server D5,kCJTB Web >c:
v TZ BEA WebLogic Server 7.0:
http://edocs.bea.com/wls/docs70/index.html
v TZ BEA WebLogic Server 8.1:
http://edocs.bea.com/wls/docs81/index.html
Z*<.0
4iTB"bBn:
v Access Manager for WebLogic Server ZK"PfP;'V(Fr#xK/I'
V BEA WebLogic Server Security Service Provider Interface(SSPI)#
v Tivoli Access Manager for WebLogic 'VZtC Java 2 2+T\mwDiv
BKPD53#Cm~a)K;v Java _TD~,CD~|,X(zkbyX
hDmI(T9 Java 2 2+T\mw$w#
v g{zDr|,`v WebLogic Server :/M@"D WebLogic Server 5},
rXkZrPD WebLogic \m~qw(*t/DZ;v5})M?v\\
WebLogic Server O20MdC Tivoli Access Manager for WebLogic#*K,
kZrPDyP WebLogic Server OjI20MdC=h,}GmP5w#
`&}L+X(Z\m~qwDNqk\\ WebLogic Server O4PDNq`
TxP5w#}g,ZdCK Tivoli Access Manager for WebLogic .s,X
kvZ\m~qwO* Tivoli Access Manager 2+T4(r#jIKNq.s,
+8>zQtTD~S\m~qw4F=rPD?v\\ WebLogic Server,|
(:/I1#
© Copyright IBM Corp. 2001, 2003 179
200*s
Z20MdC Tivoli Access Manager for WebLogic 53.0,k7#zcTB*s#
;\zF.9CDV20=(,b)*syJC#
v 7#2+rP20K Tivoli Access Manager "am~qw"policy server M
authorization server#XZ20b)53D8>E",kNDZ 53 3DZ 2 ?V,
:Base 5320;#
v 7#ZK53O20K BEA WebLogic Server D\'Vf>T0 BEA WebLogic
Server rQ-4(#
Access Manager for WebLogic Server 'V:
– BEA WebLogic Server V7.0,x Service Pack 2
– BEA WebLogic Server V8.1,x Service Pack 1
v vZ AIX 53O,20 IBM JRE,gBy>:
– TZ BEA WebLogic Server V7.0,20 IBM JRE 1.3.1.5#`X8>E",kN
DZ 241 3#
– TZ BEA WebLogic Server V8.1,20 IBM JRE 1.4.1#PXBXM208>E
",kNDTB Web >c:
http://www.ibm.com/developerworks/java/jdk/index.html
":IBM JRE Z AIX OGXhD,r* BEA WebLogic Server ;P* AIX =(
a) JRE#
v 7# Tivoli Access Manager 'VKP BEA WebLogic Server D=(#9k7#Q
20XhDYw539!#`XE",kNDZ 33 3D:\'VD=((|(Xh
9!);#
9C20r<20
"bBn
K20r<vZ BEA WebLogic Server V7.0 O\'V#g{z}Z9C BEA
WebLogic Server V8.1,kq-Z 182 3D:9C>z5CLr20;PD8>E
"#
install_amwls 20r<(}TJ13r20MdCTBi~r/K Tivoli Access
Manager for WebLogic 53D20:
v Access Manager Java Runtime Environment V5.1
v Access Manager for WebLogic Server V5.1
":Cr<lbi~GqQ20,R;"TYN20|#
*9C install_amwls r<20MdC Tivoli Access Manager for WebLogic,kq-
TBb)=h:
1. 7#QzcZ:200*s;PPvD*s#
2. *9C}"o(1!oT)TbDoTi44,M{",XkZKP20r<.
020oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
20 Tivoli Access Manager for WebLogic
180 IBM Tivoli Access Manager for e-business: Web Security 208O
3. vZ Windows 53O,KvyP}ZKPDLr#
4. gBt/ BEA WebLogic Server:
v Z UNIX 53O:
/wls_install_dir/user_projects/domain_name/startWebLogic.sh
v Z Windows 53O:
C:\wls_install_dir\user_projects\domain_name\startWebLogic.cmd
5. k4PBPYw.;:
v g{f BEA WebLogic Server ;pa)D JRE 20Z1!?<P,kKP
install_amwls Lr,CLr;ZT&Z AIX"HP-UX(vTZ BEA WebLogic
Server 7.0)"Solaris M Windows =(D IBM Tivoli Access Manager Web Security
CD ODy?<B#
v g{f BEA WebLogic Server ;pa)D JRE 420Z1!?<P(r_z
}Z AIX OxP20),kgBKP install_amwls r<:
install_amwls -is:javahome path
dP path G JRE CZ4PK20D;C#
20r<(}a>zdkZ 309 3D:install_amwls;PhvDdCE"*<KP#
Zza)KE"(rS\1!5).s,i~Z;Px;=I$DivBjI2
0MdC#
":vZ Windows 53O,7#zS\ Tivoli Access Manager for WebLogic D
1!20?<#
6. #9 BEA WebLogic Server#
7. i$20}L+ AMSSPIProviders.jar D~4F=K
wls_install_dir/weblogic/server/lib/mbeantypes ?<#g{K?<P;fZK
D~,rS amwls_install_dir/lib ?<4FKD~#
8. vTZ Active Directory "amC':;?pI WebLogic \m~qw;?VD$
i&CLr_P;v53C'M\m1i,Ci9(Z?phv{P#*7#Z
$i&CLrOECK}7D2+T,zXk+b)?phv{|D*73PP
beDwe#
}g,Z WebLogic Server V7.0 O,t/\mXF("9*s`fePD Web &
CLrZc#R|%w Web &CLr"!q0`- Web &CLrhv{1#BD
/@w0Zr*,zITZdP|Db)?phv{#
9. * startWebLogic |nhC CLASSPATH#`X8>E",kNDZ 190 3#
10. XBt/ WebLogic Server#
11. vZ WebLogic \m~qwO,4(MdC Tivoli Access Manager r#`X8>
E",kNDZ 192 3#
12. g{ WebLogic Server vZ`~qwr:/73P,rXkZrPDyP\\
WebLogic Server(|(:/I1)OtC Tivoli Access Manager for WebLogic#
*K,+ rbpf.properties"amsspi.properties M amwlsjlog.properties D~
S WebLogic \m~qwODTB?<4F=rPD?v\\ WebLogic Server
O#
BEA_WLS_HOME/jdk_location/jre/amwls/
":7#z+tTD~4F=?v\\ WebLogic Server OD`,;C#
20 Tivoli Access Manager for WebLogic
Z 15 B 20 Tivoli Access Manager for WebLogic 181
13. XBt/ BEA WebLogic Server#
14. I!:* BEA WebLogic Server dC%;"a~q#`X8>E",kNDZ 195
3#
":g{Z4( Tivoli Access Manager r148( SSO !n,rXkZ4PK
=h.0|B amsspi.properties D~#PX|BKtTD~D8>E",k
ND6IBM Tivoli Access Manager for e-business BEA WebLogic Server /I
8O7#
15. i$Q}720 Tivoli Access Manager for WebLogic Tk Tivoli Access Manager
"am~qw0 policy server ;p9C#`X8>E",kNDZ 197 3D:bT
dC;#
bMjIK Tivoli Access Manager for WebLogic 53D20#*20m;v Tivoli
Access Manager 53,kq-Z 24 3D:20}L;PD=h#
9C>z5CLr20
TBwZ9z\;9Cl$DX(Z=(D5CLr20 Tivoli Access Manager m~#
kT/20r<;,,zXkTJ1D3rV/20?vi~MNNX8m~#
jIJCZzDYw53D8>E":
v AIX,ZZ 182 3O
v HP-UX,ZZ 184 3O
v Solaris,ZZ 186 3O
v Windows,ZZ 188 3O
":Z20 Tivoli Access Manager for WebLogic Server 53.0,k7#z#9 BEA
WebLogic Server ;sZ20jIsYXBt/|#
AIX:20 Tivoli Access Manager for WebLogicTB}L9C installp 420m~|#
*Z AIX O20MdC Tivoli Access Manager for WebLogic,kq-TBb)=h:
1. T root C'm]G<#
2. 7#QzcZ 180 3D:200*s;PPvD*s,|(20 IBM JRE#
3. 7#Q#9 BEA WebLogic Server#
4. ek IBM Tivoli Access Manager Web Security for AIX CD "20|#
5. 20TBm~|:
installp -acgNXd cd_mount_point/usr/sys/inst.images packages
dP cd_mount_point/usr/sys/inst.images G20 CD D?<,x packages g
B:
PDJ.rte 8( Access Manager Java Runtime Environment m~|#
PDWLS 8( Access Manager for WebLogic Server m~|#
20 Tivoli Access Manager for WebLogic
182 IBM Tivoli Access Manager for e-business: Web Security 208O
6. i$20}L+ AMSSPIProviders.jar D~4F=K
wls_install_dir/weblogic/server/lib/mbeantypes ?<#g{K?<P;fZK
D~,rS amwls_install_dir/lib ?<4FKD~#
7. *9C}"o(1!oT)TbDoTi44,M{",XkZdCm~|.0
20oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
8. hC CLASSPATH M PATH d?,"+ WebLogic Jar D~mS= bin M lib ?
<#*K,kKPTBE>:
. setWLSEnv.sh
KE>;ZTB?<.;:
v Z WebLogic Server V7.0 O:
weblogic_install_dir/weblogic700/server/bin
v Z WebLogic Server V8.1 O:
weblogic_install_dir/weblogic81/server/bin
9. *dC Access Manager Java Runtime Environment i~TZy20D IBM JRE(g
Z 1 8 0 3 D : 2 0 0 * s ; P y 8 > ) P 9 C , k P ; A
/opt/PolicyDirector/sbin ?<"dkTBZ]:
./pdjrtecfg -action config -host policy_server_host -java_home jre_home -port port
dP jre_home G AIX 53O IBM JRE D20;C#}g:
v Z BEA WebLogic Server V7.0 O:
-java_home /usr/java131/jre
v Z BEA WebLogic Server V8.1 O:
-java_home /usr/java14/jre
":vTZ WebLogic Server V8.1,pdjrtecfg 5CLrfz jre/lib ?<PD
jsse.jar D~#1!{dC Access Manager Java Runtime Environment m~
|1,+V4KD~#PXK5CLrD|`E",kNDZ 412 3D
:pdjrtecfg;#
10. vTZ Active Directory "amC':;?pI WebLogic \m~qw;?VD$
i&CLr_P;v53C'M\m1i,Ci9(Z?phv{P#*7#Z
$i&CLrOECK}7D2+T,k+b)?phv{|D*73PPbe
Dwe#
}g,Z WebLogic Server V7.0 O,t/\mXF("9*s`fePD Web &
CLrZc#R|%w Web &CLr"!q0`- Web &CLrhv{1#BD
/@w0Zr*,zITZdP|Db)?phv{#
11. * startWebLogic |nhC CLASSPATH#`X8>E",kNDZ 190 3#
12. dC Access Manager for WebLogic Server i~#`X8>E",kNDZ 191
3#
13. vZ WebLogic \m~qwO,4(MdC Tivoli Access Manager r#`X8>
E",kNDZ 192 3#
14. g{ WebLogic Server vZ`~qwr:/73P,rXkZ73PDyP\\
WebLogic Server(|(:/I1)OtC Tivoli Access Manager for WebLogic#
*K,+tTD~S WebLogic \m~qwODTB?<4F=rPD?v\\
WebLogic Server O#
20 Tivoli Access Manager for WebLogic
Z 15 B 20 Tivoli Access Manager for WebLogic 183
BEA_WLS_HOME/jdk_location/jre/amwls/
":7#z+tTD~4F=?v\\ WebLogic Server OD`,;C#
15. XBt/ WebLogic Server#
16. I!:* WebLogic Server dC%;"a~q#`X8>E",kNDZ 195 3#
":g{Z4( Tivoli Access Manager r148( SSO !n,rXkZ4PK
=h.0|B amsspi.properties D~#PX|BKtTD~D8>E",k
ND6IBM Tivoli Access Manager for e-business BEA WebLogic Server /I
8O7#
17. i$Q}720 Tivoli Access Manager for WebLogic Tk Tivoli Access Manager
"am~qw0 policy server ;p9C#`X8>E",kNDZ 197 3D:bT
dC;#
bMjIK Tivoli Access Manager for WebLogic 53D20#*20m;v Tivoli
Access Manager 53,kq-Z 24 3D:20}L;PD=h#
HP-UX:20 Tivoli Access Manager for WebLogicTB}L9C swinstall 420m~|#
":HP-UX 11.0 M 11i vZ BEA WebLogic Server V7.0 O\'V#
*Z HP-UX O20MdC Tivoli Access Manager for WebLogic,kq-TBb)=
h:
1. T root C'm]G<#
2. 7#QzcZZ 180 3D:200*s;PPvD*s#
3. 7#Q#9 BEA WebLogic Server#
4. Zs(Ht/ pfs_mountd,;sYt/ pfsd(g{|GP4KP)#9C
pfs_mount |n20 CD#}g,dkBP|n:
/usr/sbin/pfs_mount /dev/dsk/c0t0d0 /cd-rom
dP /dev/dsk/c0t0d0 G CD h8x /cd-rom G20c#
5. 20TBm~|:
swinstall -s /cd_rom/hp packages
dP packages gB:
PDJrte 8( Access Manager Java Runtime Environment m~|#
PDWLS 8( Access Manager for WebLogic Server m~|#
6. i$20}L+ AMSSPIProviders.jar D~4F=K
wls_install_dir/weblogic/server/lib/mbeantypes ?<#g{K?<P;fZK
D~,rS amwls_install_dir/lib ?<4FKD~#
7. *9C}"o(1!oT)TbDoTi44,M{",XkZdCm~|.0
20oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
8. hC CLASSPATH M PATH d?,"+ WebLogic Jar D~mS= bin M lib ?
<#*K,kKPTBE>:
. setWLSEnv.sh
20 Tivoli Access Manager for WebLogic
184 IBM Tivoli Access Manager for e-business: Web Security 208O
Z WebLogic Server V7.0 O,KE>;ZTB?<P:
weblogic_install_dir/weblogic700/server/bin
9. *dC Access Manager Java Runtime Environment i~TZf BEA WebLogic Server
;pa)M20D JRE P9C,kP;A /opt/PolicyDirector/sbin ?<"d
kTBZ]:
./pdjrtecfg -action config -host policy_server_host -java_home jre_home -port port
dP jre_home Gf BEA WebLogic Server ;p20D Sun JRE D20;C#}
g,Z BEA WebLogic Server V7.0 O:
-java_home /usr/java131/jre
":g{+Ki~dC*Z Sun JRE 1.4.x P9C,r;*9C pdjrtecfg–interactive !n,qrdCI\'\#PXK5CLrD|`E",kND
Z 412 3D:pdjrtecfg;#
10. vTZ Active Directory "amC':;?pI WebLogic \m~qw;?VD$
i&CLr_P;v53C'M\m1i,Ci9(Z?phv{P#*7#Z
$i&CLrOECK}7D2+T,k+b)?phv{|D*73PPbe
Dwe#
}g,Z WebLogic Server V7.0 O,t/\mXF("9*s`fePD Web &
CLrZc#R|%w Web &CLr"!q0`- Web &CLrhv{1#BD
/@w0Zr*,zITZdP|Db)?phv{#
11. * startWebLogic |nhC CLASSPATH#`X8>E",kNDZ 190 3#
12. dC Access Manager for WebLogic Server i~#`X8>E",kNDZ 191
3#
13. vZ WebLogic \m~qwO,4(MdC Tivoli Access Manager r#`X8>
E",kNDZ 192 3#
14. g{ WebLogic Server vZ`~qwr:/73P,rXkZ73PDyP\\
WebLogic Server(|(:/I1)OtC Tivoli Access Manager for WebLogic#
*K,+tTD~S WebLogic \m~qwODTB?<4F=rPD?v\\
WebLogic Server O#
BEA_WLS_HOME/jdk_location/jre/amwls/
":7#z+tTD~4F=?v\\ WebLogic Server OD`,;C#
15. XBt/ WebLogic Server#
16. I!:* WebLogic Server dC%;"a~q#`X8>E",kNDZ 195 3#
":g{Z4( Tivoli Access Manager r148( SSO !n,rXkZ4PK
=h.0|B amsspi.properties D~#PX|BKtTD~D8>E",k
ND6IBM Tivoli Access Manager for e-business BEA WebLogic Server /I
8O7#
17. i$Q}720 Tivoli Access Manager for WebLogic Tk Tivoli Access Manager
"am~qw0 policy server ;p9C#`X8>E",kNDZ 197 3D:bT
dC;#
18. gBy>6B CD:
pfs_umount -c /cd-rom
dP /cd-rom G20c#
20 Tivoli Access Manager for WebLogic
Z 15 B 20 Tivoli Access Manager for WebLogic 185
bMjIK Tivoli Access Manager for WebLogic 53D20#*20m;v Tivoli
Access Manager 53,kq-Z 24 3D:20}L;PD=h#
Solaris:20 Tivoli Access Manager for WebLogicTB}L9C pkgadd 420m~|#
*Z Solaris O20MdC Tivoli Access Manager for WebLogic,kq-TBb)=
h:
1. T root C'm]G<#
2. 7#QzcZZ 180 3D:200*s;PPvD*s#
3. 7#Q#9 BEA WebLogic Server#
4. ek IBM Tivoli Access Manager Web Security for Solaris CD#
5. 20TBm~|(;N;v):
pkgadd -d /cdrom/cdrom0/solaris -a /cdrom/solaris/pddefault packages
dP:
-d /cdrom/cdrom0/solaris
8(m~|D;C#
-a /cdrom/cdrom0/solaris/pddefault
8(20\mE>D;C#
packages gB:
PDJrte 8( Access Manager Java Runtime Environment m~|#
PDWLS 8( Access Manager for WebLogic Server m~|#
1?vm~|D20}L<QjI1,+T>TB{":
m~|20I&#
6. i$20}L+ AMSSPIProviders.jar D~4F=K
wls_install_dir/weblogic/server/lib/mbeantypes ?<#g{K?<P;fZK
D~,rS amwls_install_dir/lib ?<4FKD~#
7. *9C}"o(1!oT)TbDoTi44,M{",XkZdCm~|.0
20oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
8. hC CLASSPATH M PATH d?,"+ WebLogic Jar D~mS= bin M lib ?
<#*K,kKPTBE>:
. setWLSEnv.sh
KE>;ZTB?<.;:
v Z WebLogic Server V7.0 O:
weblogic_install_dir/weblogic700/server/bin
v Z WebLogic Server V8.1 O:
weblogic_install_dir/weblogic81/server/bin
9. *dC Access Manager Java Runtime Environment i~TZf BEA WebLogic Server
;pa)M20D JRE P9C,kP;A /opt/PolicyDirector/sbin ?<"d
kTBZ]:
20 Tivoli Access Manager for WebLogic
186 IBM Tivoli Access Manager for e-business: Web Security 208O
./pdjrtecfg -action config -host policy_server_host -java_home jre_home -port port
dP jre_home Gf BEA WebLogic Server ;p20D Sun JRE D20;C#}
g:
v Z BEA WebLogic Server V7.0 O:
-java_home /usr/java131/jre
v Z BEA WebLogic Server V8.1 O:
-java_home /usr/local/bea/jdk141_03/jre
":
1. g{+Ki~dC*Z Sun JRE 1.4.x P9C,r;*9C pdjrtecfg–interactive !n,qrdCI\'\#PXK5CLrD|`E",kNDZ
412 3D:pdjrtecfg;#
2. vTZ WebLogic Server V8.1,pdjrtecfg 5CLrfz jre/lib ?<PD
jsse.jar D~#1!{dC Access Manager Java Runtime Environment m~
|1,+V4KD~#
10. vTZ Active Directory "amC':;?pI WebLogic \m~qw;?VD$
i&CLr_P;v53C'M\m1i,Ci9(Z?phv{P#*7#Z
$i&CLrOECK}7D2+T,k+b)?phv{|D*73PPbe
Dwe#
}g,Z WebLogic Server V7.0 O,t/\mXF("9*s`fePD Web &
CLrZc#R|%w Web &CLr"!q0`- Web &CLrhv{1#BD
/@w0Zr*,zITZdP|Db)?phv{#
11. * startWebLogic |nhC CLASSPATH#`X8>E",kNDZ 190 3#
12. dC Access Manager for WebLogic Server i~#`X8>E",kNDZ 191
3#
13. vZ WebLogic \m~qwO,4(MdC Tivoli Access Manager r#`X8>
E",kNDZ 192 3#
14. g{ WebLogic Server vZ`~qwr:/73P,rXkZ73PDyP\\
WebLogic Server(|(:/I1)OtC Tivoli Access Manager for WebLogic#
*K,+tTD~S WebLogic \m~qwODTB?<4F=rPD?v\\
WebLogic Server O#
BEA_WLS_HOME/jdk_location/jre/amwls/
":7#z+tTD~4F=?v\\ WebLogic Server OD`,;C#
15. XBt/ WebLogic Server#
16. I!:* WebLogic Server dC%;"a~q#`X8>E",kNDZ 195 3#
":g{Z4( Tivoli Access Manager r148( SSO !n,rXkZ4PK
=h.0|B amsspi.properties D~#PX|BKtTD~D8>E",k
ND6IBM Tivoli Access Manager for e-business BEA WebLogic Server /I
8O7#
17. i$Q}720 Tivoli Access Manager for WebLogic Tk Tivoli Access Manager
"am~qw0 policy server ;p9C#`X8>E",kNDZ 197 3D:bT
dC;#
20 Tivoli Access Manager for WebLogic
Z 15 B 20 Tivoli Access Manager for WebLogic 187
bMjIK Tivoli Access Manager for WebLogic 53D20#*20m;v Tivoli
Access Manager 53,kq-Z 24 3D:20}L;PD=h#
Windows:20 Tivoli Access Manager for WebLogicTB}L9C InstallShield setup.exe Lr420m~|#
*Z Windows O20MdC Tivoli Access Manager for WebLogic,kq-TBb)
=h:
1. T_P Windows \m1X(DC'm]G<#
2. 7#QzcZZ 180 3D:200*s;PPvD*s#
3. 7#Q#9 BEA WebLogic Server ~q#
4. ek IBM Tivoli Access Manager Web Security for Windows 2000 and Windows 2003
CD#
5. 20 Access Manager Java Runtime Environment M Access Manager for WebLogic
Server m~|#*jIbnYw,kKP;ZTB?<D setup.exe D~:
\windows\PolicyDirector\Disk Images\Disk1\setup.exe
+T>0!q20oT1T0r#
6. !qk*CZ20DoT,"%w7(#
7. +T>06-1T0r#%wB;=Lx#
8. DAmI$-i,g{,bb)un,r%wG#
9. !qTBm~|"%wB;=:
v Access Manager Java Runtime Environment
v Access Manager for WebLogic Server
10. S\1!?DX?<,r%w/@TZ>X53O!qm;v?<D76#g{
C?<;fZ,rzXk7O*4(C?<,r_8(QfZD?<#
11. **<4FD~=?DXD~P,%wB;=#
12. %wjIKv20Lr#
13. i$20+ AMSSPIProviders.jar D~4F=K
wls_install_dir\weblogic\server\lib\mbeantypes ?<#g{K?<P;fZK
D~,rS \amwls_install_dir\lib V$4FKD~#
14. *9C}"o(1!oT)TbDoTi44,M{",XkZdCm~|.0
20oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
15. hC CLASSPATH M PATH d?,"+ WebLogic Jar D~mS= bin M lib ?
<#*K,kKPTBz&mD~:
setWLSEnv.bat
KE>;ZTB?<.;:
v Z WebLogic Server V7.0 O:
weblogic_install_dir\weblogic700\server\bin
v Z WebLogic Server V8.1 O:
weblogic_install_dir\weblogic81\server\bin
20 Tivoli Access Manager for WebLogic
188 IBM Tivoli Access Manager for e-business: Web Security 208O
16. *dC Access Manager Java Runtime Environment i~TZf BEA WebLogic Server
;pa)M20D JRE P9C,kP;A install_dir\sbin ?<(}g
C:\Program Files\Tivoli\Policy Director\sbin)"dkTBZ]:
pdjrtecfg -action config -host policy_server_host -java_home jre_home -port port
dP jre_home Gf BEA WebLogic Server ;p20D Sun JRE D20;C#}
g:
v Z BEA WebLogic Server V7.0 O:
-java_home c:\bea\jdk131_06\jre
v Z BEA WebLogic Server V8.1 O:
-java_home c:\bea\jdk141_03\jre
":
1. g{+Ki~dC*Z Sun JRE 1.4.x P9C,r;*9C pdjrtecfg–interactive !n,qrdCI\'\#PXK5CLrD|`E",kNDZ
412 3D:pdjrtecfg;#
2. vTZ WebLogic Server V8.1,pdjrtecfg 5CLrfz jre\lib ?<PD
jsse.jar D~#1!{dC Access Manager Java Runtime Environment m~
|1,+V4KD~#
17. vTZ Active Directory "amC':;?pI WebLogic \m~qw;?VD$
i&CLr_P;v53C'M\m1i,Ci9(Z?phv{P#*7#Z
$i&CLrOECK}7D2+T,k+b)?phv{|D*73PPbe
Dwe#
}g,Z WebLogic Server V7.0 O,t/\mXF("9*s`fePD Web &
CLrZc#R|%w Web &CLr"!q0`- Web &CLrhv{1#BD
/@w0Zr*,zITZdP|Db)?phv{#
18. * startWebLogic |nhC CLASSPATH#`X8>E",kNDZ 190 3#
19. dC Access Manager for WebLogic Server i~#`X8>E",kNDZ 191
3#
20. vZ WebLogic \m~qwO,4(MdC Tivoli Access Manager r#`X8>
E",kNDZ 192 3#
21. g{ WebLogic Server vZ`~qwr:/73P,rXkZ73PDyP\\
WebLogic Server(|(:/I1)OtC Tivoli Access Manager for WebLogic#
*K,+tTD~S WebLogic \m~qwODTB?<4F=rPD?v\\
WebLogic Server O#
BEA_WLS_HOME\jdk_location\jre\amwls\
":7#z+tTD~4F=?v\\ WebLogic Server OD`,;C#
22. XBt/ WebLogic Server#
23. I!:* WebLogic Server dC%;"a~q#`X8>E",kNDZ 195 3#
":g{Z4( Tivoli Access Manager r148( SSO !n,rXkZ4PK
=h.0|B amsspi.properties D~#PX|BKtTD~D8>E",k
ND6IBM Tivoli Access Manager for e-business BEA WebLogic Server /I
8O7#
20 Tivoli Access Manager for WebLogic
Z 15 B 20 Tivoli Access Manager for WebLogic 189
24. i$Q}720 Tivoli Access Manager for WebLogic Tk Tivoli Access Manager
"am~qw0 policy server ;p9C#`X8>E",kNDZ 197 3D:bT
dC;#
bMjIK Tivoli Access Manager for WebLogic 53D20#*20m;v Tivoli
Access Manager 53,kq-Z 24 3D:20}L;PD=h#
* startWebLogic |nhC CLASSPATHstartWebLogic |nCZt/ WebLogic Server#zh*^D CLASSPATH 73d?T
9 startWebLogic ITCJM0k}7D Java `#
":ZLxxPb)dC=h.0,k7#z4(K WebLogic r#
** startWebLogic hC CLASSPATH,kq-TBb)=h:
1. g{ WebLogic Server }ZKP,r"4#9|#
2. +TBD~{mS= startWebLogic |nD CLASSPATH d?:
v Z UNIX 53O:
/opt/pdwls/lib/AMSSPICore.jar/opt/pdwls/lib/rbpf.jar
v Z Windows 53O:
C:\amwls_install_dir\lib\AMSSPICore.jarC:\amwls_install_dir\lib\rbpf.jar
startWebLogic |n;Zy20D BEA WebLogic Server rD?<P#Zj<2
0P,K;CgB:
v Z UNIX 53O:
/wls_install_dir/user_projects/domain_name
v Z Windows 53O:
C:\wls_install_dir\user_projects\domain_name
dP domain_name GzZ4( BEA WebLogic Server r1!qD{F#
3. g{z20KoT'V|,r9Xk+ nls 76mS= startWebLogic E>P(
eD CLASSPATH,gBy>:
v Z UNIX 53O:
/opt/pdwls/nls/java/com/tivoli/pdwls/nls
v Z Windows 53O:
C:\Progra~1\Tivoli\pdwls\nls\java\com\tivoli\pdwls\nls
":mS nls ?<9zITCJIoT|20ZTB?<.;PDJ4x:
v Z UNIX 53O:
/opt/pdwls/nls/java/com/tivoli/pdwls/nls/
v Z Windows 53O:
c:\amwls_install_dir\nls\java\com\tivoli\pdwls\nls
20 Tivoli Access Manager for WebLogic
190 IBM Tivoli Access Manager for e-business: Web Security 208O
dC Tivoli Access Manager for WebLogicTBwZhvgNdC Access Manager for WebLogic Server i~#zIT9C Console
Extension Web &CLrr|nP4dC Access Manager for WebLogic Server#
|,TBwZ:
v :9C Console Extension Web &CLr;
v Z 192 3D:9C|nP;
":
1. ZjIb)8>E".0Xk4( BEA WebLogic Server r#
2. zZdCZda)DE"f"ZtTD~P#zIT9Cb)tTD~4|D Tivoli
Access Manager for WebLogic DP*#PXtTD~DN<E",kND6IBM
Tivoli Access Manager for e-business BEA WebLogic Server /I8O7#
9C Console Extension Web &CLr
*9C Console Extension Web &CLr4dC Access Manager for WebLogic Server,
kq-TBb)=h:
1. gBy>t/ BEA WebLogic Server:
v Z UNIX 53O:
/amwls_install_dir/user_projects/domain_name/startWebLogic.sh
v Z Windows 53O:
C:\amwls_install_dir\user_projects\domain_name/startWebLogic.cmd
2. r* Web /@w",S=w\ BEA WebLogic D53OD BEA WebLogic XF
(#}g:
http://weblogic_server_name:7001/console
":1! BEA WebLogic Server KZ* 7001#C5GIdCD#
+T> BEA WebLogic Server G<0Z#
3. T_P\m1X(DC'm]G<#
4. *?pK Web &CLr,kq-TBb)=h:
a. S BEA WebLogic Server w3OD0rdC1uyP!q Web &CLr#
b. !qdCB Web &CLr4S#
c. !q(}/@wxPOX4S#
d. /@TB&CLr"%wOX:
amwls_install_dir\lib\AMWLSConsoleExtension.war
e. * AMWLSConsoleExtension.war %w!q4S#
f. !q?p?j"%wdCMT>#
*i$ Console Extension Web &CLrQI&?p,k9*s`0qPD0?
p 1 D ~ P # S B 4 , 9 * 0 W e b & C L r 1 D ~ P T T > P m P D
AMWLSConsoleExtensions#k"b,ZXF(0Zs`D BEA WebLogic Server
<=0qP9T>K;v Access Manager <j#
5. *dC Tivoli Access Manager r,k%w BEA WebLogic Server <=0qPD
Access Manager <j#
20 Tivoli Access Manager for WebLogic
Z 15 B 20 Tivoli Access Manager for WebLogic 191
+T>dC0Z#
6. dkdC!n(gZ 386 3D:AMWLSConfigure –action config;Pyhv),;
s%w&C#
g{dCI&,r Console Extension Web &CLr+T>04(r13#
K1XkZ WebLogic \m~qwO4(MdC Tivoli Access Manager r#`X8>
E",kNDZ 192 3#
9C|nP
*9C|nP4dC Access Manager for WebLogic Server i~,kq-TBb)=h:
1. gBy>t/ BEA WebLogic Server:
v Z UNIX 53O:
/wls_install_dir/user_projects/domain_name/startWebLogic.sh
v Z Windows 53O:
C:\wls_install_dir\user_projects\domain_name/startWebLogic.cmd
2. g{zZ20Zd;P+ Access Manager for WebLogic Server 20Z1!?<P,
r+ AMWLSConfigure E>PD AMSSPI_DIR d?hC*5J20?<D{F#
,y,g{ WebLogic ;P20Z1!;CPr_z}Z9C WebLogic Server
V8.1,rC AMWLSConfigure E>PD WebLogic.jar D}7;C4|B WLS_JAR
d?#
3. *dC Access Manager for WebLogic Server i~,k4PTBYw.;:
v S_P4CJ(D?<KP AMWLSConfigure E>(UNIX)rz&mD~
(Windows):
– Z UNIX 53O:
opt/pdwls/sbin/AMWLSConfigure.sh
– Z Windows 53O:
c:\amwls_install_dir\pdwls\sbin\AMWLSConfigure.bat
v gBy>KP AMWLSConfigure 5CLr:
AMWLSConfigure -action config [options ...]
*T>++]x AMWLSConfigure DXh5MI!5,kdkTBZ]:
AMWLSConfigure -help [action]
":PX AMWLSConfigure -action config !nDhv,kNDZ 386 3D
:AMWLSConfigure –action config;#
K1XkZ WebLogic \m~qwO4(MdC Tivoli Access Manager r#`X8>
E",kNDZ 192 3#
4( Tivoli Access Manager r
ZdC Access Manager for WebLogic Server * BEA WebLogic Server a)2+T.
s,zXk4(*k Tivoli Access Manager 2+T`X*Dr#k"b,vZrPD
WebLogic \m~qwOxG\\ WebLogic Server O4PKNq#
20 Tivoli Access Manager for WebLogic
192 IBM Tivoli Access Manager for e-business: Web Security 208O
zIT9C Console Extension Web &CLrr|nP44(MdCCr#|,TBw
Z:
v :9C Console Extension Web &CLr;
v :9C|nP;
vTZ Active Directory C':
Z20 Tivoli Access Manager for WebLogic .sT0Z4( Tivoli Access Manager
r.0,zXk+ amwls_install_dir/etc/amsspi.properties D~PD
AdminGroupProp=Administrators hC^D*;,D5#qr,dC+r* Active
Directory PQfZ\m1ix'\#
9C Console Extension Web &CLr
*9C Console Extension Web &CLr44(MdC Tivoli Access Manager r,k
q-TBb)=h:
":g{zF.* BEA WebLogic Server tC%;"a,kq-:9C|nP;PD
8>E"#;'V9C WebLogic Server Console Extension tC%;"a#
1. 9*s`0qPD Access Manager <j,"%w0r1<j#
+T>04(r10Z#
2. dkXhDd?"%w&C#
3. *+ BEA WebLogic Server dCI9C Tivoli Access Manager r,k4PTBY
w.;:
v TZ BEA WebLogic Server 7.0:
a. T_P\m1X(DC'm]G<#
b. Z BEA WebLogic Server <=0qP!qkzDr`XD<j#
+T>0rdC10Z#
c. !q02+T1!n(#
d. S0#f1!n(P,9C01!r1B-Pm!q Access Manager r"%
w&C#
v TZ BEA WebLogic Server 8.1,Ss`0qPD BEA WebLogic Server XF
(O!q02+T1<j#9CB-Pm!q Access Manager r"%w&C#
4. XBt/ BEA WebLogic Server#
5. *bTBD Tivoli Access Manager r}Z}7Kw,ki$ Access Manager <j
PD0C'1M0i1<j|,4T Tivoli Access Manager C'"amDu?#
9C|nP
*9C|nP44(MdC Tivoli Access Manager r,kq-TBb)=h:
1. g{zZ20Zd;P+ Access Manager for WebLogic Server 20Z1!?<P,
rXk+ AMWLSConfigure E>PD AMSSPI_DIR d?hC*5J20?<D{
F#,y,g{ WebLogic ;P20Z1!;CPr_z}Z9C WebLogic Server
V8.1,rC AMWLSConfigure E>PD WebLogic.jar D}7;C4|B WLS_JAR
d?#
20 Tivoli Access Manager for WebLogic
Z 15 B 20 Tivoli Access Manager for WebLogic 193
2. *4(MdC Tivoli Access Manager r,k4PTBYw.;:
v KPdCE>:
– Z UNIX 53O:
opt/pdwls/sbin/AMWLSConfigure.sh
– Z Windows 53O:
c:\amwls_install_dir\pdwls\sbin\AMWLSConfigure.bat
v gBy>KP AMWLSConfigure 5CLr:
AMWLSConfigure -action create_realm [options ...]
*T>++]x AMWLSConfigure DXh5MI!5,kdkTBZ]:
AMWLSConfigure -help [action]
":
1. PX AMWLSConfigure -action create_realm !nDhv,kNDZ 389
3D:AMWLSConfigure –action create_realm;#
2. g{zF.* BEA WebLogic Server tC SSO,k7#zZKPK5CLr
1(eTB!n:
–sso_enabled true
–sso_user sso_user
–sso_pwd sso_pwd
3. Z4PYw0+a>zdk\k#PXK5CLrDj{E",kND IBM
Tivoli Access Manager for e-business Command Reference#
3. *+ BEA WebLogic Server dCI9C Tivoli Access Manager r,k4PTBY
w.;:
v TZ BEA WebLogic Server 7.0:
a. r* Web /@w",S=w\ BEA WebLogic D53OD BEA WebLogic
XF(#}g:
http://weblogic_server_name:7001/console
":7001 G1!D BEA WebLogic Server KZE#C5GIdCD#
+T> BEA WebLogic Server G<0Z#
b. T_P\m1X(DC'm]G<#
c. Z BEA WebLogic Server <=0qP!qkzDr`XD<j#
+T>0rdC10Z#
d. !q02+T1!n(#
e. S0#f1!n(P,9C01!r1B-Pm!q Access Manager r"%
w&C#
v TZ BEA WebLogic Server 8.1,Ss`0qPD BEA WebLogic Server XF
(O!q02+T1<j#9CB-Pm!q Access Manager r"%w&C#
4. XBt/ BEA WebLogic Server#
5. *bTBD Tivoli Access Manager r}Z}7Kw,ki$ Access Manager <j
PD0C'1M0i1<j|,4T Tivoli Access Manager C'"amDu?#
20 Tivoli Access Manager for WebLogic
194 IBM Tivoli Access Manager for e-business: Web Security 208O
dC BEA WebLogic Server %;"a
%;"a(SSO)a);NG<ICJ`v&CLrx;XVpG<=?v&CLr
D\&#TB}LhvgNdC WebSEAL r Web ~qwe~Sx* BEA WebLogic
Server tC%;"a#K}LGI!D#
*dC BEA WebLogic Server %;"a,kjITB=h:
1. 7#z4Z 192 3D:4( Tivoli Access Manager r;PDhvhCTB
AMWLSConfigure –action create_realm dC!n#
–sso_enabled true
–sso_user sso_user
–sso_pwd sso_pwd
2. k4PBPYw.;:
v *dC Web ~qwe~Sx* BEA WebLogic Server tC SSO:
a. `-;ZTB?<PD pdwebpi.conf D~:
– Z UNIX 53O:
/opt/pdwebpi/etc
– Z Windows 53O:
c:\web_server_plugin_install_dir\PDWebPI\etc\
b. *9Cy>O$#i4tCZ(s&m,kZ [common-modules] ZPmST
Bu?,gBy>:
[common-modules]post-authzn = BA
c. Z [BA] ZPmSTBu?,gBy>:
[BA]add-hdr = supplysupply-password = sso_pwd
dP:
supply Z HTTP y>O$(BA)7P8(2,D\kM/rC'
{#
sso_pwd 4Z 192 3D:4( Tivoli Access Manager r;PD(e8
( SSO C'D\k#
PXdCy>O$%;"aD|`E",kND6IBM Tivoli Access Manager
for e-business Plug-in for Web Servers /I8O7#
v *dC WebSEAL Server Sx* WebLogic Server tC SSO:
a. `-;ZTB?<PD webseald.conf D~:
– Z UNIX 53O:
/opt/pdwebpi/etc
– Z Windows 53O:
c:\web_server_plugin_install_dir\Tivoli\PDWeb\etc\
b. Z [junction] ZPmSTBZu?,gBy>:
[junction]basicauth-dummy-passwd = sso_pwd
20 Tivoli Access Manager for WebLogic
Z 15 B 20 Tivoli Access Manager for WebLogic 195
dP sso_pwd GgZ 192 3D:4( Tivoli Access Manager r;Py(eD
SSO C'D\k#
":PXa)M'zm]M1\kDE",kND6IBM Tivoli Access Manager
for e-business WebSEAL \m8O7#
c. #9"XBt/ WebSEAL T9dC|Dz'#
d. 9C Web Portal Manager SZr pdadmin 5CLr4( WebSEAL ac#
}g,9C pdadmin server task create |n"+TB|nw*,xD;
P|ndk:
pdadmin sec_master> server task server_name-host create -t tcp-p wls_listening_port -h weblogic_server -b supply junction_point
20 Tivoli Access Manager for WebLogic
196 IBM Tivoli Access Manager for e-business: Web Security 208O
m 9 PvK4( WebSeal acDXh!n#PX pdadmin server task create|nDN<E",kND IBM Tivoli Access Manager for e-business Command
Reference#PX4( WebSEAL acDE",kND6IBM Tivoli Access Manager
for e-business WebSEAL \m8O7#
m 9. pdadmin server task create dC!n. * m>XhD!n#
dC!n hv
server_name-host 8( WebSEAL Server D{F#zXk<7X4
pdadmin server list |ndvPT>Dq=48(~q
w{F#
T Z _ P 1 ! Q d C { F D % v W e b S E A L
Server,server_name * default-webseald-hostname#T
Z,;53OD`v WebSEAL 5},server_name G
W e b S E A L S e r v e r 5 } D Q d C { F , s z
-webseald-hostname#}g,g{ WebSeal 5}DQd
C { F * w e b s e a l 2, r s e r v e r _ n a m e g B :
webseal2–webseald-hostname#
g{zZ,;~qwO20K WebSEAL D`v5},
r9h*8(~qw5}#
":PXT`v~qw5}4(acD8>E",kN
D6IBM Tivoli Access Manager for e-business WebSEAL
\m8O7#
–h weblogic_server 8( BEA WebLogic Server D DNS wz{r IP X7#
–p wls_listening_port 8( BEA WebLogic Server CZl}DKZ#1!5*
7001#
–b supply 8> WebSEAL rQO$D Tivoli Access Manager C
'{(M'zD-m])a)2,"(C(011)\
k#supply !nTZ SSO GXhD#
junction_point 8(k*CZ4(acD URL ?j;C#
bMjIK BEA WebLogic Server %;"aDdC#
bTdC
*i$Q}720 Tivoli Access Manager for WebLogic T)k Tivoli Access Manager
"am~qw0 policy server ;p9C,kjITB=h:
1. 9C BEA WebLogic Server XF(4(Mi$BDbTC'#
2. dkTB pdadmin |n:
pdadmin sec_master> user show test_user
v i$ account-valid * yes#
v i$ password-valid * yes#
Tivoli Access Manager for WebLogic %;"abv=8Jm(} WebSEAL D%vO
$=h,C=h8wXr BEA WebLogic Server O$C'#zIT(}KP]>&C
Lr47OO$Q}7dC#]>&CLrZ 6IBM Tivoli Access Manager for
e-business BEA WebLogic Server /I8O7 PPhv#
20 Tivoli Access Manager for WebLogic
Z 15 B 20 Tivoli Access Manager for WebLogic 197
198 IBM Tivoli Access Manager for e-business: Web Security 208O
Z 16 B 20 Tivoli Access Manager for WebSphere
>Ba)PX20MdC Tivoli Access Manager for WebSphere DE"#
XZK Web Security 53D|`E",kND6IBM Tivoli Access Manager for
e-business IBM WebSphere Application Server /I8O7#
zIT9CTB20=(.;420K53:
v Z 200 3D:9C20r<20;
v Z 201 3D:9C>z5CLr20;
PX|`E",kND;ZTBX7D WebSphere Information Center:
http://www.ibm.com/software/webservers/appserv/infocenter.html
200*s
Z20MdC Tivoli Access Manager for WebSphere 53.0,k7#4TB3rz
cTBb)*s#;\zF.9CDV20=(,b)*syJC#
1. 7#2+rP20K Tivoli Access Manager "am~qw"policy server M
authorization server#XZ20b)53D8>E",kNDZ 53 3DZ 2 ?V,
:Base 5320;#
":*a_T\,r(izZk WebSphere Application Server `,D53O20
authorization server#
2. 7# WebSphere Application Server 20ZK53O# Tivoli Access Manager for
WebSphere 'V:
v IBM WebSphere Application Server V4.0.6
v IBM WebSphere Application Server Advanced Single Server V4.0.6
v IBM WebSphere Application Server V5.0.2
v IBM WebSphere Application Server V5.1
3. 7# Tivoli Access Manager 'VKP WebSphere Application Server D=(#9k
7#20KyPX*DYw539!#`XE",kNDZ 33 3D:\'VD=
((|(Xh9!);#
4. TZ\'VD WebSphere Application Server(Advanced Single Server V4.0.6 }b),
k4PTBYw:
v 7# Tivoli Access Manager policy server M WebSphere Application Server d
CI9C`,DC'"am#
v g{ policy server y] WebSphere 2+T9CDVP"amxPdC,r+V
PD WebSphere C'MiSC'"am<k= Tivoli Access Manager "am#
=#jIZ 207 3D:<kVPDC'Mi;PD8>E"#
5. 4(\mC'T4PX(Z WebSphere Application Server DNq#jIZ 207 3D
:* WebSphere 4( Tivoli Access Manager \mC';PD8>E"#
© Copyright IBM Corp. 2001, 2003 199
6. tC WebSphere Application Server 2+T#jIZ 208 3D:tC WebSphere 2
+T;PD8>E"#
9C20r<20
"bBn
g{z}Z9C WebSphere Application Server V5.1,r;h*20#kq-Z
201 3D:9C>z5CLr20;PT&ZX(=(DdC8>E"#
install_amwas 20r<(}TJ13r20MdCTBi~r/K Tivoli Access
Manager for WebSphere 53D20:
v Access Manager Java Runtime Environment V5.1
v Access Manager for WebSphere Application Server V5.1
":Cr<lbi~GqQ20,R;"TYN20|#
*9C install_amwas r<20MdC Tivoli Access Manager for WebSphere 53,
kq-TBb)=h:
1. 7#QzcZZ 199 3D:200*s;PPvD*s#
2. *9C}"o(1!oT)TbDoTi44,M{",XkZKP20r<.0
20oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
3. + WAS_HOME 73d?hC* WebSphere Application Server 20?<#*K,P;
= 2 0 K W e b S p h e r e A p p l i c a t i o n S e r v e r D b i n ? < " K P
setupCmdLine.sh(UNIX)r setupCmdLine.bat(Windows)#
4. vZ UNIX 53O,+ PDWAS_HOME 73d?hC* Tivoli Access Manager for
WebSphere 20?<#}g:
PDWAS_HOME=/opt/amwasexport PDWAS_HOME
":Z Windows 53O,PDWAS_HOME d?Q-fZZ73P#
5. vZ Windows 53O,KvyP}ZKPDLr#
6. #9 WebSphere Application Server#
7. k4PBPYw.;:
v g{f WebSphere Application Server ;pa)D JRE 20Z1!?<P,kK
P install_amwas Lr,CLr;ZT&Z\'VD
AIX"HP-UX"Linux"Solaris M Windows =(D IBM Tivoli Access Manager Web
Security CD ODy?<B#
v g{f WebSphere Application Server ;pa)D JRE 420Z1!?<P,k
gBKP install_amwas r<:
install_amwls -is:javahome websphere_install_dir/AppServer/java/jre
20r<(}a>zdkZ 302 3D:install_amwas;PhvDdCE"*<KP#
Zza)KE"(rS\1!5).s,i~Z;Px;=I$DivBjI20
MdC#
20 Tivoli Access Manager for WebSphere
200 IBM Tivoli Access Manager for e-business: Web Security 208O
":
1. zIT4(l&D~Tr/ Tivoli Access Manager i~D20MdC#20}
LSl&D~A!E",x;Ga>zn4UW#PX|`E",kNDZ
435 3DZ 27 B, :9Cl&D~;#
2. 1a>a) Access Manager Java Runtime Environment dC!n1,k7#z
*k WebSphere Application Server ;pa)M20D JRE 8(?<#}g:
v Z UNIX O:
websphere_install_dir/AppServer/java/jre
v Z Windows O:
websphere_install_dir\AppServer\java\jre
8. g{53PD J2EE &CLrxP8(K2+_TD EAR D~,rzXk(F
WebSphere 2+hC#`X8>E",kNDZ 211 3#
9. t/ WebSphere Application Server#
bMjIK Tivoli Access Manager for WebSphere 53D20#*20m;v Tivoli
Access Manager 53,kq-Z 24 3D:20}L;PD=h#
k"b,Z9C Tivoli Access Manager for WebSphere .0,zXk*h*#$D?
v&CLr(F&CLr EAR D~#PX8>E",kND6IBM Tivoli Access
Manager for e-business IBM WebSphere Application Server /I8O7PXZ(F2+
G+DE"#
9C>z5CLr20
TBwZ9z\;9Cl$DX(Z=(D5CLr20 Tivoli Access Manager m~#
kT/20r<;,,zXkTJ1D3rV/20?vi~MNNX8m~#
jIJCZzDYw53D8>E":
v AIX,ZZ 201 3O
v HP-UX,ZZ 202 3O
v Linux,ZZ 203 3O
v Solaris,ZZ 204 3O
v Windows,ZZ 206 3O
AIX:20 Tivoli Access Manager for WebSphereTB}L9C installp 420m~|,"9C pdjrtecfg M pdwascfg 5CLr4d
C|G#
*Z AIX O20MdC Tivoli Access Manager for WebSphere,kq-TBb)=h:
1. T root C'm]G<#
2. 7#QzcZZ 199 3D:200*s;PPvD*s#
3. g{z}Z9C WebSphere Application Server V5.1,kxAZ 202 3D 8 =Td
C Access Manager Java Runtime Environment#;h*20#
4. ek IBM Tivoli Access Manager Web Security for AIX CD "20|#
5. 20TBm~|:
20 Tivoli Access Manager for WebSphere
Z 16 B 20 Tivoli Access Manager for WebSphere 201
installp -acgXd cd_mount_point/usr/sys/inst.images packages
dP cd_mount_point/usr/sys/inst.images G20 CD D?<,packages gB:
PDJ.rte 8( Access Manager Java Runtime Environment m~|#
PDWAS 8( Access Manager for WebSphere Application Server m~|#
":b)m~|Xk20Zk WebSphere Application Server `,D53O#
6. *9C}"o(1!oT)TbDoTi44,M{",XkZdCm~|.0
20oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
7. ki$ WAS_HOME 73d?QhC* IBM WebSphere Application Server w?<#
*K,kKP;Z20K WebSphere D bin ?<BD setupCmdLine.sh E>,
r_dkTBZ]:
env | grep WAS_HOME
8. *dC Access Manager Java Runtime Environment i~TZf WebSphere Application
Server ;pa)M20D JRE P9C,kP;A /opt/PolicyDirector/sbin ?
<"dkTBZ]:
./pdjrtecfg -action config -host policy_server_host -java_home $WAS_HOME/java/jre -port port
":PXK5CLrD|`E",kNDZ 412 3D:pdjrtecfg;#
9. dC Access Manager for WebSphere Application Server i~#`X8>E",k
NDZ 210 3#
10. g{53PD J2EE &CLrxP8(K2+_TD EAR D~,rzXk(F
WebSphere 2+hC#`X8>E",kNDZ 211 3#
bMjIK Tivoli Access Manager for WebSphere 53D20#*20m;v Tivoli
Access Manager 53,kq-Z 24 3D:20}L;PD=h#
k"b,Z9C Tivoli Access Manager for WebSphere .0,zXk*h*#$D?
v&CLr(F&CLr EAR D~#PX8>E",kND6IBM Tivoli Access
Manager for e-business IBM WebSphere Application Server /I8O7PXZ(F2+
G+DE"#
HP-UX:20 Tivoli Access Manager for WebSphereTB}L9C swinstall 420m~|,"9C pdjrtecfg M pdwascfg 5CLr4
dC|G#
*Z HP-UX O20MdC Tivoli Access Manager for WebSphere,kjITB=h:
1. T root C'm]G<#
2. 7#QzcZZ 199 3D:200*s;PPvD*s#
3. g{z}Z9C WebSphere Application Server V5.1,kxAZ Z 203 3D 9 =
TdC Access Manager Java Runtime Environment#;h*20#
4. ek IBM Tivoli Access Manager Web Security for HP-UX CD#
5. Zs(Ht/ pfs_mountd,;sYt/ pfsd(g{|GP4KP)#9C
pfs_mount |n20 CD#}g,dkBP|n:
/usr/sbin/pfs_mount /dev/dsk/c0t0d0 /cd-rom
dP /dev/dsk/c0t0d0 G CD h8x /cd-rom G20c#
20 Tivoli Access Manager for WebSphere
202 IBM Tivoli Access Manager for e-business: Web Security 208O
6. 20TBm~|:
swinstall -s /cd-rom/hp packages
dP packages gB:
PDJrte 8( Access Manager Java Runtime Environment m~|#
PDWAS 8( Access Manager for WebSphere Application Server m~|#
":b)m~|Xk20Zk WebSphere Application Server `,D53O#
7. *9C}"o(1!oT)TbDoTi44,M{",XkZdCm~|.0
20oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
8. ki$ WAS_HOME 73d?QhC* IBM WebSphere Application Server w?<#
*K,kKP;Z20K WebSphere D bin ?<BD setupCmdLine.sh E>,
r_dkTBZ]:
env | grep WAS_HOME
9. *dC Access Manager Java Runtime Environment i~TZf WebSphere Application
Server ;pa)M20D JRE P9C,kP;A /opt/PolicyDirector/sbin ?
<"dkTBZ]:
./pdjrtecfg -action config -host policy_server_host -java_home $WAS_HOME/java/jre -port port
":PXK5CLrD|`E",kNDZ 412 3D:pdjrtecfg;#
10. dC Access Manager for WebSphere Application Server i~#`X8>E",k
NDZ 210 3#
11. g{53PD J2EE &CLrxP8(K2+_TD EAR D~,rzXk(F
WebSphere 2+hC#`X8>E",kNDZ 211 3#
12. gBy>6B CD:
pfs_umount -c /cd-rom
dP /cd-rom G20c#
bMjIK Tivoli Access Manager for WebSphere 53D20#*20m;v Tivoli
Access Manager 53,kq-Z 24 3D:20}L;PD=h#
k"b,Z9C Tivoli Access Manager for WebSphere .0,zXk*h*#$D?
v&CLr(F&CLr EAR D~#PX8>E",kND6IBM Tivoli Access
Manager for e-business IBM WebSphere Application Server /I8O7PXZ(F2+
G+DE"#
Linux:20 Tivoli Access Manager for WebSphereTB}L9C rpm 420m~|,"9C pdjrtecfg M pdwascfg 5CLr4dC
|G#
*Z Linux O20MdC Tivoli Access Manager for WebSphere,kjITB=h#
":Linux on zSeries C':zXkWHS IBM Tivoli Access Manager for Linux on
zSeries CD qCT Linux rpm D~DCJ#
1. T root C'm]G<#
2. 7#QzcZZ 199 3D:200*s;PPvD*s#
20 Tivoli Access Manager for WebSphere
Z 16 B 20 Tivoli Access Manager for WebSphere 203
3. g{z}Z9C WebSphere Application Server V5.1,kxAZ 9 =TdC Access
Manager Java Runtime Environment#;h*20#
4. ek IBM Tivoli Access Manager Web Security CD for xSeries or zSeries "20
|#
5. P;A /mnt/cdrom/series ?<,dP /mnt/cdrom G CD D20cx series 8
( xSeries r zSeries#
6. 20TBm~|:
rpm -ihv packages
dP packages gB:
Access Manager Java RuntimeEnvironment
Access Manager for WebSphereApplication Server
Linux on xSeries PDJrte-PD-5.1.0-0.i386.rpm PDWAS-PD-5.1.0-0.i386.rpm
Linux on zSeries PDJrte-PD-5.1.0-0.s390.rpm PDWAS-PD-5.1.0-0.s390.rpm
":b)m~|Xk20Zk WebSphere Application Server `,D53O#
7. *9C}"o(1!oT)TbDoTi44,M{",XkZdCm~|.0
20oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
8. ki$ WAS_HOME 73d?QhC* IBM WebSphere Application Server w?<#
*K,kKP;Z20K WebSphere D bin ?<BD setupCmdLine.sh E>,
r_dkTBZ]:
env | grep WAS_HOME
9. *dC Access Manager Java Runtime Environment i~TZf WebSphere Application
Server ;pa)M20D JRE P9C,kP;A /opt/PolicyDirector/sbin ?
<"dkTBZ]:
./pdjrtecfg -action config -host policy_server_host -java_home $WAS_HOME/java/jre -port port
":PXK5CLrD|`E",kNDZ 412 3D:pdjrtecfg;#
10. dC Access Manager for WebSphere Application Server i~#`X8>E",k
NDZ 210 3#
11. g{53PD J2EE &CLrxP8(K2+_TD EAR D~,rzXk(F
WebSphere 2+hC#`X8>E",kNDZ 211 3#
bMjIK Tivoli Access Manager for WebSphere 53D20#*20m;v Tivoli
Access Manager 53,kq-Z 24 3D:20}L;PD=h#
k"b,Z9C Tivoli Access Manager for WebSphere .0,zXk*h*#$D?
v&CLr(F&CLr EAR D~#PX8>E",kND6IBM Tivoli Access
Manager for e-business IBM WebSphere Application Server /I8O7PXZ(F2+
G+DE"#
Solaris:20 Tivoli Access Manager for WebSphereTB}L9C pkgadd 420m~|,"9C pdjrtecfg M pdwascfg 5CLr4d
C|G#
*Z Solaris O20MdC Tivoli Access Manager for WebSphere,kjITB=h:
20 Tivoli Access Manager for WebSphere
204 IBM Tivoli Access Manager for e-business: Web Security 208O
1. T root C'm]G<#
2. 7#QzcZZ 199 3D:200*s;PPvD*s#
3. g{z}Z9C WebSphere Application Server V5.1,kxAZ 8 =TdC Access
Manager Java Runtime Environment#;h*20#
4. ek IBM Tivoli Access Manager Web Security for Solaris CD#
5. 20TBm~|(;N;v):
pkgadd -d /cdrom/cdrom0/solaris -a /cdrom/cdrom0/solaris/pddefault packages
dP:
-d /cdrom/cdrom0/solaris
8(m~|D;C#
-a /cdrom/cdrom0/solaris/pddefault
8(20\mE>D;C#
packages gB:
PDJrte 8( Access Manager Java Runtime Environment m~|#
PDWAS 8( Access Manager WebSphere Application Server m~|#
":b)m~|Xk20Zk WebSphere Application Server `,D53O#
6. *9C}"o(1!oT)TbDoTi44,M{",XkZdCm~|.0
20oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
7. ki$ WAS_HOME 73d?QhC* IBM WebSphere Application Server w?<#
*K,kKP;Z20K WebSphere D bin ?<BD setupCmdLine.sh E>,
r_dkTBZ]:
env | grep WAS_HOME
8. *dC Access Manager Java Runtime Environment i~TZf WebSphere Application
Server ;pa)M20D JRE P9C,kP;A /opt/PolicyDirector/sbin ?
<"dkTBZ]:
./pdjrtecfg -action config -host policy_server_host -java_home $WAS_HOME/java/jre -port port
":PXK5CLrD|`E",kNDZ 412 3D:pdjrtecfg;#
9. dC Access Manager for WebSphere Application Server i~#`X8>E",k
NDZ 210 3#
10. g{53PD J2EE &CLrxP8(K2+_TD EAR D~,rzXk(F
WebSphere 2+hC#`X8>E",kNDZ 211 3#
bMjIK Tivoli Access Manager for WebSphere 53D20#*20m;v Tivoli
Access Manager 53,kq-Z 24 3D:20}L;PD=h#
k"b,Z9C Tivoli Access Manager for WebSphere .0,zXk*h*#$D?
v&CLr(F&CLr EAR D~#PX8>E",kND6IBM Tivoli Access
Manager for e-business IBM WebSphere Application Server /I8O7PXZ(F2+
G+DE"#
20 Tivoli Access Manager for WebSphere
Z 16 B 20 Tivoli Access Manager for WebSphere 205
Windows:20 Tivoli Access Manager for WebSphereTB}L9C setup.exe Lr420m~|,"9C pdjrtecfg M pdwascfg 5CL
r4dC|G#
*Z Windows O20MdC Tivoli Access Manager for WebSphere,kq-TBb)
=h:
1. T_P\m1X(DC'm]G<#
2. 7#QzcZZ 199 3D:200*s;PPvD*s#
3. g{z}Z9C WebSphere Application Server V5.1,kxAZ 15 =TdC Access
Manager Java Runtime Environment#;h*20#
4. ek IBM Tivoli Access Manager Web Security for Windows 2000 and Windows 2003
CD#
5. 20 Access Manager Java Runtime Environment M Access Manager for WebSphere
Application Server m~|#*jIbnYw,kKP;ZTB?<D setup.exe D
~:
\windows\PolicyDirector\Disk Images\Disk1\setup.exe
+T>0!q20oT1T0r#
6. !qk*CZ20DoT,"%w7(#
7. +T>06-1T0r#%wB;=Lx#
8. DAmI$-i,g{,bb)un,r%wG#
9. !qTBm~|"%wB;=:
v Access Manager Java Runtime Environment
v Access Manager for WebSphere Application Server
10. S\1!?DX?<,r%w/@TZ>X53O!qm;v?<D76#g{
C?<;fZ,rzXk7O*4(C?<,r_8(QfZD?<#
11. **<4FD~=?DXD~P,%wB;=#
12. %wjIKvLr#
13. *9C}"o(1!oT)TbDoTi44,M{",XkZdCm~|.0
20oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
14. ki$ WAS_HOME 73d?QhC* IBM WebSphere Application Server w?<#
15. *dC Access Manager Java Runtime Environment i~TZf WebSphere Application
Server ;p20D JRE P9C,kP;A install_dir\sbin ?<(}g
C:\Program Files\Tivoli\Policy Director\sbin)"dkTBZ]:
pdjrtecfg -action config -host policy_server_host -java_home %WAS_HOME\java\jre -port port
":PXK5CLrD|`E",kNDZ 412 3D:pdjrtecfg;#
16. dC Access Manager for WebSphere Application Server i~#`X8>E",k
NDZ 210 3#
17. g{53PD J2EE &CLrxP8(K2+_TD EAR D~,rzXk(F
WebSphere 2+hC#`X8>E",kNDZ 211 3#
bMjIK Tivoli Access Manager for WebSphere 53D20#*20m;v Tivoli
Access Manager 53,kq-Z 24 3D:20}L;PD=h#
20 Tivoli Access Manager for WebSphere
206 IBM Tivoli Access Manager for e-business: Web Security 208O
k"b,Z9C Tivoli Access Manager for WebSphere .0,zXk*h*#$D?
v&CLr(F&CLr EAR D~#PX8>E",kND6IBM Tivoli Access
Manager for e-business IBM WebSphere Application Server /I8O7PXZ(F2+
G+DE"#
<kVPDC'Mi
TZ\'VD WebSphere Application Server(Advanced Single Server V4.0.6 }b),
g{ policy server y] WebSphere 2+T9CDVP"amxPdC,rXk+VP
D WebSphere C'MiSC'"am<k= Tivoli Access Manager "am#=#Z(
F|,b)C'MiD&CLr.04PK}L#
<kC'4Y( policy server ZxPdC1ay] WebSphere 2+TQ-9CDVP
"am4dC#g{;GbViv,z^h<kVPC'#
zIT(}V$9C pdadmin 5CLr+C'Mi<k="amP#}g:
pdadmin sec_master> user import marga "cn=Margaret Averett,o=IBM,c=us,dc=mkt"pdadmin sec_master> group import engineering "cn=engineering,o=IBM,c=US"
":PX<kC'MiDE",kND6IBM Tivoli Access Manager Base \m8O7#
g{z}Z9C IBM Tivoli Directory Server "RPs?DC'Mi,k<G9C
bulkload 5CLr#C LDAP 5CLrZ6IBM Tivoli Access Manager for e-business
T\w{8O7PPhv#
* WebSphere 4( Tivoli Access Manager \mC'
WebSphere h* Tivoli Access Manager C'44P\mNq,gG<=XF(#g{
zQ-tCK WebSphere 2+T,rXk+ WebSphere Application Server \mC'
<k= Tivoli Access Manager TsUdP#qr,zXk* WebSphere 4( Tivoli
Access Manager \mC',;stC WebSphere 2+T(gZ 208 3D:tC
WebSphere 2+T;Pyhv)#
zIT9C Web Portal Manager SZr pdadmin |n<kr4(C'#}g,gB
9C pdadmin T sec_master \mC'm]G<:
pdadmin -a sec_master -p sec_master_password
*4({* wsadmin DC',k+TB|nw*,xD;P|ndk:
pdadmin sec_master> user create wsadmin cn=wsadmin,o=organization,c=countrywsadmin wsadmin myPassword
*9C'J'P',k9C pdadmin user modify |n+ account-valid j>hC
* yes,gBy>:
pdadmin sec_master> user modify wsadmin account-valid yes
PX|`E",kND6IBM Tivoli Access Manager Base \m8O7#
20 Tivoli Access Manager for WebSphere
Z 16 B 20 Tivoli Access Manager for WebSphere 207
tC WebSphere 2+T
9C Tivoli Access Manager for WebSphere tC2+TD=hktC>zD WebSphere
Application Server 2+TD=hj+`,#*<GDBn|(:
v Z20MdC Tivoli Access Manager for WebSphere .0tC WebSphere 2+T#
v Tivoli Access Manager M WebSphere 2m`,DC'"am#rK,h*+
WebSphere dCI9Ck Tivoli Access Manager yC`,DC'"am#
v 19C WebSphere \mXF(dC LDAP "am1,k7#Q!q*J'_T9C
Tivoli Access Manager 4!r#
jITBBZ.;PD8>E":
v :tC WebSphere V4.0.6 2+T;
v Z 209 3D:tC WebSphere V5.0.2 r 5.1 2+T;
tC WebSphere V4.0.6 2+T
*tC WebSphere Application Server V4.0.6 2+T,kq-TBb)=h:
1. gBt/ WebSphere \m~qw:
v Z AIX 53O:
/usr/WebSphere/AppServer/bin/adminserver
v Z HP-UX"Linux M Solaris 53O:
/opt/WebSphere/AppServer/bin/adminserver
v Z Windows 53O:
c:\websphere\appserver\bin\adminserver
2. ~qwt/s,kgBt/ WebSphere \mM'z:
v Z AIX 53O:
/usr/WebSphere/AppServer/bin/adminclient
v Z HP-UX"Linux M Solaris 53O:
/opt/WebSphere/AppServer/bin/adminclient
v Z Windows 53O:
c:\websphere\appserver\bin\adminclient
3. !qXF( → 2+PD#
4. !q#f!n(#!PtC2+Tr#
5. !qO$!n(#
a. !q LTPA "hCTBhC:
v nF''Z:120
v r
}g:mydomain.ibm.com
b. !q?<`M,;s%w7(#}g,!q LDAP "8(kTBZ]`FDt
T:
20 Tivoli Access Manager for WebSphere
208 IBM Tivoli Access Manager for e-business: Web Security 208O
6. R|%w WebSphere \mr → Zc → wz{
7. !qXBt/#
tC WebSphere V5.0.2 r 5.1 2+T
*tC WebSphere Application Server V5.0.2 r V5.1 2+T,kq-TBb)=h:
1. t/ WebSphere \m~qw#
2. ~qwt/s,gBr*\mXF(:
http://localhost:9090/admin/
3. TN;C'Dm]G<#
4. dCC'"am#}g,TZ LDAP ~qw,k4PTBYw:
a. !q2+T → C'"am → LDAP
b. dC`Fm 11 Py>Z]D LDAP tT,;s%w&C#
m 10. #ftT
#ftT 5
2+~qwj6 cn=wsadmin,o=ibm,c=us
2+~qw\k myPassword
wz ldapserver.mydomain.ibm.com
?<`M SecureWay
y> DN o=ibm,c=us
Bind DN cn=root
Bind \k myPassword
m 11. #ftT
#ftT 5
~qwC'j6 cn=wsadmin,o=ibm,c=us
~qwC'\k myPassword
`M IBM_Directory_Server
wz ldapserver.mydomain.ibm.com
KZ 389
y> DN o=ibm,c=us
Bind DN cn=root
Bind \k myPassword
Qw,1 120
XB9C,S true
vTs!4 true
SSL QtC false
SSL dC cellname/DefaultSSLSetting
*J'_T9C Tivoli Access Manager
(vZ WebSphere V5.1 Oa>)
!qK4!r+ WebSphere V5.1 dCI(}
Tivoli Access Manager O$#
20 Tivoli Access Manager for WebSphere
Z 16 B 20 Tivoli Access Manager for WebSphere 209
5. gBdC LTPA O$:
a. !qO$zF → LTPA
b. hC\kTS\Mb\ LTPA \?#
c. + LTPA ''\?,15hC* 120#
d. Z,;v0ZP,YNdk\kT7O#
e. %w&C#
f. SA;W?D=StT?V,!q%;"a(SSO)#
g. tC%;"a"dk%;"a DNS r{#
h. %w&C#
6. dC2+ThC:
a. !q2+T → +V2+T
b. dC`FTBDhC,;s%w&C#
7. %w#f4S#
8. %w#f4%T#fwdC#
9. S WebSphere Application Server \mXF("z#
10. XBt/ WebSphere Application Server#
dC Tivoli Access Manager for WebSphere>ZhvgN+ Access Manager for WebSphere Application Server i~dCI
WebSphere Application Server D1!2+Z(a)Lr#ZK}LP,Ki~2,S=
Tivoli Access Manager r#
":g{9CK install_amwas r<420MdC Tivoli Access Manager for
WebSphere 53,rIx}>ZPD8>E"#20r<T/dCKi~#
*dC Access Manager for WebSphere Application Server i~,kq-TBb)=h:
1. 7# WAS_HOME 73d?QhC* WebSphere Application Server 20?<#
2. vZ UNIX 53O,+ PDWAS_HOME 73d?hC* Tivoli Access Manager for
WebSphere 20?<#}g:
PDWAS_HOME=/opt/amwasexport PDWAS_HOME
m 12. 2+ThC
2+ThC 5
QtC true
5) Java 2 2+T false
9Cr^(C'j6 true
_Y:f,1 600
"vmI(/f true
n/-i CSI M SAS
n/DO$zF LTPA
n/DC'"am LDAP
20 Tivoli Access Manager for WebSphere
210 IBM Tivoli Access Manager for e-business: Web Security 208O
":Z Windows 53O,PDWAS_HOME d?Q-fZZ73P#
3. KP;Z WAS_HOME\bin ?<PD pdwascfg 5CLr44PdC#}g,Z20
K WebSphere Application Server V5.0.2 r 5.1 D Windows 53O,dkTBZ
]:
%WAS_HOME%\bin\pdwascfg.bat -action configWAS5-remote_acl_user remote_ACL_user_name-sec_master_pwd sec_master_pwd-pdmgrd_host policy_server_hostname-pdacld_host authorization_server_hostname-was_home WAS_home-amwas_home WAS_home -embedded true -action_type local
dP remote_ACL_user_name T&ZdCy4(DC'#KC'C4k Tivoli Access
Manager ~qwxPyPD(E#bGv;&CZNNd|C>DXbC'#
":pdwascfg 5CLr+ WebSphere Application Server dCI9C Tivoli Access
Manager for WebSphere w*Z(a)Lr#PXK5CLrD|`E",kN
DZ 417 3D:pdwascfg;#
4. *i$ pdwascfg |nQI&jI,k7#4(K PdPerm.properties D~#}
g,g{z+ WebSphere Application Server 20Z1!20?<P,r
PdPerm.properties D~D76gB:
v Z AIX 53O:
/usr/WebSphere/AppServer/java/jre/PdPerm.properties
v Z HP-UX"Linux M Solaris 53O:
/opt/WebSphere/AppServer/java/jre/PdPerm.properties
v Z Windows 53O:
– TZ WebSphere Application Server V4.0.6:
C:\WebSphere\AppServer\java\jre\PdPerm.properties
– TZ WebSphere Application Server V5.0.2 r 5.1:
C:\Program Files\WebSphere\AppServer\java\jre\PdPerm.properties
":pdwascfg 5CLr4( AMWASConfig.log D~,CD~+;ZzKPK5C
Lr1yZD?<P#
(F WebSphere 2+ThC
J2EE &CLrD2+E"Xk(F= Tivoli Access Manager _T}]bP#Tivoli
Access Manager for WebSphere a)CZKC>D(F5CLr#k"b,K}Lvh
*Z_Px EAR D~(b)D~8(2+_T)D J2EE &CLrD53O4P#
jITBBZ.;PD8>E":
v :(F WebSphere V4.0.6 2+ThC;
v Z 213 3D:(F WebSphere V5.0.2 r 5.1 2+ThC;
(F WebSphere V4.0.6 2+ThC
Zt/ WebSphere .0,Xk+&CLr2+_TS WebSphere admin.ear ?phv
{D~(F= Tivoli Access Manager _T}]b#(F5CLrZ Tivoli Access
Manager TsUdP4(zm WebSphere J4DTs#
20 Tivoli Access Manager for WebSphere
Z 16 B 20 Tivoli Access Manager for WebSphere 211
*(F WebSphere Application Server V4.0.6 2+ThC,kq-TBb)=h:
1. g{ WebSphere }ZKP,r#9|#
2. 7# WAS_HOME 73d?QhC* WebSphere Application Server 20?<#
3. P;A migrateEAR4 5CLryZD?<:
v Z UNIX 53O:
/opt/amwas/bin
v Z Windows 53O:
C:\Program Files\Tivoli\amwas\bin
4. KP(F5CLr4(F|,Z admin.EAR PD}]#9CZ 397 3D
:migrateEAR4;PPvDN}hv#}g,+TB|nw*,xD;P|nd
k:
v Z AIX 53O:
migrateEAR4 -j /usr/WebSphere/AppServer/config/admin.ear-a sec_master-p sec_master_password-w wsadmin-d "o=ibm,c=us"-c file:/usr/WebSphere/AppServer/java/jre/PdPerm.properties
v Z HP-UX"Linux M Solaris 53O:
migrateEAR4 -j /opt/WebSphere/AppServer/config/admin.ear-a sec_master-p sec_master_password-w wsadmin-d "o=ibm,c=us"-c file:/opt/WebSphere/AppServer/java/jre/PdPerm.properties
v Z Windows 53O:
migrateEAR4 -j c:\WebSphere\AppServer\config\admin.ear-a sec_master-p sec_master_password-w wsadmin-d "o=ibm,c=us"-c file:/c:\WebSphere\AppServer\java\jre\PdPerm.properties
":Windows *srs:(Z}EZ#
5. (FK admin.ear D~.s,Xk+ pdwas-admin imS=\m ACL#^[N
1(F admin.ear D~<*4PK=h#*K,k9C pdadmin 5CLr"+T
B|nw*,xD;P|ndk:
pdadmin sec_master> acl modify _WebAppServer_deployedResources_AdminRole_admin_ACLset group pdwas-admin T[WebAppServer]i
g{2+r|,`v authorization server,r9C pdadmin 44P server replicate|nT7#C ACL |D"4|ByP authorization server#
6. t/ WebSphere Application Server#
jI(F1+T>4,{"#5CLrDdv+G<=ZKP5CLrD?<P4(
D pdwas_migrate.log D~#liU>D~T7#*&CLr(FKyP_T#g{U
>D~T>ms,kliO;NG<DBq,|}ms4"XBKP(F5CLr#
g{(F;I&,ki$z* –c M –j !na)K5#
20 Tivoli Access Manager for WebSphere
212 IBM Tivoli Access Manager for e-business: Web Security 208O
(F5CLrh*CJ admin.ear D~#1!ivB,&CLrc`$_|,TD5`
M(e(DTD)j<D;CD URL }C#rK,i/?phv{ DTD +h*krX
xxP,S#g{wz4,S=rXx,r9C DTD D>X1>#ZKivB,+?
phv{|B*8r>X DTD#
/f: ZdCKu<20.s,IT+=SD Tivoli Access Manager for WebSphere
20dC=2+rP#`X8>E",kND6IBM Tivoli Access Manager for e-business
IBM WebSphere Application Server /I8O7#
(F WebSphere V5.0.2 r 5.1 2+ThC
Zt/ WebSphere .0,zXk+&CLr2+_TS WebSphere adminconsole.ear
?phv{D~(F= Tivoli Access Manager _T}]b#(F5CLrZ Tivoli
Access Manager TsUdP4(zm WebSphere J4DTs#
*(F WebSphere Application Server V5.0.2 r 5.1 2+ThC,kq-TBb)=
h:
1. g{ WebSphere }ZKP,r#9|#
2. 7# WAS_HOME 73d?QhC* WebSphere Application Server 20?<#
3. P;A migrateEAR5 5CLryZD?<:
v Z UNIX 53O:
/opt/amwas/bin
v Z Windows 53O:
C:\Program Files\Tivoli\amwas\bin
4. KP(F5CLr4(F|,Z adminconsole.EAR"admin-authz.xml M
naming-authz.xml D~PD}]#9CZ 400 3D:migrateEAR5;PPvDN}h
v#}g,+TB|nw*,xD;P|ndk:
v Z AIX 53O:
v Z HP-UX"Linux M Solaris 53O:
migrateEAR5 -j /usr/WebSphere/AppServer/installedApps/cellname/adminconsole.ear-a sec_master -p sec_master_pwd -w wsadmin -d "o=ibm,c=us"-c file:/usr/WebSphere/AppServer/java/jre/PdPerm.properties -e adminconsole
migrateEAR5 -j /usr/WebSphere/AppServer/config/cells/cellname/admin-authz.xml-a sec_master -p sec_master_pwd -w wsadmin -d "o=ibm,c=us"-c file:/usr/WebSphere/AppServer/java/jre/PdPerm.properties
migrateEAR5 -j /usr/WebSphere/AppServer/config/cells/cellname/naming-authz.xml-a sec_master -p sec_master_pwd -w wsadmin -d "o=ibm,c=us"-c file:/usr/WebSphere/AppServer/java/jre/PdPerm.properties
20 Tivoli Access Manager for WebSphere
Z 16 B 20 Tivoli Access Manager for WebSphere 213
v Z Windows 53O:
":
1. Windows *srs:(Z}EZ#
2. -e !nG(F adminconsole.ear D~yXhD,r* WebSphere Application
Server +Z?pZdX|{K&CLr#
jI(F1+T>4,{"#5CLrDdv+G<=ZKP5CLrD?<P4
(D pdwas_migrate.log D~#liU>D~T7#*&CLr(FKyP_T#
g{U>D~T>ms,kliO;NG<DBq,|}ms4"XBKP(F5
CLr#g{(F;I&,ki$z* –c M –j !na)K}7D5#
(F5CLrh*CJ adminconsole.ear D~#1!ivB,&CLrc`$_|
,TD5`M(e(DTD)j<D;CD URL }C#rK,i/?phv{ DTD
+h*krXxxP,S#g{wz4,S=rXx,r9C DTD D>X1>#Z
KivB,+?phv{|B*8r>X DTD#
/f: ZdCKu<20.s,IT+=SD Tivoli Access Manager for WebSphere
20dC=2+rP#`X8>E",kND6IBM Tivoli Access Manager for
e-business IBM WebSphere Application Server /I8O7#
migrateEAR5 -j /opt/WebSphere/AppServer/installedApps/cellname/adminconsole.ear-a sec_master -p sec_master_pwd -w wsadmin -d "o=ibm,c=us"-c file:/opt/WebSphere/AppServer/java/jre/PdPerm.properties -e adminconsole
migrateEAR5 -j /opt/WebSphere/AppServer/config/cells/cellname/admin-authz.xml-a sec_master -p sec_master_pwd -w wsadmin -d "o=ibm,c=us"-c file:/opt/WebSphere/AppServer/java/jre/PdPerm.properties
migrateEAR5 -j /opt/WebSphere/AppServer/config/cells/cellname/naming-authz.xml-a sec_master -p sec_master_pwd -w wsadmin -d "o=ibm,c=us"-c file:/opt/WebSphere/AppServer/java/jre/PdPerm.properties
migrateEAR5 -j "c:\Program Files\WebSphere\AppServer\installedApps\cellname\adminconsole.ear-a sec_master -p sec_master_pwd -w wsadmin -d "o=ibm,c=us"-c file:/"c:\Program Files\WebSphere\AppServer\java\jre\PdPerm.properties" -e adminconsole
migrateEAR5 -j "c:\Program Files\WebSphere\AppServer\config\cells\cellname\admin-authz.xml-a sec_master -p sec_master_pwd -w wsadmin -d "o=ibm,c=us"-c file:/"c:\Program Files\WebSphere\AppServer\java\jre\PdPerm.properties"
migrateEAR5 -j "c:\Program Files\WebSphere\AppServer\config\cells\cellname\naming-authz.xml-a sec_master -p sec_master_pwd -w wsadmin -d "o=ibm,c=us"-c file:/"c:\Program Files\WebSphere\AppServer\java\jre\PdPerm.properties"
20 Tivoli Access Manager for WebSphere
214 IBM Tivoli Access Manager for e-business: Web Security 208O
Z 17 B 20 WebSEAL development(ADK)53
>Ba)XZ20MdC Tivoli Access Manager WebSEAL development(ADK)53
DE"#
XZK Web Security 53D|`E",kND6IBM Tivoli Access Manager for
e-business WebSEAL \m8O7#
zIT9CTB20=(.;420K53:
v :9C20r<20;
v Z 216 3D:9C>z5CLr20;
9C20r<20
install_amwebadk 20r<(}TJ1D3r20MdCTBi~r/K Tivoli Access
Manager WebSEAL development(ADK)53D20:
v Global Security Kit V7
v IBM Tivoli Directory Client V5.2(4h*)
v Access Manager Runtime V5.1
v Access Manager Web Security Runtime V5.1
v Access Manager WebSEAL Server V5.1
v Access Manager Application Development Kit V5.1
v Access Manager WebSEAL Application Development Kit V5.1
":
1. g{zF.Z"am~qwr policy server O20 WebSeal ADK,rXk9C>
z20=(#`X8>E",kNDZ 216 3D:9C>z5CLr20;#
2. Cr<lbi~GqQ20,R;"TYN20|#
*9C install_amwebadk r<20MdC Tivoli Access Manager WebSEAL
development(ADK)53,kq-TBb)=h:
1. 7#Q20yPX*DYw539!#`XE",kNDZ 33 3D:\'VD=
((|(Xh9!);#
2. 7#"am~qwM policy server Qt/"ZKP(Z}#==B)#
3. 7#ZKP20r<.0Q20 IBM JRE 1.3.1(Z AIX O* 1.3.1.5)#`X8>
E",kNDZ 241 3#
4. *9C}"o(1!oT)TbDoTi44,M{",XkZKP20r<.0
20oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
5. vZ Windows 53O:
v SyPKPPDLrKv#
v g{}Z9C Active Directory,rXkZKPK20r<.020 IBM Tivoli
Directory Client#*jIbnYw,kKP;Z cd_drive:\windows\directory\ D
setup.exe Lr#!q20 Client SDK 5.2 &\?~"jI*z8>E"#
© Copyright IBM Corp. 2001, 2003 215
6. KP install_amwebadk Lr,CLr;ZT&Z\'VD
AIX"HP-UX"Linux "Solaris M Windows =(D IBM Tivoli Access Manager Web
Security CD ODy?<P#
20r<(}a>zdkZ 306 3D:install_amwebadk;PhvDdCE"*<K
P#Zza)KE"(rS\1!5).s,i~Z;Px;=I$DivBjI
20MdC#
bMjIK WebSEAL development(ADK)53D20#*20m;v Tivoli Access
Manager 53,kq-Z 24 3D:20}L;PD=h#
9C>z5CLr20
TBwZ9z\;9Cl$DX(Z=(D5CLr20 Tivoli Access Manager m~#
kT/20r<;,,zXkTJ1D3rV/20?vi~MNNX8m~#*Z
20sdCm~|,k9C pdconfig 5CLr#
jIJCZzDYw53D8>E":
v AIX,ZZ 216 3O
v HP-UX,ZZ 217 3O
v Linux,ZZ 218 3O
v Solaris,ZZ 219 3O
v Windows,ZZ 220 3O
AIX:20 WebSEAL development(ADK)53
TB}L9C installp 420m~|,"9C pdconfig 5CLr4dC|G#
*Z AIX O20 Tivoli Access Manager WebSEAL development(ADK)53,kq
-TBb)=h:
1. T root C'm]G<#
2. 7#"am~qwM policy server Qt/"ZKP(Z}#==B)#
3. ek IBM Tivoli Access Manager Web Security for AIX CD "20|#
4. 20 GSKit#`X8>E",kNDZ 233 3#
5. 20 IBM Tivoli Directory Client#`X8>E",kNDZ 238 3#
6. 20TBm~|:
installp -acgXd cd_mount_point/usr/sys/inst.images packages
dP cd_mount_point/usr/sys/inst.images G20 CD D?<,x packages g
B:
PD.RTE 8( Access Manager Runtime m~|#
PDWeb.RTE 8( Access Manager Web Security Runtime m~|#
PDWeb.Web 8( Access Manager WebSEAL Server m~|#
PD.AuthADK 8( Access Manager Application Development Kit m~|#
PDWeb.ADK 8( Access Manager Web Services Application Development Kit m
~|#
20 WebSEAL development(ADK)53
216 IBM Tivoli Access Manager for e-business: Web Security 208O
7. *9C}"o(1!oT)TbDoTi44,M{",XkZdCm~|.02
0oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
8. gBy>dC Access Manager Runtime,;sdC Access Manager WebSEAL Server
m~|:
a. t/dC5CLr:
pdconfig
+T> Tivoli Access Manager hCK%#
b. t!qdCm~|,rdkK%E 1#+T> Tivoli Access Manager dCK
%#
c. !qk*dCDm~|DK%E,;N!q;v#
y]!qDm~|,+rza>dC!n#PXb)dC!nDoz,kND
Z 319 3DZ 23 B, :pdconfig !n;#
1vV{"8>QI&dCm~|1,4 Enter |dCm;vm~|r_!q x!n=NTXUdC5CLr#
bMjIK WebSEAL development(ADK)53D20#*20m;v Tivoli Access
Manager 53,kq-Z 24 3D:20}L;PD=h#
HP-UX:20 WebSEAL development(ADK)53
TB}L9C swinstall 420m~|,"R9C pdconfig 5CLr4dC|G#
*Z HP-UX O20 Tivoli Access Manager WebSEAL development(ADK)53,k
jITB=h:
1. T root C'm]G<#
2. 7#"am~qwM policy server Qt/"ZKP(Z}#==B)#
3. ek IBM Tivoli Access Manager Web Security for HP-UX CD#
4. Zs(Ht/ pfs_mountd,;sYt/ pfsd(g{|GP4KP)#9C
pfs_mount |n20 CD#}g,dkBP|n:
/usr/sbin/pfs_mount /dev/dsk/c0t0d0 /cd-rom
dP /dev/dsk/c0t0d0 G CD h8x /cd-rom G20c#
5. 20 GSKit#`X8>E",kNDZ 233 3#
6. 20 IBM Tivoli Directory Client#`X8>E",kNDZ 238 3#
7. S CD ODy?<dkTB|nT20 LDAP 9!:
am_update_ldap.sh
8. 20TBm~|:
swinstall -s /cd-rom/hp packages
dP /cd-rom/hp 8(?<,packages gB:
PDRTE 8( Access Manager Runtime m~|#
PDWebRTE 8( Access Manager Web Security Runtime m~|#
PDWeb 8( Access Manager WebSEAL Server m~|#
PDADK 8( Access Manager Application Development Kit m~|#
20 WebSEAL development(ADK)53
Z 17 B 20 WebSEAL development(ADK)53 217
PDWebADK 8( Access Manager Web Services Application Development Kit
m~|#
9. *9C}"o(1!oT)TbDoTi44,M{",XkZdCm~|.0
20oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
10. gBy>dC Access Manager Runtime,;sdC Access Manager WebSEAL Server
m~|:
a. t/dC5CLr:
pdconfig
+T> Tivoli Access Manager hCK%#
b. t!qdCm~|,rdkK%E 1#+T> Tivoli Access Manager dC
K%#
c. !qk*dCDm~|DK%E,;N!q;v#
y]!qDm~|,+rza>dC!n#PXb)dC!nDoz,kND
Z 319 3DZ 23 B, :pdconfig !n;#
1vV{"8>QI&dCm~|1,4 Enter |dCm;vm~|r_!q
x !n=NTXUdC5CLr#
11. gBy>6B CD:
pfs_umount -c /cd-rom
dP /cd-rom G20c#
bMjIK WebSEAL development(ADK)53D20#*20m;v Tivoli Access
Manager 53,kq-Z 24 3D:20}L;PD=h#
Linux:20 WebSEAL development(ADK)53
TB}L9C rpm 420m~|,"R9C pdconfig 5CLr4dC|G#
*Z Linux O20 Tivoli Access Manager WebSEAL development(ADK)53,kq
-TBb)=h#
":Linux on zSeries C':zXkWHS IBM Tivoli Access Manager for Linux on
zSeries CD qCT Linux rpm D~DCJ#
1. T root C'm]G<#
2. 7#"am~qwM policy server Qt/"ZKP(Z}#==B)#
3. ekT&Z xSeries"zSeries r pSeries and iSeries D IBM Tivoli Access Manager
Web Security CD,"20|#
4. P;= /mnt/cdrom/series ?<,dP /mnt/cdrom G CD D20cx series 8
( xSeries"zSeries r pSeries#
5. 20 GSKit#`X8>E",kND 234#
6. 20 IBM Tivoli Directory Client#`X8>E",kNDZ 239 3#
7. 20TBm~|:
rpm -ihv packages
dP packages gB:
20 WebSEAL development(ADK)53
218 IBM Tivoli Access Manager for e-business: Web Security 208O
Linux on xSeries Linux on zSeries Linux on pSeries and iSeries
PDRTE-PD-5.1.0-0.i386.rpmPDWebRTE-PD-5.1.0-0.i386.rpmPDWeb-PD-5.1.0-0.i386.rpmPDAuthADK-PD-5.1.0-0.i386.rpmPDWebADK-PD-5.1.0-0.i386.rpm
PDRTE-PD-5.1.0-0.s390.rpmPDWebRTE-PD-5.1.0-0.s390.rpmPDWeb-PD-5.1.0-0.s390.rpmPDAuthADK-PD-5.1.0-0.s390.rpmPDWebADK-PD-5.1.0-0.s390.rpm
PDRTE-PD-5.1.0-0.ppc.rpmPDWebRTE-PD-5.1.0-0.ppc.rpmPDWeb-PD-5.1.0-0.ppc.rpmPDAuthADK-PD-5.1.0-0.ppc.rpmPDWebADK-5.1.0-0.ppc.rpm
8. *9C}"o(1!oT)TbDoTi44,M{",XkZdCm~|.02
0oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
9. gBy>dC Access Manager Runtime,;sdC Access Manager WebSEAL Server
m~|:
a. t/dC5CLr:
pdconfig
+T> Tivoli Access Manager hCK%#
b. t!qdCm~|,rdkK%E 1#+T> Tivoli Access Manager dCK
%#
c. !qk*dCDm~|DK%E,;N!q;v#
y]!qDm~|,+rza>dC!n#PXb)dC!nDoz,kND
Z 319 3DZ 23 B, :pdconfig !n;#
1vV{"8>QI&dCm~|1,4 Enter |dCm;vm~|r_!q x!n=NTXUdC5CLr#
bMjIK WebSEAL development(ADK)53D20#*20m;v Tivoli Access
Manager 53,kq-Z 24 3D:20}L;PD=h#
Solaris:20 WebSEAL development(ADK)53
TB}L9C pkgadd 420m~|,"R9C pdconfig 5CLr4dC|G#
*Z Solaris O20 Tivoli Access Manager WebSEAL development(ADK)53,k
q-TBb)=h:
1. T root C'm]G<#
2. 7#"am~qwM policy server Qt/"ZKP(Z}#==B)#
3. ek IBM Tivoli Access Manager Web Security for Solaris CD#
4. 20 GSKit#`X8>E",kNDZ 235 3#
5. 20 IBM Tivoli Directory Client#`X8>E",kNDZ 239 3#
6. 20TBm~|(;N;v):
pkgadd -d /cdrom/cdrom0/solaris -a /cdrom/cdrom0/solaris/pddefault packages
dP:
-d /cdrom/cdrom0/solaris
8(m~|D;C#
-a /cdrom/cdrom0/solaris/pddefault
8(20\mE>D;C#
20 WebSEAL development(ADK)53
Z 17 B 20 WebSEAL development(ADK)53 219
packages gB:
PDRTE 8( Access Manager Runtime m~|#
PDWebRTE 8( Access Manager Web Security Runtime m~|#
PDWeb 8( Access Manager WebSEAL Server m~|#
PDADK 8( Access Manager Application Development Kit m~|#
PDWebADK 8( Access Manager Web Services Application Development Kit m
~|#
vV;u{"/J:0Do you want to install these as setuid/setgid.1dk Y "4
Enter |#1a>Lx1,dk Y "4 Enter |#
1?vm~|D20}L<QjI1,+T>TB{":
m~|20I&#
7. *9C}"o(1!oT)TbDoTi44,M{",XkZdCm~|.02
0oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
8. gBy>dC Access Manager Runtime,;sdC Access Manager WebSEAL Server
m~|:
a. t/dC5CLr:
pdconfig
+T> Tivoli Access Manager hCK%#
b. t!qdCm~|,rdkK%E 1#+T> Tivoli Access Manager dCK
%#
c. !qk*dCDm~|DK%E,;N!q;v#
y]!qDm~|,+rza>dC!n#PXb)dC!nDoz,kND
Z 319 3DZ 23 B, :pdconfig !n;#
1vV{"8>QI&dCm~|1,4 Enter |dCm;vm~|r_!q x!n=NTXUdC5CLr#
bMjIK WebSEAL development(ADK)53D20#*20m;v Tivoli Access
Manager 53,kq-Z 24 3D:20}L;PD=h#
Windows:20 WebSEAL development(ADK)53
TB}L9C setup.exe Lr420m~|,"R9C pdconfig 5CLr4dC|
G#
*Z Windows O20MdC Tivoli Access Manager WebSEAL development(ADK)
53,kq-TBb)=h:
1. T_P\m1X(DC'm]G<#
2. 7#"am~qwM policy server Qt/"ZKP(Z}#==B)#
3. ek IBM Tivoli Access Manager Web Security for Windows 2000 and Windows 2003
CD#
4. 20 GSKit#`X8>E",kNDZ 235 3#
5. 20 IBM Tivoli Directory Client#`X8>E",kNDZ 240 3#
20 WebSEAL development(ADK)53
220 IBM Tivoli Access Manager for e-business: Web Security 208O
6. KP;ZTB?<PD setup.exe Lr:
windows\PolicyDirector\Disk Images\Disk1
kq-*z8>E""!q20TBm~|:
v Access Manager Runtime
v Access Manager Web Security Runtime
v Access Manager WebSEAL Server
v Access Manager Application Development Kit
v Access Manager Web Services Application Development Kit
7. *9C}"o(1!oT)TbDoTi44,M{",XkZdCm~|.02
0oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
8. gBy>dC Access Manager Runtime,;sdC Access Manager WebSEAL Server
m~|:
a. t/dC5CLr:
pdconfig
+T> Access Manager dC0Z#
b. !q Access Manager Runtime m~|"%wdC#
c. !q Access Manager WebSEAL Server m~|"%wdC#
y]!qDm~|,+rza>dC!n#PXb)dC!nDoz,kNDZ
319 3DZ 23 B, :pdconfig !n;#
bMjIK WebSEAL development(ADK)53D20#*20m;v Tivoli Access
Manager 53,kq-Z 24 3D:20}L;PD=h#
20 WebSEAL development(ADK)53
Z 17 B 20 WebSEAL development(ADK)53 221
222 IBM Tivoli Access Manager for e-business: Web Security 208O
Z 18 B 20 WebSEAL server
>Ba)PX20MdC Tivoli Access Manager WebSEAL server 53DE"#
XZK Web Security 53D|`E",kND6IBM Tivoli Access Manager for
e-business WebSEAL \m8O7#
zIT9CTB20=(.;420K53:
v :9C20r<20;
v Z 224 3D:9C>z5CLr20;
9C20r<20
install_amweb 20r<(}TJ13r20MdCTBi~r/K Tivoli Access
Manager WebSEAL server 53D20:
v Global Security Kit V7
v IBM Tivoli Directory Client V5.2(4h*)
v Access Manager Runtime V5.1
v Access Manager Web Security Runtime V5.1
v Access Manager WebSEAL Server V5.1
":
1. g{zF.Z"am~qwr policy server 53O20 WebSeal,rXk9C>z
20=(#`X8>E",kNDZ 224 3D:9C>z5CLr20;#
2. Cr<lbi~GqQ20,R;"TYN20|#
*9C install_amweb r<20MdC Tivoli Access Manager WebSEAL Server 5
3,kq-TBb)=h:
1. 7#Q20yPX*DYw539!#`XE",kNDZ 33 3D:\'VD=
((|(Xh9!);#
2. 7#"am~qwM policy server Qt/"ZKP(Z}#==B)#
3. 7#ZKP20r<.0Q20 IBM JRE 1.3.1(Z AIX O* 1.3.1.5)#`X8>
E",kNDZ 241 3#
4. *9C}"o(1!oT)TbDoTi44,M{",XkZKP20r<.0
20oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
5. vZ Windows 53O:
v SyPKPPDLrKv#
v g{}Z9C Active Directory,rXkZKPK20r<.020 IBM Tivoli
Directory Client#*jIbnYw,kKP;Z cd_drive:\windows\directory\ D
setup.exe Lr#!q20 Client SDK 5.2 &\?~"jI*z8>E"#
6. KP install_amweb Lr,CLr;ZT&Z\'VD
AIX"HP-UX"Linux"Solaris M Windows =(D Tivoli Access Manager Web Security
CD ODy?<P#
© Copyright IBM Corp. 2001, 2003 223
20r<(}a>zdkZ 304 3D:install_amweb;PhvDdCE"*<K
P#Zza)KE"(rS\1!5).s,i~Z;Px;=I$DivBjI
20MdC#
bMjIK WebSEAL server 53D20#*20m;v Tivoli Access Manager 53,
kNDZ 24 3D:20}L;#
":Tivoli Access Manager WebSEAL 'V?(wzOP WebSEAL Server D`v5
}#PXdC WebSEAL Server D`v5}DE",kND6IBM Tivoli Access
Manager for e-business WebSEAL \m8O7#
9C>z5CLr20
TBwZ9z\;9Cl$DX(Z=(D5CLr20 Tivoli Access Manager m~#
kT/20r<;,,zXkTJ1D3rV/20?vi~MNNX8m~#*Z
20sdCm~|,k9C pdconfig 5CLr#
":r_,IT9C amwebcfg 5CLrdC Access Manager WebSEAL Server i
~,C5CLrI pdconfig 5CLrwC#PXK5CLrD|`E",kND
Z 381 3D:amwebcfg;#
jIJCZzDYw53D8>E":
v AIX,ZZ 224 3O
v HP-UX,ZZ 225 3O
v Linux,ZZ 226 3O
v Solaris,ZZ 227 3O
v Windows,ZZ 228 3O
AIX:20 WebSEAL ServerTB}L9C installp 420m~|,"9C pdconfig 5CLr4dC|G#
*Z AIX O20 Tivoli Access Manager WebSEAL Server 53,kq-TBb)=
h:
1. T root C'm]G<#
2. 7#"am~qwM policy server Qt/"ZKP(Z}#==B)#
3. ek IBM Tivoli Access Manager Web Security for AIX CD "20|#
4. 20 GSKit#`X8>E",kNDZ 233 3#
5. 20 IBM Tivoli Directory Client#`X8>E",kNDZ 238 3#
6. 20TBm~|:
installp -acgXd cd_mount_point/usr/sys/inst.images packages
dP cd_mount_point/usr/sys/inst.images G20 CD D?<,x packages g
B:
PD.RTE 8( Access Manager Runtime m~|#
PDWeb.RTE 8( Access Manager Web Security Runtime m~|#
PDWeb.Web 8( Access Manager WebSEAL Server m~|#
20 WebSEAL server
224 IBM Tivoli Access Manager for e-business: Web Security 208O
7. *9C}"o(1!oT)TbDoTi44,M{",XkZdCm~|.02
0oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
8. gBy>dC Access Manager Runtime,;sdC Access Manager WebSEAL Server
m~|:
a. t/dC5CLr:
pdconfig
+T> Tivoli Access Manager hCK%#
b. t!qdCm~|,rdkK%E 1#+T> Tivoli Access Manager dCK
%#
c. !qk*dCDm~|DK%E,;N!q;v#
y]!qDm~|,+rza>dC!n#PXb)dC!nDoz,kND
Z 319 3DZ 23 B, :pdconfig !n;#
1vV{"8>QI&dCm~|1,4 Enter |dCm;vm~|r_!q x!n=NTXUdC5CLr#
bMjIK WebSEAL server 53D20#*20m;v Tivoli Access Manager 53,
kNDZ 24 3D:20}L;#
":Tivoli Access Manager WebSEAL 'V?(wzOP WebSEAL Server D`v5
}#PXdC WebSEAL Server D`v5}DE",kND6IBM Tivoli Access
Manager for e-business WebSEAL \m8O7#
HP-UX:20 WebSEAL serverTB}L9C swinstall 420m~|,"R9C pdconfig 5CLr4dC|G#
*Z HP-UX O20 Tivoli Access Manager WebSEAL server 53,kjITB=h:
1. T root C'm]G<#
2. 7#"am~qwM policy server Qt/"ZKP(Z}#==B)#
3. ek IBM Tivoli Access Manager Web Security for HP-UX CD#
4. Zs(Ht/ pfs_mountd,;sYt/ pfsd(g{|GP4KP)#9C
pfs_mount |n20 CD#}g,dkBP|n:
/usr/sbin/pfs_mount /dev/dsk/c0t0d0 /cd-rom
dP /dev/dsk/c0t0d0 G CD h8x /cd-rom G20c#
5. 20 GSKit#`X8>E",kNDZ 233 3#
6. 20 IBM Tivoli Directory Client#`X8>E",kNDZ 238 3#
7. S CD ODy?<dkTB|nT20 LDAP 9!:
am_update_ldap.sh
8. 20TBm~|:
swinstall -s /cd-rom/hp packages
dP /cd-rom/hp 8(?<,packages gB:
PDRTE 8( Access Manager Runtime m~|#
PDWebRTE 8( Access Manager Web Security Runtime m~|#
20 WebSEAL server
Z 18 B 20 WebSEAL server 225
PDWeb 8( Access Manager WebSEAL Server m~|#
9. *9C}"o(1!oT)TbDoTi44,M{",XkZdCm~|.0
20oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
10. gBy>dC Access Manager Runtime,;sdC Access Manager WebSEAL Server
m~|:
a. t/dC5CLr:
pdconfig
+T> Tivoli Access Manager hCK%#
b. t!qdCm~|,rdkK%E 1#+T> Tivoli Access Manager dC
K%#
c. !qk*dCDm~|DK%E,;N!q;v#
y]!qDm~|,+rza>dC!n#PXb)dC!nDoz,kND
Z 319 3DZ 23 B, :pdconfig !n;#
1vV{"8>QI&dCm~|1,4 Enter |dCm;vm~|r_!q
x !n=NTXUdC5CLr#
11. gBy>6B CD:
pfs_umount -c /cd-rom
dP /cd-rom G20c#
bMjIK WebSEAL server 53D20#*20m;v Tivoli Access Manager 53,
kNDZ 24 3D:20}L;#
":Tivoli Access Manager WebSEAL 'V?(wzOP WebSEAL Server D`v5
}#PXdC WebSEAL Server D`v5}DE",kND6IBM Tivoli Access
Manager for e-business WebSEAL \m8O7#
Linux:20 WebSEAL ServerTB}L9C rpm 420m~|,"R9C pdconfig 5CLr4dC|G#
*Z Linux O20 Tivoli Access Manager WebSEAL server,kq-TBb)=h#
":Linux on zSeries C':zXkWHS IBM Tivoli Access Manager for Linux on
zSeries CD qCT Linux rpm D~DCJ#
1. T root C'm]G<#
2. 7#"am~qwM policy server Qt/"ZKP(Z}#==B)#
3. ekT&Z xSeries r zSeries D IBM Tivoli Access Manager Web Security CD "
20|#
4. P;A /mnt/cdrom/series ?<,dP /mnt/cdrom G CD D20cx series 8
( xSeries r zSeries#
5. 20 GSKit#`X8>E",kND 234#
6. 20 IBM Tivoli Directory Client#`X8>E",kNDZ 239 3#
7. 20TBm~|:
rpm -ihv packages
20 WebSEAL server
226 IBM Tivoli Access Manager for e-business: Web Security 208O
dP packages gB:
Linux on xSeries Linux on zSeries
PDRTE-PD-5.1.0-0.i386.rpmPDWebRTE-PD-5.1.0-0.i386.rpmPDWeb-PD-5.1.0-0.i386.rpm
PDRTE-PD-5.1.0-0.s390.rpmPDWebRTE-PD-5.1.0-0.s390.rpmPDWeb-PD-5.1.0-0.s390.rpm
8. *9C}"o(1!oT)TbDoTi44,M{",XkZdCm~|.02
0oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
9. gBy>dC Access Manager Runtime,;sdC Access Manager WebSEAL Server
m~|:
a. t/dC5CLr:
pdconfig
+T> Tivoli Access Manager hCK%#
b. t!qdCm~|,rdkK%E 1#+T> Tivoli Access Manager dCK
%#
c. !qk*dCDm~|DK%E,;N!q;v#
y]!qDm~|,+rza>dC!n#PXb)dC!nDoz,kND
Z 319 3DZ 23 B, :pdconfig !n;#
1vV{"8>QI&dCm~|1,4 Enter |dCm;vm~|r_!q x!n=NTXUdC5CLr#
bMjIK WebSEAL server 53D20#*20m;v Tivoli Access Manager 53,
kq-Z 24 3D:20}L;PD=h#
":Tivoli Access Manager WebSEAL 'V?(wzOP WebSEAL Server D`v5
}#PXdC WebSEAL Server D`v5}DE",kND6IBM Tivoli Access
Manager for e-business WebSEAL \m8O7#
Solaris:20 WebSEAL ServerTB}L9C pkgadd 420m~|,"R9C pdconfig 5CLr4dC|G#
*Z Solaris O20 Tivoli Access Manager WebSEAL server,kq-TBb)=h:
1. T root C'm]G<#
2. 7#"am~qwM policy server Qt/"ZKP(Z}#==B)#
3. ek IBM Tivoli Access Manager Web Security for Solaris CD#
4. 20 GSKit#`X8>E",kNDZ 235 3#
5. 20 IBM Tivoli Directory Client#`X8>E",kNDZ 239 3#
6. 20TBm~|(;N;v):
pkgadd -d /cdrom/cdrom0/solaris -a /cdrom/cdrom0/solaris/pddefault packages
dP:
-d /cdrom/cdrom0/solaris
8(m~|D;C#
20 WebSEAL server
Z 18 B 20 WebSEAL server 227
-a /cdrom/cdrom0/solaris/pddefault
8(20\mE>D;C#
packages gB:
PDRTE 8( Access Manager Runtime m~|#
PDWebRTE 8( Access Manager Web Security Runtime m~|#
PDWeb 8( Access Manager WebSEAL Server m~|#
vV;u{"/J:0Do you want to install these as setuid/setgid.1dk Y "4
Enter |#1a>Lx1,dk Y "4 Enter |#
1?vm~|D20}L<QjI1,+T>TB{":
m~|20I&#
7. *9C}"o(1!oT)TbDoTi44,M{",XkZdCm~|.02
0oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
8. gBy>dC Access Manager Runtime,;sdC Access Manager WebSEAL Server
m~|:
a. t/dC5CLr:
pdconfig
+T> Tivoli Access Manager hCK%#
b. t!qdCm~|,rdkK%E 1#+T> Tivoli Access Manager dCK
%#
c. !qk*dCDm~|DK%E,;N!q;v#
y]!qDm~|,+rza>dC!n#PXb)dC!nDoz,kND
Z 319 3DZ 23 B, :pdconfig !n;#
1vV{"8>QI&dCm~|1,4 Enter |dCm;vm~|r_!q x!n=NTXUdC5CLr#
bMjIK WebSEAL server 53D20#*20m;v Tivoli Access Manager 53,
kq-Z 24 3D:20}L;PD=h#
":Tivoli Access Manager WebSEAL 'V?(wzOP WebSEAL Server D`v5
}#PXdC WebSEAL Server D`v5}DE",kND6IBM Tivoli Access
Manager for e-business WebSEAL \m8O7#
Windows:20 WebSEAL ServerTB}L9C setup.exe Lr420m~|,"R9C pdconfig 5CLr4dC|
G#
*Z Windows O20MdC Tivoli Access Manager WebSEAL server 53,kq-
TBb)=h:
1. T_P\m1X(DC'm]G<#
2. 7#"am~qwM policy server Qt/"ZKP(Z}#==B)#
3. ek IBM Tivoli Access Manager Web Security for Windows 2000 and Windows 2003
CD#
20 WebSEAL server
228 IBM Tivoli Access Manager for e-business: Web Security 208O
4. 20 GSKit#`X8>E",kNDZ 235 3#
5. 20 IBM Tivoli Directory Client#`X8>E",kNDZ 240 3#
6. KP;ZTB?<PD setup.exe Lr:
windows\PolicyDirector\Disk Images\Disk1
kq-*z8>E""!q20TBm~|:
v Access Manager Runtime
v Access Manager Web Security Runtime
v Access Manager WebSEAL Server
7. *9C}"o(1!oT)TbDoTi44,M{",XkZdCm~|.02
0oT'Vm~|#`X8>E",kNDZ 43 3D:20oT'V|;#
8. gBy>dC Access Manager Runtime,;sdC Access Manager WebSEAL Server
m~|:
a. t/dC5CLr:
pdconfig
+T> Access Manager dC0Z#
b. !q Access Manager Runtime m~|"%wdC#
c. !q Access Manager WebSEAL Server m~|"%wdC#
y]!qDm~|,+rza>dC!n#PXb)dC!nDoz,kNDZ
319 3DZ 23 B, :pdconfig !n;#
bMjIK WebSEAL server 53D20#*20m;v Tivoli Access Manager 53,
kq-Z 24 3D:20}L;PD=h#
":Tivoli Access Manager WebSEAL 'V?(wzOP WebSEAL Server D`v5
}#PXdC WebSEAL Server D`v5}DE",kND6IBM Tivoli Access
Manager for e-business WebSEAL \m8O7#
20 WebSEAL server
Z 18 B 20 WebSEAL server 229
20 WebSEAL server
230 IBM Tivoli Access Manager for e-business: Web Security 208O
Z 4 ?V N<E"
Z 19 B 20X8z7 . . . . . . . . . . 23320 Global Security Kit . . . . . . . . . . 233
AIX:20 Global Security Kit . . . . . . . 233HP-UX:20 Global Security Kit . . . . . . 233Linux:20 Global Security Kit . . . . . . 234Solaris:20 Global Security Kit . . . . . . 235Windows:20 Global Security Kit . . . . . 235hC GSKit iKeyman 5CLr. . . . . . . 235
20 IBM Tivoli Directory Client . . . . . . . 238AIX:20 IBM Tivoli Directory Client . . . . 238HP-UX:20 IBM Tivoli Directory Client . . . 238Linux:20 IBM Tivoli Directory Client . . . 239Solaris:20 IBM Tivoli Directory Client . . . 239Windows:20 IBM Tivoli Directory Client . . 240
20 IBM JRE . . . . . . . . . . . . . 241AIX:20 IBM JRE V1.3.1.5 . . . . . . . 241HP-UX:20 IBM JRE V1.3.1 . . . . . . 241Linux:20 IBM JRE V1.3.1 . . . . . . . 242Solaris:20 IBM JRE V1.3.1 . . . . . . . 243Windows:20 IBM JRE V1.3.1 . . . . . . 243
20 WebSphere Application Server . . . . . . 245AIX:20 WebSphere Application Server . . . 245
AIX:20 WebSphere Application Server ^
)| 2. . . . . . . . . . . . . . 246HP-UX:20 WebSphere Application Server . . 247
HP-UX:20 WebSphere Application Server^)| 2 . . . . . . . . . . . . . 248
Linux:20 WebSphere Application Server . . . 248Linux on xSeries:20 WebSphereApplication Server ^)| 2. . . . . . . 249
Solaris:20 WebSphere Application Server . . 250Solaris:20 WebSphere Application Server^)| 2 . . . . . . . . . . . . . 251
Windows:20 WebSphere Application Server 252Windows 2000:20 WebSphere ApplicationServer ^)| 2 . . . . . . . . . . 253
20 Web Administration Tool . . . . . . . . 255AIX:20 Web Administration Tool . . . . . 255HP-UX:20 Web Administration Tool . . . . 256Linux:20 Web Administration Tool . . . . 257Solaris:20 Web Administration Tool . . . . 257Windows:20 Web Administration Tool . . . 258+ Web Administration Tool 0k WebSphere . . 259
Z 20 B 6Xi~ . . . . . . . . . . . 261!{dC Tivoli Access Manager i~ . . . . . 261!{dC IBM Tivoli Directory Server . . . . . 262!{dC Tivoli Access Manager for WebSphere . . 262AIX:}%m~| . . . . . . . . . . . . 263HP-UX:}%m~| . . . . . . . . . . . 264Linux:}%m~|. . . . . . . . . . . . 264
Solaris:}%m~| . . . . . . . . . . . 265Windows:}%m~| . . . . . . . . . . 266
Z 21 B 20r<&C!O . . . . . . . . 2679C install_ldap_server r< . . . . . . . . 268
200*s . . . . . . . . . . . . . 268install_ldap_server &C!O . . . . . . . . 269
9C install_ammgr r< . . . . . . . . . . 277
Z 22 B 20r<!n . . . . . . . . . . 287Access Manager Runtime(LDAP) . . . . . . 288Access Manager Runtime(Active Directory) . . . 290Access Manager Runtime(Domino) . . . . . . 293install_amacld . . . . . . . . . . . . . 294install_amadk . . . . . . . . . . . . . . 296install_amjrte . . . . . . . . . . . . . . 297install_ammgr . . . . . . . . . . . . . 298install_amproxy . . . . . . . . . . . . . 300install_amrte . . . . . . . . . . . . . . 301install_amwas. . . . . . . . . . . . . . 302install_amweb . . . . . . . . . . . . . 304install_amwebadk . . . . . . . . . . . . 306install_amwebars. . . . . . . . . . . . . 308install_amwls . . . . . . . . . . . . . . 309install_amwpi_apache . . . . . . . . . . . 311install_amwpi_ihs . . . . . . . . . . . . 312install_amwpi_iis . . . . . . . . . . . . 313install_amwpi_iplanet . . . . . . . . . . . 314install_amwpm . . . . . . . . . . . . . 315install_ldap_server . . . . . . . . . . . . 316
Z 23 B pdconfig !n . . . . . . . . . 319Access Manager Runtime — LDAP . . . . . . 320Access Manager Runtime — Active Directory . . . 321Access Manager Runtime — Domino . . . . . . 323Access Manager Attribute Retrieval Service . . . . 324Access Manager Authorization Server . . . . . . 325Access Manager Java Runtime Environment . . . . 326Access Manager Plug-in for Edge Server. . . . . 327UNIX OD Access Manager Plug-in for WebServers. . . . . . . . . . . . . . . . 328Windows OD Access Manager Plug-in for WebServers. . . . . . . . . . . . . . . . 330Access Manager Policy Server . . . . . . . . 331Access Manager Policy Proxy Server . . . . . . 332Access Manager Web Portal Manager . . . . . . 333Access Manager WebSEAL Server . . . . . . . 334
Z 24 B tC2+WSVc . . . . . . . . 335dC IBM Tivoli Directory Server TxP SSL CJ 335
4(\?}]bD~M$i . . . . . . . . 336
© Copyright IBM Corp. 2001, 2003 231
SO$PDq!vK$i . . . . . . . . . 3374(Mi!T)p$i . . . . . . . . . 337tC SSL CJ . . . . . . . . . . . . 338
dC IBM z/OS M OS/390 2+~qwTxP SSLCJ . . . . . . . . . . . . . . . . 340
hC2+!n . . . . . . . . . . . . 3404(\?}]bD~ . . . . . . . . . . 341
dC Microsoft Active Directory TxP SSL CJ 342Z Active Directory ~qwO<v$i . . . . 342Z LDAP M'z53O<k$i . . . . . . 342bT SSL CJ . . . . . . . . . . . . 343
dC Novell eDirectory Server TxP SSL CJ . . 3444(i/DO$PDTs . . . . . . . . . 3444(T)p$i . . . . . . . . . . . . 345* LDAP ~qw4(~qw$i . . . . . . 345tC SSL . . . . . . . . . . . . . . 345mST)p CA $i= IBM \?D~ . . . . 346
dC Sun ONE Directory Server TxP SSL CJ 346q!~qw$i . . . . . . . . . . . . 34720~qw$i . . . . . . . . . . . . 347tC SSL CJ . . . . . . . . . . . . 348
dC IBM Tivoli Directory Client TxP SSL CJ 3494(\?}]bD~ . . . . . . . . . . 349mS)p_$i . . . . . . . . . . . . 350bT SSL CJ . . . . . . . . . . . . 350
dC LDAP ~qwMM'zO$ . . . . . . . 3514(\?}]bD~ . . . . . . . . . . 351SO$PDq!vK$i . . . . . . . . . 3524(Mi!T)p$i . . . . . . . . . 352mS)p_$i . . . . . . . . . . . . 353bT SSL CJ . . . . . . . . . . . . 354
Z 25 B AIX:208C policy server . . . . 355200*s . . . . . . . . . . . . . . 356HACMP 73&C!O . . . . . . . . . . 357
>} HACMP dC . . . . . . . . . . 359Z 1 ?V:\e HACMP :/XK . . . . 360Z 2 ?V:HACMP XKPD:/J4 . . . 362Z 3 ?V:HACMP XKPD&CLr~qw
(e . . . . . . . . . . . . . . 3664(8C policy server 73 . . . . . . . . 366
E>:*w53M8C53hC UID . . . . . 371E>:4Sw53ODD~M?< . . . . . . 373>}:i$w~qwD?<"m4SMmI( . . 374E>:S AIX 53D~4S=8C53OD2m
?< . . . . . . . . . . . . . . . 376>}:i$8C~qwD?<"m4SMmI( 377
Z 26 B Tivoli Access Manager 5CLr . . 379amwebcfg . . . . . . . . . . . . . . . 381AMWLSConfigure –action config . . . . . . . 386AMWLSConfigure –action unconfig . . . . . . 388AMWLSConfigure –action create_realm . . . . . 389AMWLSConfigure –action delete_realm . . . . . 391amwpmcfg . . . . . . . . . . . . . . 392ivrgy_tool . . . . . . . . . . . . . . . 395
migrateEAR4 . . . . . . . . . . . . . . 397migrateEAR5 . . . . . . . . . . . . . . 400pdbackup . . . . . . . . . . . . . . . 403pdconfig . . . . . . . . . . . . . . . 411pdjrtecfg . . . . . . . . . . . . . . . 412pd_start . . . . . . . . . . . . . . . 416pdwascfg . . . . . . . . . . . . . . . 417pdweb . . . . . . . . . . . . . . . . 421pdwebpi . . . . . . . . . . . . . . . 423pdwebpi_start. . . . . . . . . . . . . . 424pdwpi-version . . . . . . . . . . . . . 426pdwpicfg –action config . . . . . . . . . . 427pdwpicfg –action unconfig . . . . . . . . . 429wesosm . . . . . . . . . . . . . . . 431wslstartwte . . . . . . . . . . . . . . 433wslstopwte . . . . . . . . . . . . . . 434
Z 27 B 9Cl&D~ . . . . . . . . . . 435l&D~#e . . . . . . . . . . . . . 436
232 IBM Tivoli Access Manager for e-business: Web Security 208O
Z 19 B 20X8z7
Z>8ODZ 2 MZ 3 ?V Tivoli Access Manager Base M Web Security 53D2
0ZdC=8>1,kN<TBE"#
20 Global Security KitIBM Global Security Kit(GSKit)a)K Tivoli Access Manager 53M\'VD"a
m~qw.dD2+WSVc(SSL)}]S\# GSKit m~|920 iKeyman \?
\m5CLr(gsk7ikm),C5CLr9z\;4(\?}]b"+C-(C\?
TT0$iks#
jIJCZzDYw53D8>E":
v AIX,ZZ 233 3O
v HP-UX,ZZ 233 3O
v Linux,ZZ 234 3O
v Solaris,ZZ 235 3O
v Windows,ZZ 235 3O
AIX:20 Global Security Kit*Z AIX O20 GSKit,kq-TBb)=h:
1. T root C'm]G<#
2. ek IBM Tivoli Access Manager CD for AIX "20|#
3. dkTB|n20 32 ;KP1m~|:
installp -acgXd cd_mount_point/usr/sys/inst.images gskta.rte
dP cd_mount_point/usr/sys/inst.images G20C CD D?<#
":g{*Z IBM Tivoli Directory Server 53O20 GSKit,r 32 ;M 64 ;
KP1m~|yGXhD#*20 64 ;m~|,kdkTB|n:
installp -acgXd cd_mount_point/usr/sys/inst.images gsksa.rte
4. *i$ GSKit Q20,kdkTB|n:
lslpp -l | grep gsk
20 GSKit .s,^hNNdC#
*hCf GSKit 20D\?\m5CLr,kNDZ 235 3D:hC GSKit iKeyman
5CLr;PD8>E"#PX|`E",kNDZ 335 3DZ 24 B, :tC2+W
SVc;r IBM Global Security Kit Secure Sockets Layer and iKeyman User’s Guide#
HP-UX:20 Global Security Kit*Z HP-UX O20 GSKit,kq-TBb)=h:
1. T root C'm]G<#
2. ek IBM Tivoli Access Manager CD for HP-UX#
© Copyright IBM Corp. 2001, 2003 233
3. Zs(Ht/ pfs_mountd,;sYt/ pfsd(g{|GP4KP)#9C
pfs_mount |n20 CD#}g,dkBP|n:
/usr/sbin/pfs_mount /dev/dsk/c0t0d0 /cd-rom
dP /dev/dsk/c0t0d0 G CD h8x /cd-rom G20c#
4. dkTB|n:
swinstall -s /cd-rom/hp/gsk7bas gsk7bas
dP /cd-rom/hp G?<#
5. gBy>6B CD:
pfs_umount -c /cd-rom
dP /cd-rom G20c#
20 GSKit .s,^hNNdC#
*hCf GSKit 20D\?\m5CLr,kNDZ 235 3D:hC GSKit iKeyman
5CLr;PD8>E"#PX|`E",kNDZ 335 3DZ 24 B, :tC2+W
SVc;r IBM Global Security Kit Secure Sockets Layer and iKeyman User’s Guide#
Linux:20 Global Security Kit*Z Linux O20 GSKit,kq-TBb)=h#
":Linux on zSeries C':XkWHS IBM Tivoli Access Manager for Linux on
zSeries CD Oq!T Linux rpm D~DCJ#
1. T root C'm]G<#
2. ek IBM Tivoli Access Manager CD for xSeries, zSeries, or pSeries and iSeries "
20|#
3. P;= /mnt/cdrom/series ?<,dP /mnt/cdrom G CD D20cx series 8
( xSeries"zSeries r pSeries#
4. k4PBPYw.;:
v *Z1!;C20 GSKit:
rpm -ih package
dP package gB:
– Linux on xSeries:gsk7bas-7.0-1.9.i386.rpm
– Linux on zSeries:gsk7bas-7.0-1.9.s390.rpm
– Linux on pSeries and iSeries:gsk7bas-7.0-1.0.ppc32.rpm
v *Z8(;C20,k7#zPC?<D4CJ(,"gB9C --noscripts j
>:
rpm -ih --prefix new_location package --noscripts
dP new_location 8(k*20 GSKit D76#}g:
rpm -ihv --prefix /tmp/usr gsk7bas-7.0-1.9.i386.rpm --noscripts
20 GSKit .s,^hNNdC#
20 Global Security Kit
234 IBM Tivoli Access Manager for e-business: Web Security 208O
*hCf GSKit 20D\?\m5CLr,kND:hC GSKit iKeyman 5CLr;
PD8>E"#PX|`E",kNDZ 335 3DZ 24 B, :tC2+WSVc;r
IBM Global Security Kit Secure Sockets Layer and iKeyman User’s Guide#
Solaris:20 Global Security Kit*Z Solaris O20 GSKit,kq-TBb)=h:
1. T root C'm]G<#
2. ek IBM Tivoli Access Manager for Solaris CD#
3. 20 Global Security Kit m~|:
pkgadd -d /cdrom/cdrom0/solaris -a /cdrom/cdrom0/solaris/pddefault gsk7bas
d P - d / c d r o m / c d r o m 0 / s o l a r i s 8 ( m ~ | D ; C x - a
/cdrom/cdrom0/solaris/pddefault 8(20\mE>D;C#
20 GSKit .s,^hNNdC#
*hCf GSKit 20D\?\m5CLr,kND:hC GSKit iKeyman 5CLr;
PD8>E"#PX|`E",kNDZ 335 3DZ 24 B, :tC2+WSVc;r
IBM Global Security Kit Secure Sockets Layer and iKeyman User’s Guide#
Windows:20 Global Security Kit*Z Windows O20 GSKit,kq-TBb)=h:
1. T_P\m1X(DC'm]G<#
2. ek IBM Tivoli Access Manager CD for Windows#
3. *20 Global Security Kit(GSKit),P;= CD yZD}/wOD \windows\GSKit
?<,"dkTB|n:
setup policydirector
4. %wB;=#+T>0!q?DX;C1T0r#
5. S\1!?DX?<,r%w/@TZ>X53O!qm;v?<D76#g{C
?<;fZ,rzXk7O*4(C?<,r_8(QfZD?<#
6. %wB;=T20 GSKit#+T>020jI1T0r#
7. %wjIKv20Lr#
20 GSKit .s,^hNNdC#
*hCf GSKit 20D\?\m5CLr,kND:hC GSKit iKeyman 5CLr;
PD8>E"#PX|`E",kNDZ 335 3DZ 24 B, :tC2+WSVc;r
IBM Global Security Kit Secure Sockets Layer and iKeyman User’s Guide#
hC GSKit iKeyman 5CLr
XkWHhC GSKit T'V$i\m53(CMS)\?}]bD~,;sE\KP
iKeyman 5CLr#*jIbnYw,kq-TBb)=h:
1. 7#53O0PTBi~:
v GSKit V7(PX8>E",kNDZ 233 3D:20 Global Security Kit;#)
v IBM JRE 1.3.1(PX8>E",kNDZ 241 3D:20 IBM JRE;#)
v Access Manager Java Runtime Environment i~
20 Global Security Kit
Z 19 B 20X8z7 235
":Ki~;h*dC#
XZm~|{FM208>E",kNDZ 117 3DZ 8 B, :20 Java runtime
environment 53;#
2. 7#+ JAVA_HOME d?hC*8r20K JRE D?<# JAVA_HOME Z UNIX 5
3O* $JAVA_HOME,Z Windows O* %JAVA_HOME%#
3. *hC GSKit T'V$i\m53(CMS)\?}]bD~,kq-TBb)=h:
a. +TBD~S JAVA_HOME/jre/lib/ext ?<P}%(g{|GfZ):
gskikm.jaribmjcaprovider.jar
b . +TBD~S accessmgr_ ins ta l l_d i r/java/export/pdjrte 4F=
JAVA_HOME/jre/lib/ext:
v g{zQ0P JDK V1.3.1:
– lib/ext/ibmjceprovider.jar
– lib/ext/ibmpkcs.jar
– lib/ext/ibmjcefw.jar
– lib/ext/local_policy.jar
– lib/ext/US_export_policy.jar
– lib/ext/ibmpkcs11.jar
g{zQ0P JDK V1.4.1:
– lib/ext/ibmjceprovider.jar
– lib/ext/ibmpkcs.jar
– lib/ibmjcefw.jar
– lib/security/local_policy.jar
– lib/ext/US_export_policy.jar
– lib/ext/ibmpkcs11.jar
v *"a IBM CMS M JCE ~qa)Lr,k4PTBYw.;:
":z8(2+a)LryCD3rGX*D,?va)Lr43rxPb
T,dP;vnHbT#g{Z;v\ka)Lra)`,DS\=(
xR|%d,rKa)LrCZS\#
– g { G S K i t C ' * " a I B M C M S ~ q a ) L r , I T ` -
JAVA_HOME/jre/lib/security/java.security D~TdCTBa)Lr:
security.provider.1=sun.security.provider.Sunsecurity.provider.2=com.ibm.spi.IBMCMSProvider
– g{ GSKit M JSSE C'*"a IBM CMS M IBM JCE ~qa)Lr
=_,IT`- JAVA_HOME/jre/lib/security/java.security D~TdC
TBa)Lr:
security.provider.1=sun.security.provider.Sunsecurity.provider.2=com.ibm.spi.IBMCMSProvidersecurity.provider.3=com.ibm.crypto.provider.IBMJCE
4. vT2~SY(C':g{F.CJ\k2~(}g IBM PCI 4758 \k-&mw
(),rXkjIb)=S=h#}g,(}9C GSKit 7 API TCJ PKCS#11
h8,WebSEAL IT9C PKCS#11#
20 Global Security Kit
236 IBM Tivoli Access Manager for e-business: Web Security 208O
a. +X(Z=(D2mbS GSKIT_HOME/classes/native/native-support.zip 4
F=53OD?<P#}g+ native-support.zip D~4F= AIX OD
/usr/lib,r Windows OD C:\Program Files\ibm\gsk7\lib#
b. i!C9uD~DZ]#}g,Z AIX O,2mbgB:
libjpkcs11.solibpkcslog.solibpseudotoken.so
c. *"a IBMPKCS11 ~qa)Lr,gB|B
JAVA_HOME/jre/lib/security/java.security D~:
security.provider.1=sun.security.provider.Sunsecurity.provider.2=com.ibm.spi.IBMCMSProvidersecurity.provider.3=com.ibm.crypto.provider.IBMJCEsecurity.provider.4=com.ibm.crypto.pkcs11.provider.IBMPKCS11
d. I!:y]zZ9C gsk7ikm 9G gsk7cli 5CLr,4PTBYw.;:
v 9C gsk7ikm 5CLr,dC1! PKCS#11 2mbTCZ\kYw#bI
9 z ? N r * \ k j G 1 ; X d k | # I T Z
GSKIT_HOME/classes/ikmuser.properties D~PhCK1!5#g{KD~
;fZ,S>} GSKIT_HOME/classes/ikmuser.sample 4FCD~#
+ DEFAULT_CRYPTOGRAPHIC_MODULE |B*f PKCS#11 h8a)D PKCS#11
2mbD+76#}g,AIX 5.2 OD /usr/lib/pkcs11/PKCS11_API.so C
Z IBM Cryptographic Accelerator#
1Z gsk7ikm GUI P!qr*1,aa);v\ka)Lr!n#Zu<T
0rPa>zdkD\kDD~{G PKCS#11 h8D PKCS#11 2mb#|
D1!5G* DEFAULT_CRYPTOGRAPHIC_MODULE hCD5#
v 9 C g s k 7 c l i 5 C L r , g B + \ k 2 ~ a ) D 1 j G b 8 ( *
gskit_install/classes/ikeycmd.properties D~:
– Z Windows 53O:
DEFAULT_CRYPTOGRAPHIC_MODULE=path\\pseudotoken.dll
– Z UNIX 53O:
DEFAULT_CRYPTOGRAPHIC_MODULE=path\\libpseudotoken.so
bMjIK iKeyman 5CLrDhC#*9C iKeyman 5CLrTT\'VD"am
~qwtC SSL,kNDZ 335 3DZ 24 B, :tC2+WSVc;,rND IBM
Global Security Kit Secure Sockets Layer and iKeyman User’s Guide#
20 Global Security Kit
Z 19 B 20X8z7 237
20 IBM Tivoli Directory ClientIBM Tivoli Directory Client ZCZ\'VD AIX"HP-UX"Linux"Solaris M Windows
=(D IBM Tivoli Access Manager CD Of IBM Tivoli Directory Server a)#
XkZ?vKP Tivoli Access Manager D=(O20 IBM Tivoli Directory Client,
+TBiv}b:
v Tivoli Access Manager 53G,S= Active Directory rD\'VD Windows 53#
v }Z20 Java runtime environment r Web Portal Manager 53#
v }+ Lotus Domino Cw"am~qw#
jIJCZzDYw53D8>E":
v AIX,ZZ 238 3O
v HP-UX,ZZ 238 3O
v Linux,ZZ 239 3O
v Solaris,ZZ 239 3O
v Windows,ZZ 240 3O
AIX:20 IBM Tivoli Directory Client*Z AIX O20 IBM Tivoli Directory Client,kq-TBb)=h:
1. T root C'm]G<#
2. ek IBM Tivoli Access Manager CD for AIX "20|#
3. dkTB|n:
installp -acgXd cd_mount_point/usr/sys/inst.images ldap.client ldap.max_crypto_client
dP cd_mount_point/usr/sys/inst.images G20C CD D?<#
20 IBM Tivoli Directory Client .s,^hNNdC#
HP-UX:20 IBM Tivoli Directory Client*Z HP-UX O20 IBM Tivoli Directory Client,kq-TBb)=h:
1. Z20Kf>.0,k7#}%NNH0D LDAP M'zm~|#
2. T root C'm]G<#
3. ek IBM Tivoli Access Manager CD for HP-UX#
4. Zs(Ht/ pfs_mountd,;sYt/ pfsd(g{|GP4KP)#9C
pfs_mount |n20 CD#}g,dkBP|n:
/usr/sbin/pfs_mount /dev/dsk/c0t0d0 /cd-rom
dP /dev/dsk/c0t0d0 G CD h8x /cd-rom G20c#
5. dkTB|n:
swinstall -s /cd-rom/hp LDAPClient
dP /cd-rom/hp G?<R LDAPClient 8( IBM Tivoli Directory Client m~|#
6. S CD ODy?<dkTBZ]T20 LDAP 9!:
am_update_ldap.sh
20 IBM Tivoli Directory Client
238 IBM Tivoli Access Manager for e-business: Web Security 208O
7. gBy>6B CD:
pfs_umount -c /cd-rom
dP /cd-rom G20c#
20 IBM Tivoli Directory Client .s,^hNNdC#
Linux:20 IBM Tivoli Directory Client*Z Linux O20 IBM Tivoli Directory Client,kq-TBb)=h#
":Z20Kf>.0,}%NNVPf>D IBM Tivoli Directory Client#
1. T root C'm]G<#
2. }% openldap2-client-2.1.4-30 m~|rd|Q20De;D LDAP m~|#
":g{h*+ openldap2-client k IBM Tivoli Directory Client 20Z,;v
53O,r7# /usr/bin PTBe;DLr0{E4S1= IBM LDAP M'
zf>,gBy>:
/usr/bin/ldapadd → /usr/ldap/bin/ldapmodify/usr/bin/ldapdelete → /usr/ldap/bin/ldapdelete/usr/bin/ldapmodify → /usr/ldap/bin/ldapmodify/usr/bin/ldapmodrdn → /usr/ldap/bin/ldapmodrdn/usr/bin/ldapsearch → /usr/ldap/bin/ldapsearch
3. ek IBM Tivoli Access Manager CD for xSeries, zSeries, or pSeries and iSeries "
20|#
4. P;= /mnt/cdrom/series ?<,dP /mnt/cdrom G CD D20cx series 8
( xSeries"zSeries r pSeries#
5. 20 IBM Tivoli Directory Client m~|:
rpm -ihv package
dP package gB:
v Linux on xSeries:ldap-clientd-5.2-1.i386.rpm
v Linux on zSeries:ldap-clientd-5.2-1.s390.rpm
v Linux on pSeries and iSeries:ldap-client-5.2-1.ppc.rpm
20 IBM Tivoli Directory Client .s,^hNNdC#
Solaris:20 IBM Tivoli Directory Client*Z Solaris O20 IBM Tivoli Directory Client,kq-TBb)=h:
1. T root C'm]G<#
2. ek IBM Tivoli Access Manager for Solaris CD#
3. P;= /cdrom/cdrom0/solaris ?<#
4. 20 IBM Tivoli Directory Client m~|:
pkgadd -d /cdrom/cdrom0/solaris -a /cdrom/cdrom0/solaris/pddefault IBMldapc
d P - d / c d r o m / c d r o m 0 / s o l a r i s 8 ( m ~ | D ; C x - a
/cdrom/cdrom0/solaris/pddefault 8(20\mE>D;C#
5. Z20Zd,a/JzGqk*9C /opt w*y!?<#g{UdJm,r9C
/opt w*y!20?<#*S\ /opt w*y!?<,4 Enter |#
20 IBM Tivoli Directory Client
Z 19 B 20X8z7 239
20 IBM Tivoli Directory Client .s,^hNNdC#
Windows:20 IBM Tivoli Directory Client*Z Windows O20 IBM Tivoli Directory Client,kq-TBb)=h:
1. T_P\m1X(DC'm]G<#
2. ek IBM Tivoli Access Manager CD for Windows#
3. KP;ZTB?<D setup.exe D~:
windows\Directory
+T>0!q20oT1T0r#
4. !qk*CZ20DoT,"%w7(#
5. +T>06-1T0r#%wB;=Lx#
6. DAmI$-i#!qS\b)un,;s%wB;=#;vT0ra(*zQ
20Dm~|,T0Gqh*NNYw#gPX*,zcyP*s"%wB;
=#
7. %wB;=TZ8(D1!?<P20 IBM Tivoli Directory Client#*8(;,
D?<,Idk?<76r%w/@!q;v?<#
8. * IBM Tivoli Directory Client !qoT"%wB;=#
9. !qdM20`M"%wB;=Lx#
10. !q20 Client SDK 5.2 &\?~,;s%wB;=#
11. 4i!qDdC!n#g{k*|DNN!q,k%wO;=#%wB;=*<
20#
20}L*<#kTr#
":Z Windows 53O,aa>zd*XXBt/53#
12. D~20.s,+T>TvD~#4iTvD~,;s%wB;=Lx#
13. !qk*VZ9GTsXBt/53,;s%wB;=#
20 IBM Tivoli Directory Client .s,^hNNdC#
20 IBM Tivoli Directory Client
240 IBM Tivoli Access Manager for e-business: Web Security 208O
20 IBM JRE20 Access Manager Java Runtime Environment r9C20r<1,h* IBM JRE
V1.3.1(Z AIX O* 1.3.1.5)#
jIJCZzDYw53D8>E":
v AIX,ZZ 241 3O
v HP-UX,ZZ 241 3O
v Linux,ZZ 242 3O
v Solaris,ZZ 243 3O
v Windows,ZZ 243 3O
AIX:20 IBM JRE V1.3.1.5*Z AIX O20 JRE V1.3.1.5,kq-TBb)=h:
1. T root C'm]G<#
2. ek IBM Tivoli Access Manager for AIX CD "20|#
3. dkTB|n:
installp -acgXd cd_mount_point/usr/sys/inst.images Java131.rte
dP cd_mount_point/usr/sys/inst.images G20C CD D?<#
4. k4PBPYw.;:
v hC PATH 73d?#}g:
export PATH=/usr/java131/jre/bin:$PATH
":*T> IBM JRE 1.3.1.5 GqQZ76P,9C java –version |n#
v + JAVA_HOME 73d?hC*20K JRE 1.3.1 D76#}g,9C ksh dk
TB|nT(e JAVA_HOME:
export JAVA_HOME=/usr/java131/jre
5. vT IBM Tivoli Directory Server C':
v IT+ JAVA_HOME hC*5320D Java r_f IBM Tivoli Directory Server
(g{Q20)|,D Java f>#g{9C IBM Tivoli Directory Server f>,
z9h*gBhC LIBPATH 53d?:
export LIBPATH=/usr/ldap/java/bin:/usr/ldap/java/bin/classes:$LIBPATH
v g{F.Z IBM Tivoli Directory Server 53O9C GKit iKeyman 5CLr,
rXk(}dkTB|n4(S /usr/ldap/jre = /usr/ldap/java D4S:
ln -s /usr/ldap/java /usr/ldap/jre
20 IBM JRE 1.3.1.5 .s,^hNNdC#
HP-UX:20 IBM JRE V1.3.1*Z HP-UX O20 JRE 1.3.1,kq-TBb)=h:
1. T root C'm]G<#
2. ek IBM Tivoli Access Manager for HP-UX CD#
20 IBM JRE
Z 19 B 20X8z7 241
3. Zs(Ht/ pfs_mountd,;sYt/ pfsd(g{|GP4KP)#9C
pfs_mount |n20 CD#}g,dkBP|n:
/usr/sbin/pfs_mount /dev/dsk/c0t0d0 /cd-rom
dP /dev/dsk/c0t0d0 G CD h8x /cd-rom G20c#
4. dkTB|n:
swinstall -s /cd_drive/hp rte_13101os11.depot B9789AA
dP /cd_drive G CD 20c,/cd_drive/hp G?<#
5. hC PATH 73d?:
export PATH=java_path:$PATH
6. g{F.9C GSKit iKeyman 5CLr,gBi$Z73PQhCTB76:
SHLIB_PATH=/usr/lib
}g:
export SHLIB_PATH=/usr/lib;$SHLIB_PATH
":g{4hCKd?,Tivoli Access Manager Z(~qI\^(CJ GSKit b#
7. gBy>6B CD:
pfs_umount -c /cd-rom
dP /cd-rom G20c#
20 IBM JRE 1.3.1 .s,^hNNdC#
Linux:20 IBM JRE V1.3.1*Z Linux O20 JRE 1.3.1,kq-TBb)=h:
1. T root C'm]G<#
2. ek IBM Tivoli Access Manager CD for xSeries, zSeries, or pSeries and iSeries "
20|#
3. P;= /mnt/cdrom/series ?<,dP /mnt/cdrom G CD D20cx series 8
( xSeries"zSeries r pSeries#
4. 20 IBM JRE 1.3.1 m~|:
rpm -ihv package
dP package gB:
v Linux on xSeries:IBMJava2-JRE-1.3.1-3.0.i386.rpm
v Linux on zSeries:IBMJava2-JRE-1.3.1-3.0.s390.rpm
v Linux on pSeries and iSeries:IBMJava2-JRE-1.3.1-3.0.ppc.rpm
5. hC PATH 73d?:
export PATH=jre_path:$PATH
}g,*7#I(} PATH 53d?CJ JRE,dkTB|n:
export PATH=/opt/IBMJava2-s390-131/jre/bin:$PATH
6. vT Red Hat Enterprise Linux 2.1,dkTB|n:
export LD_PRELOAD=/usr/lib/libstdc++-libc6.2-2.so.3
20 IBM JRE
242 IBM Tivoli Access Manager for e-business: Web Security 208O
":Tivoli Access Manager v'V Red Hat Enterprise Linux 2.1 for Access Manager
Plug-in for Edge Server#
7. vT Red Hat Enterprise Linux 3.0,I Red Hat Linux 3 5VDBD_L<ub
(NPTL)kf Tivoli Access Manager a)D IBM JDK 1.3.1 ;f],a<B2
0'\#KJbDbv=8GZKP20E>.0,+ LD_ASSUME_KERNEL 73d?
hC*k JDK 1.3.1 f]D5#}g:
export LD_ASSUME_KERNEL=2.4.0export LD_ASSUME_KERNEL=2.2.5
w*8Cd(=(,I20nBD JRE service pack,|IZTB IBM Web >c
q!:
http://www.ibm.com/developerworks/java/jdk/index.html
20 IBM JRE 1.3.1 .s,^hNNdC#
Solaris:20 IBM JRE V1.3.1*Z Solaris O20 JRE 1.3.1,kq-TBb)=h:
1. T root C'm]G<#
2. ek IBM Tivoli Access Manager for Solaris CD#
3. 20 IBM JRE 1.3.1 m~|:
pkgadd -d /cdrom/cdrom0/solaris -a /cdrom/cdrom0/solaris/pddefault SUNWj3rt
d P - d / c d r o m / c d r o m 0 / s o l a r i s 8 ( m ~ | D ; C x - a
/cdrom/cdrom0/solaris/pddefault 8(20\mE>D;C#
4. hC PATH 73d?:
PATH=/usr/j2se/jre/bin:$PATHexport PATH
20 IBM JRE 1.3.1 .s,^hNNdC#
Windows:20 IBM JRE V1.3.1*Z Windows O20 IBM JRE 1.3.1,kq-TBb)=h:
1. T_P\mX(DC'm]G<#
2. ek IBM Tivoli Access Manager CD for Windows#
3. dkTB|n:
cd_drive\windows\JRE\install.exe
jI*z8>E"#120jI1,%wjI#
4. hC PATH 73d?:
set PATH=install_dir;%PATH%
}g,g{Q9C1!20?<xP20,rdkTB|n:
set PATH=c:\Program Files\IBM\Java131\jre\bin;%PATH%
5. g{F.9C GSKit iKeyman 5CLr,k4PTBYw:
a. + JAVA_HOME 73d?hC* Java 20D+76#}g:
set JAVA_HOME=c:\Program Files\IBM\Java131
20 IBM JRE
Z 19 B 20X8z7 243
b. + GSKit bin M lib ?<mS= PATH d?#}g:
set PATH="C:\Program Files\ibm\gsk7\bin";%PATH%set PATH="C:\Program Files\ibm\gsk7\lib";%PATH%
20 IBM JRE 1.3.1 .s,^hNNdC#
20 IBM JRE
244 IBM Tivoli Access Manager for e-business: Web Security 208O
20 WebSphere Application ServerIBM WebSphere Application Server 5.0.2 |,ZCZ\'V=(D IBM Tivoli Access
Manager Web Administration Interfaces M IBM Tivoli Access Manager Attribute Retrieval
Service CD O#
WebSphere Application Server tCT Web Portal Manager SZ(CZ\m Tivoli Access
Manager)M Web Administration Tool(CZ\m IBM Tivoli Directory Server)b=
_D'V#
Z AIX"HP-UX"Linux on xSeries"Solaris M Windows 2000 53Oh* IBM
WebSphere Application Server ^)| 2#yPd|\'VDYw53f><&Z 5.0.2
6p#
XZ IBM WebSphere Application Server DE",kND:
http://www.ibm.com/software/webservers/appserv/infocenter.html
jIJCZzDYw53D8>E":
v AIX,ZZ 245 3O
v HP-UX,ZZ 247 3O
v Linux,ZZ 248 3O
v Solaris,ZZ 250 3O
v Windows,ZZ 252 3O
AIX:20 WebSphere Application ServerWebSphere Application Server ZzF.20 Web Portal Manager r Web Administration
Tool SZD53OGXhD#*Z AIX O20 WebSphere Application Server 5.0.2,
kq-TBb)=h#
":WebSphere D5;Z IBM Tivoli Access Manager Web Administration Interfaces for
AIX r IBM Tivoli Access Manager Attribute Retrieval Service for AIX CD OD
usr/sys/inst.images/websphere/docs ?<P#
1. T root C'm]G<#
2. ek IBM Tivoli Access Manager Web Administration Interfaces for AIX r IBM
Tivoli Access Manager Attribute Retrieval Service for AIX CD "20|#
3. P;= CD yZD}/wOD /usr/sys/inst.images/websphere/aix ?<#
4. dkTB|n:
./install
+T>0!q20oT1T0r#
5. !qk*CZ20DoT,"%w7(#
6. +T>06-1A;#%wB;=Lx#
7. DAmI$-i,g{S\b)un,r%wG#
20r<li53Hvu~#kTr#
8. !q(F20`M"!{!q6k={"+],||,Kk JMS <uf]D"C
Z6k={"+]M IBM WebSphere MQSeries DM'z#%wB;=Lx#
20 WebSphere Application Server
Z 19 B 20X8z7 245
9. S\TBz7D1!?DX?<,"%wB;=#9IT%w/@T!q>X5
3Om;v?<D76#
v IBM WebSphere Application Server V5
v IBM HTTP Server V1.3.26
10. dkZc{Mwz{,rS\K20D1!5"%wB;=#
":Zc{CZ\m,ZdZc(%*)iPXkG(;D#wz{G>X53
D DNS {Fr IP X7#
11. 4izD!q#%wO;=xP|D,r_%wB;=T*<20}L#
20*<#kTr#
12. %wB;="az7,r_!{!qC4!r"%wB;=Ts"a#
13. %wjIXU20r<#+T>0WebSphere Application Server - nu=h10
Z#9CK0Zi$20rT20xPJOoO#
14. 20.s,Xk20^)| 2#`X8>E",kND:AIX:20 WebSphere
Application Server ^)| 2;#
AIX:20 WebSphere Application Server ^)| 2*Z AIX O20 WebSphere Application Server ^)| 2,kq-TBb)=h:
1. #9 WebSphere Application Server M IBM HTTP Server#g{Z,;vzwO
20K LDAP "am~qw,r9k7##9 LDAP ~qw#
2. 7#QhC JAVA_HOME 53d?#}g:
export JAVA_HOME=/opt/WebSphere/AppServer/java
3. ek IBM Tivoli Access Manager WebSphere Fix Pack for AIX CD "20|#
4. + CD DZ]4F=2L}/wOD;vY1?<P#
5. KP;Z aix/websphere_fixpack S?<(z4F CD Z]D;C)PDTBE
>:
./updateWizard.sh
+T>0|B20r<1#
6. !qk*CZ20DoT,"%w7(#
7. +T>06-1A;#%wB;=Lx#
8. !q IBM WebSphere Application Server V5.0.0 w*k*|BDz7,"%
wB;=#
9. !q20^)|"%wB;=#
10. dk4FK^)|D~DY1?<#}g,g{+ websphere_fixpack ?<S CD
4F=z53OD C:\temp ?<,rZ0^)|?<1VNPdkTBZ]:
C:\temp\websphere_fixpack\fixpacks
%wB;=Lx#
11. !q20^)|"%wB;=#
12. !q|B IBM HTTP Server "%wB;=#
":Tivoli Access Manager ;*s06k={"+]1#g{Q* WebSphere
Application Server 5.0 hCK06k={"+]1,rIT!q|BK&\?
~#
20 WebSphere Application Server
246 IBM Tivoli Access Manager for e-business: Web Security 208O
13. %w**T0rODB;=*<20#20}L*<#kTr#
14. 120jI1,%wjI#
15. XBt/ WebSphere Application Server M IBM HTTP Server#
HP-UX:20 WebSphere Application ServerWebSphere Application Server ZzF.20 Web Portal Manager r Web Administration
Tool SZD53OGXhD#*Z HP-UX O20 WebSphere Application Server 5.0.2,
kq-TBb)=h#
":WebSphere D5;Z IBM Tivoli Access Manager Web Administration Interfaces for
HP-UX r IBM Tivoli Access Manager Attribute Retrieval Service for HP-UX CD
OD hp/websphere/docs ?<P#
1. T root C'm]G<#
2. ek IBM Tivoli Access Manager Web Administration Interfaces for HP-UX r IBM
Tivoli Access Manager Attribute Retrieval Service for HP-UX CD#
3. Zs(Ht/ pfs_mountd,;sYt/ pfsd(g{|GP4KP)#9C
pfs_mount |n20 CD#}g,dkBP|n:
/usr/sbin/pfs_mount /dev/dsk/c0t0d0 /cd-rom
dP /dev/dsk/c0t0d0 G CD h8x /cd-rom G20c#
4. P;= CD yZD}/wOD hp/websphere/hp ?<#
5. dkTB|n:
./install
+T>0!q20oT1T0r#
6. !qk*CZ20DoT,"%w7(#
7. +T>06-1A;#%wB;=Lx#
8. DAmI$-i,g{S\b)un,r%wG#
20r<li53Hvu~#kTr#
9. !q(F20`M"!{!q6k={"+],||,Kk JMS <uf]D"C
Z6k={"+]M IBM WebSphere MQSeries DM'z#%wB;=Lx#
10. S\TBz7D1!?DX?<,"%wB;=#9IT%w/@T!q>X5
3Om;v?<D76#
v IBM WebSphere Application Server V5
v IBM HTTP Server V1.3.26
11. dkZc{Mwz{,rS\K20D1!5"%wB;=#
":Zc{CZ\m,ZdZc(%*)iPXkG(;D#wz{G>X53
D DNS {Fr IP X7#
12. 4izD!q#%wO;=xP|D,r_%wB;=T*<20}L#
20*<#kTr#
13. %wB;="az7,r_!{!qC4!r"%wB;=Ts"a#
14. %wjIXU20r<#+T>0WebSphere Application Server - nu=h10
Z#9CK0Zi$20rT20xPJOoO#
20 WebSphere Application Server
Z 19 B 20X8z7 247
15. gBy>6B CD:
pfs_umount -c /cd-rom
dP /cd-rom G20c#
16. 20.s,Xk20^)| 2#`X8>E",kND:HP-UX:20 WebSphere
Application Server ^)| 2;#
HP-UX:20 WebSphere Application Server ^)| 2*Z HP–UX O20 WebSphere Application Server ^)| 2,kq-TBb)=h:
1. #9 WebSphere Application Server M IBM HTTP Server#g{Z,;vzwO
20K LDAP "am~qw,r9k7##9 LDAP ~qw#
2. 7#QhC JAVA_HOME 53d?#}g:
export JAVA_HOME=/opt/WebSphere/AppServer/java
3. ek IBM Tivoli Access Manager WebSphere Fix Pack for HP-UX CD#
4. + CD DZ]4F=2L}/wOD;vY1?<P#
5. KP;Z hp/websphere_fixpack S?<(z4F CD Z]D;C)PDTBE>:
./updateWizard.sh
+T>0|B20r<1#
6. !qk*CZ20DoT,"%w7(#
7. +T>06-1A;#%wB;=Lx#
8. !q IBM WebSphere Application Server V5.0.0 w*k*|BDz7,"%
wB;=#
9. !q20^)|"%wB;=#
10. dk4FK^)|D~DY1?<#}g,g{+ websphere_fixpack ?<S CD
4F=z53OD C:\temp ?<,rZ0^)|?<1VNPdkTBZ]:
C:\temp\websphere_fixpack\fixpacks
%wB;=Lx#
11. !q20^)|"%wB;=#
12. !q|B IBM HTTP Server "%wB;=#
":Tivoli Access Manager ;*s06k={"+]1#g{Q* WebSphere
Application Server 5.0 hCK06k={"+]1,rIT!q|BK&\?
~#
13. %w**T0rODB;=*<20#20}L*<#kTr#
14. 120jI1,%wjI#
15. XBt/ WebSphere Application Server M IBM HTTP Server#
Linux:20 WebSphere Application ServerWebSphere Application Server ZzF.20 Web Portal Manager r Web Administration
Tool SZD53OGXhD#*Z Linux O20 WebSphere Application Server 5.0.2,
kq-TBb)=h#
20 WebSphere Application Server
248 IBM Tivoli Access Manager for e-business: Web Security 208O
":WebSphere D5;Z IBM Tivoli Access Manager Web Administration Interfaces for
Linux on xSeries, zSeries, or pSeries/iSeries r IBM Tivoli Access Manager Attribute
Retrieval Service for Linux on xSeries or zSeries CD D series/websphere/docs
?<P#
1. T root C'm]G<#
2. ek IBM Tivoli Access Manager Web Administration Interfaces for Linux on xSeries,
zSeries, or pSeries/iSeries r IBM Tivoli Access Manager Attribute Retrieval Service
for Linux on xSeries or zSeries CD "20|#
3. P;= CD yZD}/wDTB?<.;:
Linux on xSeries:/xSeries/websphere/linuxi386
Linux on zSeries:/zSeries/websphere/linuxs390
Linux on pSeries and iSeries:/pSeries/websphere/linuxppc
4. dkTB|n:
./install
+T>0!q20oT1T0r#
5. !qk*CZ20DoT,"%w7(#
6. +T>06-1A;#%wB;=Lx#
7. DAmI$-i,g{S\b)un,r%wG#
20r<li53Hvu~#kTr#
8. !q(F20`M"!{!q6k={"+],||,Kk JMS <uf]D"C
Z6k={"+]M IBM WebSphere MQSeries DM'z#%wB;=Lx#
9. S\TBz7D1!?DX?<,"%wB;=#9IT%w/@T!q>X5
3Om;v?<D76#
v IBM WebSphere Application Server V5
v IBM HTTP Server V1.3.26
10. dkZc{Mwz{,rS\K20D1!5"%wB;=#
":Zc{CZ\m,ZdZc(%*)iPXkG(;D#wz{G>X53
D DNS {Fr IP X7#
11. 4izD!q#%wO;=xP|D,r_%wB;=T*<20}L#
20*<#kTr#
12. %wB;="az7,r_!{!qC4!r"%wB;=Ts"a#
13. %wjIXU20r<#+T>0WebSphere Application Server - nu=h10
Z#9CK0Zi$20rT20xPJOoO#
14. vT Linux on xSeries,20^)| 2#`X8>E",kND:Linux on xSeries:
20 WebSphere Application Server ^)| 2;#
Linux on xSeries:20 WebSphere Application Server ^)|
2*Z Linux on xSeries O20 WebSphere Application Server ^)| 2,kq-TBb
)=h:
1. #9 WebSphere Application Server M IBM HTTP Server#g{Z,;vzwO
20K LDAP "am~qw,r9k7##9 LDAP ~qw#
20 WebSphere Application Server
Z 19 B 20X8z7 249
2. 7#QhC JAVA_HOME 53d?#}g:
export JAVA_HOME=/opt/WebSphere/AppServer/java
3. ek IBM Tivoli Access Manager WebSphere Fix Pack for Linux on xSeries CD "
20|#
4. + CD DZ]4F=2L}/wOD;vY1?<P#
5. KP;Z platform/websphere_fixpack S?<(z4F CD Z]D;C)PDT
BE>:
./updateWizard.sh
+T>0|B20r<1#
6. !qk*CZ20DoT,"%w7(#
7. +T>06-1A;#%wB;=Lx#
8. !q IBM WebSphere Application Server V5.0.0 w*k*|BDz7,"%
wB;=#
9. !q20^)|"%wB;=#
10. dk4FK^)|D~DY1?<#}g,g{+ websphere_fixpack ?<S CD
4F=z53OD C:\temp ?<,rZ0^)|?<1VNPdkTBZ]:
C:\temp\websphere_fixpack\fixpacks
%wB;=Lx#
11. !q20^)|"%wB;=#
12. !q|B IBM HTTP Server "%wB;=#
":Tivoli Access Manager ;*s06k={"+]1#g{Q* WebSphere
Application Server 5.0 hCK06k={"+]1,rIT!q|BK&\?
~#
13. %w**T0rODB;=*<20#20}L*<#kTr#
14. 120jI1,%wjI#
15. XBt/ WebSphere Application Server M IBM HTTP Server#
Solaris:20 WebSphere Application ServerWebSphere Application Server ZzF.20 Web Portal Manager r Web Administration
Tool SZD53OGXhD#*Z Solaris O20 WebSphere Application Server 5.0.2,
kq-TBb)=h#
":WebSphere D5;Z IBM Tivoli Access Manager Web Administration Interfaces for
Solaris r IBM Tivoli Access Manager Attribute Retrieval Service for Solaris CD
OD solaris/websphere/docs ?<P#
1. T root C'm]G<#
2. ek IBM Tivoli Access Manager Web Administration Interfaces for Solaris r IBM
Tivoli Access Manager Attribute Retrieval Service for Solaris CD#
3. P;= CD yZD}/wOD solaris/websphere/sun ?<#
4. dkTB|n:
./install
20 WebSphere Application Server
250 IBM Tivoli Access Manager for e-business: Web Security 208O
+T>0!q20oT1T0r#
5. !qk*CZ20DoT,"%w7(#
6. +T>06-1A;#%wB;=Lx#
7. DAmI$-i,g{S\b)un,r%wG#
20r<li53Hvu~#kTr#
8. !q(F20`M"!{!q6k={"+],||,Kk JMS <uf]D"C
Z6k={"+]M IBM WebSphere MQSeries DM'z#%wB;=Lx#
9. S\TBz7D1!?DX?<,"%wB;=#9IT%w/@T!q>X5
3Om;v?<D76#
v IBM WebSphere Application Server V5
v IBM HTTP Server V1.3.26
10. dkZc{Mwz{,rS\K20D1!5"%wB;=#
":Zc{CZ\m,ZdZc(%*)iPXkG(;D#wz{G>X53
D DNS {Fr IP X7#
11. 4izD!q#%wO;=xP|D,r_%wB;=T*<20}L#
20*<#kTr#
12. %wB;="az7,r_!{!qC4!r"%wB;=Ts"a#
13. %wjIXU20r<#+T>0WebSphere Application Server - nu=h10
Z#9CK0Zi$20rT20xPJOoO#
14. 20^)| 2#`X8>E",kND:Solaris:20 WebSphere Application Server
^)| 2;#
Solaris:20 WebSphere Application Server ^)| 2*Z Solaris O20 WebSphere Application Server ^)| 2,kq-TBb)=h:
1. #9 WebSphere Application Server M IBM HTTP Server#g{Z,;vzwO
20K LDAP "am~qw,r9k7##9 LDAP ~qw#
2. 7#QhC JAVA_HOME 53d?#}g:
export JAVA_HOME=/opt/WebSphere/AppServer/java
3. ek IBM Tivoli Access Manager WebSphere Fix Pack for Solaris CD#
4. + CD DZ]4F=2L}/wOD;vY1?<P#
5. KP;Z solaris/websphere_fixpack S?<(z4F CD Z]D;C)PDT
BE>:
./updateWizard.sh
+T>0|B20r<1#
6. !qk*CZ20DoT,"%w7(#
7. +T>06-1A;#%wB;=Lx#
8. !q IBM WebSphere Application Server V5.0.0 w*k*|BDz7,"%
wB;=#
9. !q20^)|"%wB;=#
10. dk4FK^)|D~DY1?<#}g,g{+ websphere_fixpack ?<S CD
4F=z53OD C:\temp ?<,rZ0^)|?<1VNPdkTBZ]:
20 WebSphere Application Server
Z 19 B 20X8z7 251
C:\temp\websphere_fixpack\fixpacks
%wB;=Lx#
11. !q20^)|"%wB;=#
12. !q|B IBM HTTP Server "%wB;=#
":Tivoli Access Manager ;*s06k={"+]1#g{Q* WebSphere
Application Server 5.0 hCK06k={"+]1,rIT!q|BK&\?
~#
13. %w**T0rODB;=*<20#20}L*<#kTr#
14. 120jI1,%wjI#
15. XBt/ WebSphere Application Server M IBM HTTP Server#
Windows:20 WebSphere Application ServerWebSphere Application Server ZzF.20 Web Portal Manager r Web Administration
Tool SZD53OGXhD#*Z Windows O20 WebSphere Application Server
5.0.2,kq-TBb)=h#
":WebSphere D5;Z IBM Tivoli Access Manager Web Administration Interfaces r
IBM Tivoli Access Manager Attribute Retrieval Service CD for Windows 2000(Z
windows\websphere\docs P)r Windows 2003(Z windows2003\websphere\docs
P)#
1. T_P\m1X(DC'm]G<#
2. 7#QXUNN}ZKPD Windows Lr#
3. ek IBM Tivoli Access Manager Web Administration Interfaces r IBM Tivoli Access
Manager Attribute Retrieval Service CD for Windows 2000 / Windows 2003#
4. P;= CD yZD}/wDTB?<.;:
v Z Windows 2000 53O:
windows\websphere\nt
v Z Windows 2003 53O:
windows2003\websphere\windows2003
5. KPTBLr:
install.exe
+T>0!q20oT1T0r#
6. !qk*CZ20DoT,"%w7(#
7. +T>06-1A;#%wB;=Lx#
8. DAmI$-i,g{S\b)un,r%wG#
20r<li53Hvu~#kTr#
9. !q(F20`M"!{!q6k={"+],||,Kk JMS <uf]D"C
Z6k={"+]M IBM WebSphere MQSeries DM'z#%wB;=Lx#
10. S\TBz7D1!?DX?<,"%wB;=#9IT%w/@T!q>X5
3Om;v?<D76#
v IBM WebSphere Application Server V5
20 WebSphere Application Server
252 IBM Tivoli Access Manager for e-business: Web Security 208O
v IBM HTTP Server V1.3.26
11. dkZc{Mwz{,rS\K20D1!5"%wB;=#
":Zc{CZ\m,ZdZc(%*)iPXkG(;D#wz{G>X53
D DNS {Fr IP X7#
12. IT+ WebSphere Application Server M IBM HTTP Server w* Windows ~q
KP#*jIKnYw,kdk8(C'j6D\k"%wB;=#|G
WebSphere DC'{M\k,RXkG>X53ODC'j6M\k#
13. 4izD!q#%wO;=xP|D,r_%wB;=T*<20}L#
20*<#kTr#
14. %wB;="az7,r_!{!qC4!r"%wB;=Ts"a#
15. %wjIXU20r<#+T>0WebSphere Application Server - nu=h10
Z#9CK0Zi$20rT20xPJOoO#
16. vT Windows 2000 53,20^)| 2#`X8>E",kND:Windows
2000:20 WebSphere Application Server ^)| 2;#
Windows 2000:20 WebSphere Application Server ^)| 2*Z Windows O20 WebSphere Application Server ^)| 2,kq-TBb)=h:
1. #9 WebSphere Application Server M IBM HTTP Server#g{Z,;vzwO
20K LDAP "am~qw,r9k7##9 LDAP ~qw#
2. 7#QhC JAVA_HOME 53d?#*jIKnYw,kKP;Z install_dir\bin
?<D setupCmdLine.bat D~,dP install_dir Gz20 WebSphere Application
Server D20?<#}g:
C:\Program Files\WebSphere\AppServer\bin\setupCmdLine.bat
3. ek IBM Tivoli Access Manager WebSphere Fix Pack for Windows 2000 CD#
4. + CD DZ]4F=2L}/wOD;vY1?<P#
5. KP;Z windows/websphere_fixpack S?<(z4F CD Z]D;C)PDT
Bz&mD~:
updateWizard
+T>0|B20r<1#
6. !qk*CZ20DoT,"%w7(#
7. +T>06-1A;#%wB;=Lx#
8. !q IBM WebSphere Application Server V5.0.0 w*k*|BDz7,"%
wB;=#
9. !q20^)|"%wB;=#
10. dk4FK^)|D~DY1?<#}g,g{+ websphere_fixpack ?<S CD
4F=z53OD C:\temp ?<,rZ0^)|?<1VNPdkTBZ]:
C:\temp\websphere_fixpack\fixpacks
%wB;=Lx#
11. !q20^)|"%wB;=#
12. !q|B IBM HTTP Server "%wB;=#
20 WebSphere Application Server
Z 19 B 20X8z7 253
":Tivoli Access Manager ;*s06k={"+]1#g{Q* WebSphere
Application Server 5.0 hCK06k={"+]1,rIT!q|BK&\?
~#
13. %w**T0rODB;=*<20#20}L*<#kTr#
14. 120jI1,%wjI#
15. XBt/ WebSphere Application Server M IBM HTTP Server#
20 WebSphere Application Server
254 IBM Tivoli Access Manager for e-business: Web Security 208O
20 Web Administration ToolWeb Administration Tool C4T IBM Tivoli Directory Server xP>Xr6L\m#
ITZNN1r20KSZ#
*20 Web Administration Tool &CLr,kq-CZzX(=(D}L#
":g{ZKP IBM Tivoli Directory Server V4.1 r 5.1,r7#Z20 Web
Administration Tool .0KP am_update_ldap.sh LDAP 9!#
v AIX,ZZ 255 3O
v HP-UX,ZZ 256 3O
v Linux,ZZ 257 3O
v Solaris,ZZ 257 3O
v Windows,ZZ 258 3O
":h*;v&CLr~qw,}gf Tivoli Access Manager a)D IBM WebSphere
Application Server V5.0.2#g{zD?pF.|,20 Web Portal Manager SZ,
rIT9C,;v WebSphere 5}4w\ Web Administration Tool#
AIX:20 Web Administration Tool*Z AIX O20 Web Administration Tool,kq-TBb)=h:
1. T root C'm]G<#
2. 7#zc Web Administration Tool D53*s#`XE",kNDZ 26 3#
3. 7#Z2+rP20KTB~qw:
v IBM Tivoli Directory Server V5.2
v IBM WebSphere Application Server V5.0.2
XZ20b)~qwD8>E",kNDZ 56 3D:20 IBM Tivoli Directory
Server;MZ 245 3D:20 WebSphere Application Server;#
4. ek IBM Tivoli Access Manager Web Administration Interfaces for AIX CD "2
0|#
5. 20 Web Administration Tool m~|:
installp –acgXd cd_mount_point/usr/sys/inst.images ldap.webdadmin ldap.max_crypto_webdadmin
dP cd_mount_point/usr/sys/inst.images G20C CD D?<#
6. + Web Administration Tool 20= WebSphere Application Server dCP#`X8
>E",kNDZ 259 3#
bMjIK Web Administration Tool D20#*t/ Web Administration Tool,*A
20K WebSphere Application Server D?<,""vTB|n.;:
/usr/WebSphere/AppServer/bin/startServer.sh server1
r
/opt/WebSphere/AppServer/bin/startServer.sh server1
*G<=XF(,Ir* Web /@w"dkTBX7:
http://localhost:9080/IDSWebApp/IDSjsp/Login.jsp
20 Web Administration Tool
Z 19 B 20X8z7 255
dP localhost 8(20K Web Administration Tool M WebSphere Application Server
Dwz53D{Fr IP X7#XZ9C Web Administration Tool D|`E",kN
D IBM Tivoli Directory Server Administration Guide, Version 5.2,Ci;Z:
http://www.ibm.com/software/network/directory/library/
HP-UX:20 Web Administration Tool*Z HP-UX O20 Web Administration Tool,kq-TBb)=h:
1. T root C'm]G<#
2. 7#zc Web Administration Tool D53*s#`XE",kNDZ 26 3#
3. 7#Z2+rP20KTB~qw:
v IBM Tivoli Directory Server V5.2
v IBM WebSphere Application Server V5.0.2
XZ20b)~qwD8>E",kNDZ 56 3D:20 IBM Tivoli Directory
Server;MZ 245 3D:20 WebSphere Application Server;#
4. ek IBM Tivoli Access Manager Web Administration Interfaces for HP-UX CD#
5. Zs(Ht/ pfs_mountd,;sYt/ pfsd(g{|GP4KP)#9C
pfs_mount |n20 CD#}g,dkBP|n:
/usr/sbin/pfs_mount /dev/dsk/c0t0d0 /cd-rom
dP /dev/dsk/c0t0d0 G CD h8x /cd-rom G20c#
6. 20 Web Administration Tool m~|:
swinstall -s /cd-rom/hp ldapwebadmin
dP /cd-rom/hp G?<#
7. + Web Administration Tool 20= WebSphere Application Server dCP#`X8
>E",kNDZ 259 3#
8. gBy>6B CD:
pfs_umount -c /cd-rom
dP /cd-rom G20c#
bMjIK Web Administration Tool D20#*t/ Web Administration Tool,*A
20K WebSphere Application Server D?<,""vTB|n.;:
/usr/WebSphere/AppServer/bin/startServer.sh server1
r
/opt/WebSphere/AppServer/bin/startServer.sh server1
*G<=XF(,Ir* Web /@w"dkTBX7:
http://localhost:9080/IDSWebApp/IDSjsp/Login.jsp
dP localhost 8(20K Web Administration Tool M WebSphere Application Server
Dwz53D{Fr IP X7#XZ9C Web Administration Tool D|`E",kN
D IBM Tivoli Directory Server Administration Guide, Version 5.2,Ci;Z:
http://www.ibm.com/software/network/directory/library/
20 Web Administration Tool
256 IBM Tivoli Access Manager for e-business: Web Security 208O
Linux:20 Web Administration Tool*Z Linux O20 Web Administration Tool,kq-TBb)=h#
":Linux on zSeries C':zXkWHS IBM Tivoli Access Manager for Linux on
zSeries CD qCT Linux rpm D~DCJ#
1. T root C'm]G<#
2. 7#zc Web Administration Tool D53*s#`XE",kNDZ 26 3#
3. 7#Z2+rP20KTB~qw:
v IBM Tivoli Directory Server V5.2
v IBM WebSphere Application Server V5.0.2
XZ20b)~qwD8>E",kNDZ 56 3D:20 IBM Tivoli Directory
Server;MZ 245 3D:20 WebSphere Application Server;#
4. ek IBM Tivoli Access Manager Web Administration Interfaces CD for xSeries, zSeries,
or pSeries and iSeries "20|#
5. P;= /mnt/cdrom/series ?<,dP /mnt/cdrom G CD D20cx series 8
( xSeries"zSeries r pSeries#
6. 20 Web Administration Tool m~|:
rpm -ihv package
dP package GTB.;:
v Linux on xSeries:ldap-webadmind-5.2-1.i386.rpm
v Linux on zSeries:ldap-webadmind-5.2-1.s390.rpm
v Linux on pSeries and iSeries:ldap-webadmind-5.2-1.ppc.rpm
7. + Web Administration Tool 20= WebSphere Application Server dCP#`X8
>E",kNDZ 259 3#
bMjIK Web Administration Tool D20#*t/ Web Administration Tool,*A
20K WebSphere Application Server D?<,""vTB|n.;:
/usr/WebSphere/AppServer/bin/startServer.sh server1
r
/opt/WebSphere/AppServer/bin/startServer.sh server1
*G<=XF(,Ir* Web /@w"dkTBX7:
http://localhost:9080/IDSWebApp/IDSjsp/Login.jsp
dP localhost 8(20K Web Administration Tool M WebSphere Application Server
Dwz53D{Fr IP X7#XZ9C Web Administration Tool D|`E",kN
D IBM Tivoli Directory Server Administration Guide, Version 5.2,Ci;Z:
http://www.ibm.com/software/network/directory/library/
Solaris:20 Web Administration Tool*Z Solaris O20 Web Administration Tool,kq-TBb)=h:
1. T root C'm]G<#
20 Web Administration Tool
Z 19 B 20X8z7 257
2. 7#zc Web Administration Tool D53*s#`XE",kNDZ 26 3#
3. 7#Z2+rP20KTB~qw:
v IBM Tivoli Directory Server V5.2
v IBM WebSphere Application Server V5.0.2
XZ20b)~qwD8>E",kNDZ 56 3D:20 IBM Tivoli Directory
Server;MZ 245 3D:20 WebSphere Application Server;#
4. ek IBM Tivoli Access Manager Web Administration Interfaces for Solaris CD#
5. 20 Web Administration Tool m~|:
pkgadd -d /cdrom/cdrom0/solaris -a /cdrom/cdrom0/solaris/pddefault IBMldapw
d P - d / c d r o m / c d r o m 0 / s o l a r i s 8 ( m ~ | D ; C x - a
/cdrom/cdrom0/solaris/pddefault 8(20\mE>D;C#
6. + Web Administration Tool 20= WebSphere Application Server dCP#`X8
>E",kNDZ 259 3#
bMjIK Web Administration Tool D20#*t/ Web Administration Tool,*A
20K WebSphere Application Server D?<,""vTB|n.;:
/usr/WebSphere/AppServer/bin/startServer.sh server1
r
/opt/WebSphere/AppServer/bin/startServer.sh server1
*G<=XF(,Ir* Web /@w"dkTBX7:
http://localhost:9080/IDSWebApp/IDSjsp/Login.jsp
dP localhost 8(20K Web Administration Tool M WebSphere Application Server
Dwz53D{Fr IP X7#XZ9C Web Administration Tool D|`E",kN
D IBM Tivoli Directory Server Administration Guide, Version 5.2,Ci;Z:
http://www.ibm.com/software/network/directory/library/
Windows:20 Web Administration Tool*Z Windows O20 Web Administration Tool,kq-TBb)=h:
1. T_P\m1X(DC'm]G<#
2. 7#zc Web Administration Tool D53*s#`XE",kNDZ 26 3#
3. 7#Z2+rP20KTB~qw:
v IBM Tivoli Directory Server V5.2
v IBM WebSphere Application Server V5.0.2
XZ20b)~qwD8>E",kNDZ 56 3D:20 IBM Tivoli Directory
Server;MZ 245 3D:20 WebSphere Application Server;#
4. ek IBM Tivoli Access Manager Web Administration Interfaces CD for Windows 2000
/ Windows 2003#
5. 20 Web Administration Tool m~|#*jIbnYw,kKP;ZTB?<D
setup.exe Lr:
20 Web Administration Tool
258 IBM Tivoli Access Manager for e-business: Web Security 208O
\windows\Directory
q-*z8>E"jI20#7#!q Web Administration Tool 5.2 "!{!
qyPd|20&\?~#
6. + Web Administration Tool 20= WebSphere Application Server dCP#`X8
>E",kNDZ 259 3#
bMjIK Web Administration Tool D20#*t/ Web Administration Tool,*A
20K WebSphere Application Server D?<,""vTB|n:
C:\Program Files\WebSphere\AppServer\bin\startServer.bat server1
*G<=XF(,Ir* Web /@w"dkTBX7:
http://localhost:9080/IDSWebApp/IDSjsp/Login.jsp
dP localhost 8(20K Web Administration Tool M WebSphere Application Server
Dwz53D{Fr IP X7#XZ9C Web Administration Tool D|`E",kN
D IBM Tivoli Directory Server Administration Guide, Version 5.2,Ci;Z:
http://www.ibm.com/software/network/directory/library/
+ Web Administration Tool 0k WebSphereZ20 Web Administration Tool m~|.s,Xk+ Web Administration Tool 0k
WebSphere Application Server P#*jIKnYw,k9CTB8>E"w*8O#
XZ+&CLr0k WebSphere dCDj{E",kND IBM WebSphere Application
Server 5.0 D5,X7*:
http://www.ibm.com/software/webservers/appserv/infocenter.html
http://publib7b.boulder.ibm.com/wasinfo1/en/info/ae/ae/trun_app_instwiz.html
*+ Web Administration Tool 20= WebSphere Application Server dCP,k4P
TBYw:
1. G<= WebSphere Application Server \mXF(#}g,S\'VD Web /@w
PdkTBX7:
http://hostname:9090/admin/
dP hostname 8(20K IBM WebSphere Application Server D53D{Fr IP
X7#
2. ZXF(<=wP%w&CLr → 20B&CLr#+T>=v0}Z<8&CL
r2013fPDZ;3#
3. Z0}Z<8&CLr2013fDZ;3O:
a. gB8( Web Administration Tool &CLr@" IDSWebApp.war D~D+76:
1) Z UNIX 53O:
install_dir/idstools/IDSWebApp.war
2) Z Windows 53O:
install_dir\idstools\IDSWebApp.war
20 Web Administration Tool
Z 19 B 20X8z7 259
dP install_dir GzZ20 Web Administration Tool 18(D20?<#
}g:C:\Program Files\IBM\LDAP\idstools\IDSWebApp.war
":CD~ITZM'zO(KP Web /@wDzw),r_Z~qwO(M
'z,S=Dzw)#
b. Z0OBDy1VN,8(TBZ]:
/IDSWebApp
c. %wB;=#
4. !qGzI1!s(9GS\1!5,"%wB;=#9C1!s(+9CC1!
54nd&CLrPNN4jIDs(#;a|DVPs(#IT(FCZzI1
!s(D1!5#
+T>020B&CLr13f#
5. (=h 1:a)4P20D!n)7#0&CLr{F1VN|, IDSWebApp_war,
S\1!5,"%wB;=#
6. (=h 2:* Web #i3dibwz)!q IBM Tivoli Directory Server WebApplication V2.0 w* Web #i,"!q default_host w*ibwz,;s%
wB;=#
7. (=h 3:+#i3d=&CLr~qw)!q IBM Tivoli Directory Server WebApplication V2.0 "%wB;=#
8. (=h 4:**)4i20!n"%wjI#
9. 1T>0#f=wdC13f1,%w#fT#fTdCD|D#rr\m"aK
C&CLr
20 Web Administration Tool
260 IBM Tivoli Access Manager for e-business: Web Security 208O
Z 20 B 6Xi~
6X Tivoli Access Manager G;v=?VD}L#Xk!{dCi~,;s}% Tivoli
Access Manager m~|#
>Ba)TBwZ:
v :!{dC Tivoli Access Manager i~;
v Z 262 3D:!{dC IBM Tivoli Directory Server;
v Z 262 3D:!{dC Tivoli Access Manager for WebSphere;
v }%m~|:
– AIX,ZZ 263 3O
– HP-UX,ZZ 264 3O
– Linux,ZZ 264 3O
– Solaris,ZZ 265 3O
– Windows,ZZ 266 3O
Z*<.0
v Z!{dC Access Manager Policy Server r Access Manager Runtime i~
.0,H!{dC Tivoli Access Manager &CLr,g WebSEAL#
v ns!{dC"}% policy server 53#
!{dC Tivoli Access Manager i~
Z}% Tivoli Access Manager m~|.0,Xk7#Q!{dCi~(g{h*)#*
jIbnYw,kq-TBb)=h#
1. Z UNIX O,T root C'm]G<#Z Windows O,T_P Windows \m1
X(DC'm]G<#
2. *t/dC5CLr,kdkTB|n:
pdconfig
":Z Windows 53O,9IT!q*< → Lr → Access Manager → dC#
+T> Access Manager for e-business 20K%#
3. 4TB3r!{dCi~#*Z UNIX O!{dCi~,kdk Tivoli Access
Manager i~DK%n`E#*Z Windows O!{dCi~,k!qi~"%w!
{dC#T?vk*!{dCDm~|X4K}L#
a. Access Manager Web Portal Manager"Access Manager WebSEAL Server" Access
Manager Plug-in for Edge Server r Access Manager Plug-in for Web Servers
b. Access Manager Authorization Server
c. Access Manager Policy Proxy Server
© Copyright IBM Corp. 2001, 2003 261
d. Access Manager Policy Server
e. Access Manager Runtime M Access Manager Java Runtime Environment
":
v g{4dCi~,r;*}%|MITK#
v g{}Z!{dC policy server r policy proxy server,r+a>zdk LDAP
\m1D(P{F(cn=root)M\k#
v !{dC policy server 1,a/fz+}%\mrP20DyP Tivoli Access
Manager ~qwM&CLrDdCMZ(E"#*Lx,kdk y#
Zdk LDAP \mC' DN M\k.s,+a>zS"am@C}%rE"#
dk y T}%yPrE",|(C'MiE"#dk n T}%rE",+#t
C'MiE",byTsITXB4(r(g{h*)#
v g{Q20 Access Manager Java Runtime Environment,+;P20 Access
Manager Runtime,rgBy>9C /opt/PolicyDirector/sbin/pdjrtecfg 5C
Lr!{dCKi~:
./pdjrtecfg -action unconfig -interactive
!{dC IBM Tivoli Directory Server*!{dC IBM Tivoli Directory Server,kq-TBb)=h#(iZt/K}L.
08]?<MNNVPD#=D~#
1. Z UNIX O,T root C'm]G<#Z Windows O,T_P Windows \m1
X(DC'm]G<#
2. #9 ibmslapd ~qw#
3. 9C ldapucfg 5CLrS IBM Tivoli Directory Server P}% DB2 dCE"#
*jIbnYw,kdkTB|n:
ldapucfg -d -i
aa>zdk 1 T7O!{dC#g{QdC1!}]b,r ldapucfg 5CLr
a(}K=hS53P>}C}]b#g{QdC(F}]b,rC}]b+tZ
53O#
":*}%(F}]b,kT5}yP_m]G<"dkTBZ]:
db2stopdb2ilistdb2idrop instance_name
!{dC Tivoli Access Manager for WebSphereZ}% PDWAS m~|.0,Xk!{dC Tivoli Access Manager for WebSphere i~,
gBy>:
1. T root C'm]G<#
2. #9 WebSphere Application Server#
3. 9C –action [unconfigWAS4 | unconfigWAS5] !nKP pdwascfg 5CLr,
gBy>:
6Xi~
262 IBM Tivoli Access Manager for e-business: Web Security 208O
pdwascfg -action unconfig version_number-remote_acl_user user_CN-sec_master_pwd password-was_home home_directory_of_WebSphere_Application_Server-pdmgrd_host policy_server_host_name-pdacld_host authorization_server_host_name
PXK5CLrD|`E",kNDZ 417 3D:pdwascfg;#
AIX:}%m~|
6X Tivoli Access Manager G;v=?VD}L#XkH!{dCi~,;s}%|
G,}G8>z4Pd{Yw(}gZ}6}LP)#
":Z}%m~|.0,k7#Q#9yP Tivoli Access Manager ~qM&CLr#
*S AIX 53}%i~,kq-TBb)=h:
1. k7#Q!{dCi~(gh*)#kq-Z 261 3D:!{dC Tivoli Access
Manager i~;PD8>E"#
2. dkTB|n:
installp -u -g packages
dP packages 8(TBZ]PD;vr`v#
":v1k*}%8(m~|D`Xm~1,9C –g !n#
IBM Global Security Kit gsksa.rte M gskta.rte
IBM Tivoli Directory Client l d a p . c l i e n t M
ldap.max_crypto_client
IBM Tivoli Directory Server l d a p . s e r v e r M
ldap.max_crypto_server
Access Manager Application Development Kit PD.AuthADK
Access Manager Attribute Retrieval Service PDWeb.ARS
Access Manager Authorization Server PD.Acld
Access Manager Java Runtime Environment PDJ.rte
Access Manager Plug-in for IBM HTTP Server PD.WPIIHS
Access Manager Plug-in for Sun ONE Web Server PD.WPIiPlanet
Access Manager Plug-in for Web Servers PD.WPI
Access Manager Policy Server PD.Mgr
Access Manager Policy Proxy Server PD.MgrPrxy
Access Manager Runtime PD.RTE
Access Manager for WebLogic Server PDWLS
Access Manager for WebSphere Application Server PDWAS
Access Manager Web Portal Manager PD.WPM
Access Manager Web Security Runtime PDWeb.RTE
Access Manager WebSEAL Server PDWeb.Web
Access Manager WebSEAL Development(ADK) PDWeb.ADK
6Xi~
Z 20 B 6Xi~ 263
HP-UX:}%m~|
6X Tivoli Access Manager G;v=?VD}L#XkH!{dCi~,;s}%|
G,}G8>z4Pd{Yw(}gZ}6}LP)#
":Z}%m~|.0,k7#Q#9yP Tivoli Access Manager ~qM&CLr#
*S HP-UX 53}%i~,kq-TBb)=h:
1. k7#Q!{dCi~#kq-Z 261 3D:!{dC Tivoli Access Manager i~;
PD8>E"#
2. dkTB|n:
swremove packages
dP packages 8(TBZ]PD;vr`v:
IBM Global Security Kit gsk7bas M gsk7ikm
IBM Tivoli Directory Client LDAPClient
IBM Tivoli Directory Server LDAPServer
Access Manager Application Development Kit PDAuthADK
Access Manager Attribute Retrieval Service PDWebARS
Access Manager Authorization Server PDAcld
Access Manager Java Runtime Environment PDJrte
Access Manager Policy Server PDMgr
Access Manager Policy Proxy Server PDMgrPrxy
Access Manager Runtime PDRTE
Access Manager for WebLogic Server PDWLS
Access Manager for WebSphere Application Server PDWAS
Access Manager Web Portal Manager PDWPM
Access Manager Web Security Runtime PDWebRTE
Access Manager WebSEAL Server PDWeb
Access Manager WebSEAL Development(ADK) PDWebADK
+T>a>,mw$}%E>}ZKP#?vD~Z}%1aPv4#
Linux:}%m~|
6X Tivoli Access Manager G;v=?VD}L#Xk!{dCi~,;s}% Tivoli
Access Manager m~|#
":Z}%m~|.0,k7#Q#9yP Tivoli Access Manager ~qM&CLr#
*S Linux 53}%i~,kq-TBb)=h:
1. k7#Q!{dCi~#kq-Z 261 3D:!{dC Tivoli Access Manager i~;
PD8>E"#
2. *PvQ20Dm~|{F,kdkTB|n:
v TZ LDAP m~|:
6Xi~
264 IBM Tivoli Access Manager for e-business: Web Security 208O
rpm -qa | grep ldap
v TZ GSKit m~|:
rpm -qa | grep gsk
v TZ Tivoli Access Manager m~|:
rpm -qa | grep PD
3. dkTB|n:
rpm -e packages
dP packages 8(TBZ]PD;vr`v:
IBM Global Security Kit gsk7bas-7-0-1.9
IBM Tivoli Directory Client ldap-clientd-5.2-1
IBM Tivoli Directory Server ldap-serverd-5.2-1
Access Manager Application Development Kit PDAuthADK-PD-5.1.0-0
Access Manager Attribute Retrieval Service PDWebARS-PD-5.1.0-0
Access Manager Authorization Server PDAcld-PD-5.1.0-0
Access Manager Java Runtime Environment PDJrte-PD-5.1.0-0
Access Manager Plug-in for Apache Web Server PDWPI-Apache-5.1.0-0
Access Manager Plug-in for IBM HTTP Server PDWPI-IHS-5.1.0-0
Access Manager Plug-in for Web Servers PDWPI-PD-5.1.0-0
Access Manager Policy Server PDMgr-PD-5.1.0-0
Access Manager Policy Proxy Server PDMgrPrxy-PD-5.1.0-0
Access Manager Runtime PDRTE-PD-5.1.0-0
Access Manager for WebLogic Server PDWLS-PD-5.1.0-0
Access Manager for WebSphere Application Server PDWAS-PD-5.1.0-0
Access Manager Web Portal Manager PDWPM-PD-5.1.0-0
Access Manager Web Security Runtime PDWebRTE-PD-5.1.0-0
Access Manager WebSEAL Server PDWeb-PD-5.1.0-0
Access Manager WebSEAL Development(ADK) PDWebADK-PD-5.1.0-0
Solaris:}%m~|
6X Tivoli Access Manager G;v=?VD}L#XkH!{dCi~,;s}%|
G,}G8>z4Pd{Yw(}gZ}6}LP)#
":Z}%m~|.0,k7#Q#9yP Tivoli Access Manager ~qM&CLr#
*S Solaris 53}%i~,kq-TBb)=h:
1. k7#Q!{dCi~#*!{dCi~,kq-Z 261 3D:!{dC Tivoli
Access Manager i~;PD8>E"#
2. *}%m~|,kdkTB|n:
pkgrm package
6Xi~
Z 20 B 6Xi~ 265
dP package 8(TBZ].;:
IBM Global Security Kit gsk7bas M gsk7ikm
IBM Tivoli Directory Client IBMldapc
IBM Tivoli Directory Server IBMldaps
Access Manager Application Development Kit PDAuthADK
Access Manager Attribute Retrieval Service PDWebARS
Access Manager Authorization Server PDAcld
Access Manager Java Runtime Environment PDJrte
Access Manager Plug-in for Apache Web Server PDWPIihs
Access Manager Plug-in for IBM HTTP Server PDWPIapa
Access Manager Plug-in for Sun ONE Web Server PDWPIipl
Access Manager Plug-in for Web Servers PDWPI
Access Manager Policy Server PDMgr
Access Manager Policy Proxy Server PDMgrPrxy
Access Manager Runtime PDRTE
Access Manager for WebLogic Server PDWLS
Access Manager for WebSphere Application Server PDWAS
Access Manager Web Portal Manager PDWPM
Access Manager Web Security Runtime PDWebRTE
Access Manager WebSEAL Server PDWeb
Access Manager WebSEAL Development(ADK) PDWebRTE
3. 1a>z7O}%b)i~1,kdk y#
+T>a>,mw$}%E>}ZKP#?vD~Z}%1aPv4#
Windows:}%m~|
6X Tivoli Access Manager G;v=?VD}L#XkH!{dCi~,;s}%|
G,}G8>z4Pd{Yw(}gZ}6}LP)#
":Z}%m~|.0,k7#Q#9yP Tivoli Access Manager ~qM&CLr#
*S Windows 53}%i~,kq-TBb)=h:
1. T_P Windows \m1X(DC'm]G<#
2. !q*< → hC → XFfe,;s%wmS/>}Lr#
3. !qQ20Di~PD;v,;s%w>}#
4. SPmP!qm;vi~,r_%w7(TKvLr#
5. *S53P}% GSKit,kdkTB|n:
isuninst -f"c:\program files\ibm\gsk7\gsk7bui.isu"
dP c:\program files\ibm\gsk7 G gsk7BUI.isu D~yZ;CD+^(76#
":z;\q6Xd| Tivoli Access Manager i~;y9CmS/>}Lr<j6
X GSKit#
6Xi~
266 IBM Tivoli Access Manager for e-business: Web Security 208O
Z 21 B 20r<&C!O
>Ba)XZgN9C20r<420"dCTB Tivoli Access Manager 53DV=
8>E"k5w#
v Z 268 3D:9C install_ldap_server r<;
v Z 277 3D:9C install_ammgr r<;
XZrza>DdC!nDhv,kNDZ 287 3DZ 22 B, :20r<!n;#
© Copyright IBM Corp. 2001, 2003 267
9C install_ldap_server r<
TB&C!O9C install_ldap_server r<20"dC IBM Tivoli Directory Server
w* Tivoli Access Manager "am#KLrZ53O20"dCyPX*m~,|(
X8z7"Tivoli Access Manager i~T0`X*D9!#
200*sZ20MdC IBM Tivoli Directory Server .0,Xk4PTB200Nq(4h*)#
;\zF.9CDV20=(,b)*syJC#
v 4 ( ; v D B 2 } ] b y P _ j 6 , } g l d a p d b 2 ( U N I X ) r
db2admin(Windows)#z8(DC'j6+5P DB2 }]byZD}]b5}#
ZdC}LP+a>zdkKj60\k#
"b:vT Windows C' - g{KP install_ldap_server 20r<,rz4(
Dj6+Cw DB2 \m1j6M DB2 }]byP_j6#(izZ9C>z20
5CLr14("9C;,Dj6#}g,+ DB2 }]byP_j6|{*
ldapdb2,+ DB2 \m1j6|{* db2admin#
– C'j6D$H;\,} 8 vV{#
– Z Windows =(O,C'XkG Administrators iDI1,"RXkk\m1j
6&Z,;vr#
– Z UNIX =(O,C'Xk_Pw?<,"RXkGCw?<DyP_#
– !q;v+EC DB2 }]bD?<#20r<+Z?<~qw}]bw?<Ba
>dkbv?<#
- DB2 }]b?<DiyP(&CG20 DB2 1y4(D DB2 i#Z AIX M
Solaris O,Ki(#{* dbsysadm#TZ Linux on zSeries,Ki(#{*
db2iadm1#}g,ZC'{* ldapdb2 DivB,}]b?<Z AIX M
Solaris O&Ci ldapdb2:dbsysadm yP,xZ Linux on zSeries O&Ci
ldapdb2:db2iadm1 yP#
dC}]b1,I\fZ;)i;\w*C'wi}#$w#}g,g{ Linux O
DC'wi* users,rI\vVJb#g{k*7#wi}#$w,rXkZ
Linux O9C other#
– root C'XkG!qC45P DB2 }]b?<DiDI1#g{ root C';
GKiDI1,r+ root C'mS*CiDI1#
– *K C= nQ'{, C' DG < s h e l l Lr &CG K o r n s h e l l L r
(/usr/bin/ksh)#
– C'D\kXk}7hC"f1IT9C#}g,\k;\Q=Z,2;\Hr
NNV`DWNi$#(i$\kQ}7hCDnQ=(G telnet =,;(Fc
z"R\CCC'j6M\kI&G<#)
– dC}]b1,;X(+(#G)+C'j6Dw?<8(*}]b;C#+
G,g{8(3vd|;C,rC'w?<T;Xk_P 3 = 4 MB DICU
d#bGr* DB2 4(K4S"+D~mS=5}yP_(4C')Dw?<
P,49}]b>mZd|;C#g{w?<P;Pc;DUd,rIT4(c
;DUdr_8(d|?<w*w?<#
v vZ AIX 53O,IBM Tivoli Directory Server V5.2 *s 64 ;2~M 64 ;DZ
K#*7#zD53Q}720,k4iTBZ]:
20r<&C!O
268 IBM Tivoli Access Manager for e-business: Web Security 208O
– *i$zD AIX 2~GqG 64 ;,kdkTB|n:
bootinfo -y
g{a{T> 64,rzD2~* 64 ;#Kb,g{dk|n lsattr —El proc0,
rC|nDdva5XzD~qwD&mw`M#g{zPTBwnPDNN;
n,rzD2~* 64 ;:RS64 I"II"III"IV"POWER3"POWER3 II r POWER4#
– 64 ;2~IT_P 32 ;r_ 64 ;ZK#*i$GqQ20"KP 64 ;ZK
(/usr/lib/boot/unix_64),kdkTB|n:
bootinfo -K
g{a{T> 64,rZK* 64 ;#+G,g{a{T> 32,rXkS 32 ;Z
KP;= 64 ;ZK#*jIbnYw,kq-TBb)=h:
1. 7#z5PTB 64 ;m~|:
bos.64bitbos.mp64
2. *P;= 64 ;ZK,kdkTB|n:
ln -sf /usr/lib/boot/unix_64 /unixln -sf /usr/lib/boot/unix_64 /usr/lib/boot/unixlslv -m hd5bosboot -ad /dev/ipldeviceshutdown -Fr
– 7#QtCl= I/O#*jIbnYw,kdkTB|n:
/usr/sbin/mkdev -l aio0/usr/sbin/chdev -l aio0 -P/usr/sbin/chdev -l aio0 -P -a autoconfig=available
install_ldap_server &C!O
*20MdC IBM Tivoli Directory Server 0dX8m~,kq-TBb)=h:
1. T root r\m1C'm]G<#
2. ekCZzDX(=(D IBM Tivoli Access Manager Directory Server CD#
3. 7#Q20\'VD JVM,R76hC= JVM#qr,+Z20ZdSU=TB
{":
R;=OJD JVM#k9C!n -is:javahome <JAVA HOME DIR> YNKP20Lr#
*20f Tivoli Access Manager a)D\'VD JRE m~|,kNDZ 241 3D
:20 IBM JRE;#
4. g{F.tC SSL,kV/+F.9CD SSL \?D~4F=>X53ODNN
?<P#20r<T/+;vy>\?D~(am_key.kdb)S CD OD common ?
<4F= install_dir\lib ?<#
5. *t/20r<,P;= CD yZD}/wODy?<,"dkTB|n:
install_ldap_server
20r<&C!O
Z 21 B 20r<&C!O 269
6. !qk*CZ20DoT,"%w7(#
7. +T>06-1A;#%wB;=TLx#
20r<&C!O
270 IBM Tivoli Access Manager for e-business: Web Security 208O
8. DAmI$-i,g{,bb)un,!qRS\#%wB;=TLx#
9. k4PBPYw.;:
v Windows 53:TB}vfea>z8( GSKit"IBM DB2 M IBM Tivoli
Directory Server D20?<#S\1!?<,r_%w/@T!qm;v?<#
%wB;=Lx#
v UNIX 53:x==hZ 272 3D 10#20r<T/ZTB?<P20
GSKit"IBM DB2 M IBM Tivoli Directory Server:
– GSKit 20?<
AIX:/usr/opt/ibm/gsksa M /usr/opt/ibm/gskta
HP-UX M Solaris:/opt/ibm/gsk7
Linux:/usr/local/ibm/gsk7
– IBM DB2 20?<
AIX M Linux:/usr/ldap/db2
HP-UX M Solaris:/opt/IBM/db2
– IBM Tivoli Directory Server 20?<
AIX M Linux:/usr/ldap
HP-UX M Solaris:/opt/IBMldaps
20r<&C!O
Z 21 B 20r<&C!O 271
10. dkzZZ 268 3D:200*s;P4(D DB2 }]byP_j6DC'j6
M\k#%wB;=Lx#
11. jITBVN,;s%wB;=TLx#
a. \m1j6 - dkP' DN rS\1! DN(cn=root)#|GT?<PDy
P}]5Pj+CJ(D\m1y9CD DN#
":DN G;xVs!4D#g{z;l$ X.500 q=r_IZNNd|-r
;k(eBD DN,rIS\1! DN#
b. \m1\k - 4(\m1j6D\k#k"b\kGxVs!4D#
c. \k7O - YNdk\kT7O#
d. C'(eDs: - dks:T,$C'Mi}]#}g:o=ibm,c=us
e. >Xwz{ - dk LDAP ~qw+$tDwz53D+^({#
20r<&C!O
272 IBM Tivoli Access Manager for e-business: Web Security 208O
12. jITBVN,;s%wB;=TLx#
":g{;rc9C am_key.kdb,k`&X|D SSL \?D~76"\kM$i
j)D5#
a. dkk SSL \?D~`X*D\k#1!\?D~D\k* key4ssl(!4)#
b. dkk*"M= LDAP ~qwD SSL \?D~$i`X*Dj)#1!\?
D~$i* PDLDAP#
":Z policy server r authorization server DdCZd,Kj);GXhD#
;P1~qwdC*Z SSL ("Zd,14P~qwMM'zO$,r_
1zk*9C\?D~PDG1!$i1,K5EGXhD#(#,
LDAP ~qw;h*ZM'z .kdb D~D4(}LPy8(D~qwK$
i#
20r<&C!O
Z 21 B 20r<&C!O 273
13. 4i!qDdC!n#g{k*|DNN!q,k%wO;=#%wB;=*<
20#
20}L*<#kTr#K}LI\h*8VS#
20r<&C!O
274 IBM Tivoli Access Manager for e-business: Web Security 208O
":Z Windows 53O,aa>zd*XXBt/53#
14. `S IBM Tivoli Directory Server 0dX8z7D20MdC#
20r<&C!O
Z 21 B 20r<&C!O 275
1T>XBt/fe1,!qVZXBt/Fcz"%wjI#XBt/.s,
dC$_+KP,a>za)X*DE"TjI~qwdC#Lx`SdCx
H,"ZdCjI1%wjI#
":g{20}Lv=NNJb,kN<20U>D~ msg__ldaps_install.log,
CD~;ZTB?<:
v Z UNIX 53O:
/tmp
v Z Windows 53O:
C:\Documents and Settings\Administrator\Local Settings\Temp
15. I!:20 Web Administration Tool,C$_I9z\;T IBM Tivoli Directory
Server xP>Xr6L\m#ITZNN1r20KSZ#k"bh*;v&CL
r~qw,}g IBM WebSphere Application Server V5.0.2(f Tivoli Access
Manager a))#g{zD?pF.|,20 Web Portal Manager SZ,rIT9
C,;v WebSphere 5}4w\ Web Administration Tool#
*20K GUI,kNDZ 255 3#
":g{ZKP IBM Tivoli Directory Server V4.1 r 5.1,r7#Z20 Web
Administration Tool .0KP am_update_ldap.bat LDAP 9!#
16. g{z9C1! am_key.kdb \?D~tCK SSL,rnU+h*4("9CzT
:D\?D~4tC SSL,r|DK\?D~D1!\k#*jIbnYw,IT
9Ck GSKit ;p20D iKeyman \?\m5CLr#`X8>E",kNDZ
233 3D:20 Global Security Kit;PPXhC GSKit iKeyman 5CLrDE
"#
20r<&C!O
276 IBM Tivoli Access Manager for e-business: Web Security 208O
9C install_ammgr r<
ZQI&20C'"am.s,B;=G20 Tivoli Access Manager policy server#T
B&C!O9C install_ammgr r<,(}9C LDAP "am420"dC policy
server#KLrZ53O20"dCyPX*m~,|( Tivoli Access Manager i~"
`Xz7T0`X*D9!#
":(i+ policy server 5320Z;,ZzD"am~qwD;v%@D53O#
*9C install_ammgr r<20"dC Tivoli Access Manager policy server,kq-
TBb)=h:
1. T root r\m1C'm]G<#
2. #9NN}ZKPDLr"XUyP0Z#g{Pr*D0Z,ru< InstallShield
Wizard 0ZI\a~XZd|0Zsf#
3. 7#"am~qwM policy server Qt/"ZKP(Z}#==B)#
4. ekCZzDX(=(D IBM Tivoli Access Manager Base CD#
5. g{zZk IBM Directory Server `,D53O20 policy server,kx==h 6#
qr,kV/+C4dC IBM Tivoli Directory Server D SSL \?D~4F=K
53OD?<P#}g,g{z9CKy> am_key.kdb D~,k+KD~S IBM
Tivoli Directory Server 534F=>53#
6. *t/20r<,P;= CD yZD}/wODy?<,"dkTB|n:
install_ammgr
7. !qk*CZ20DoT,"%w7(#
20r<&C!O
Z 21 B 20r<&C!O 277
8. +T>06-1A;#%wB;=TLx#
20r<&C!O
278 IBM Tivoli Access Manager for e-business: Web Security 208O
9. DAmI$-i,g{,bb)un,!qRS\#%wB;=TLx#
20r<&C!O
Z 21 B 20r<&C!O 279
10. !qF.CZ Tivoli Access Manager DC'"am`M#%wB;=TLx#
11. !qGqtC Tivoli +2?<TxPU>G<#bzmKPCZf"D~(}gz
YM{"U>)D Tivoli m~D53OD;vPD;C#
20r<&C!O
280 IBM Tivoli Access Manager for e-business: Web Security 208O
Z;NdCK&\?~1,IT8(zk*U>D~$tD?<#ZbTs,I
T+ Tivoli m~dC*9CK?<#
12. k4PBPYw.;:
v Windows 53:TB}vfea>z8( GSKit"IBM DB2 M IBM Tivoli
Directory Client D20?<#S\1!?<,r_%w/@T!qm;v?<#
%wB;=Lx#
v UNIX 53:x==h 13#20r<T/+ GSKit"IBM DB2 T0 IBM Tivoli
Directory Client 20ZTB?<P:
– GSKit 20?<
AIX:/usr/opt/ibm/gsksa M /usr/opt/ibm/gskta
HP-UX M Solaris:/opt/ibm/gsk7
Linux:/usr/local/ibm/gsk7
– IBM DB2 20?<
AIX M Linux:/usr/ldap/db2
HP-UX M Solaris:/opt/IBM/db2
– IBM Tivoli Directory Client 20?<
AIX M Linux:/usr/ldap
HP-UX M Solaris:/opt/IBMldapc
13. jITBVN"%wB;=#
v LDAP ~qwwz{ - dk LDAP ~qw53Dwz{#
20r<&C!O
Z 21 B 20r<&C!O 281
v LDAP ~qwKZ - LDAP ~qwKZQa)(389)#g{Z LDAP ~qw
DdCZd|DKKKZE,k`&X^DK5#
v vZ Windows 53O,aa>zT IBM Tivoli Directory Server tC2+W
SVc(SSL)- vZ2+T?D,(izT"am~qwtC SSL#*jI
KYw,!qK4!rTrza>Z=h 15 PPvD SSL !n#qr,x=
=hZ 283 3D 16#
14. vZ UNIX 53O,aa>zT IBM Tivoli Directory Server tC2+WSVc
(SSL)#vZ2+T?D,(izT LDAP ~qwtC SSL#*jIKYw,!
qK4!r"%wB;=Trza>Z=h 15 PPvD SSL !n#
15. g{!qKT IBM Tivoli Directory Server tC SSL,kjITBVN"!qB;
=#
v x+76D SSL \?D~ - dk LDAP SSL M'z\?D~yZ;CD+
^(76#}g,g{Q+ am_key.kdb D~4F= c:\keytabs ?<,rdk
c:\keytabs\am_key.kdb#
v \?D~\k - dkk\?D~`X*D\k# am_key.kdb D~D1!\k
* key4ssl#g{+4z9C gsk7ikm 5CLr|DK\k,rXkXdK1
!\k#
v SSL \?D~ DN - g{9C20r<D1!\?D~ am_key.kdb,r;h
* SSL $ij)#
v SSL KZ - SSL KZEQa)(636)#g{h*,I^DCKZE#
20r<&C!O
282 IBM Tivoli Access Manager for e-business: Web Security 208O
16. jITBVN"%wB;=#
v \m1\k - *2+wj6(sec_master)4(\m1\k#IT9C
sec_master j64(ezT:D\mj6"iT0{GD\&#
v Policy server SSL KZ - SSL KZEQa)(7135)#g{h*,I^DC
KZE#
v SSL $iP'Z(l)- dk SSL $iD~P'Dl}#1!Dl}* 365#
v SSL ,S,1(k)- dkZ,1.0 SSL ,SH}l&DVx1d(Tk
*%;)#1!Dk}* 7200#
v LDAP \m1 DN - dk LDAP \m1 DN rS\1!5(cn=root)#
v LDAP \m1\k - dkk LDAP \m1 DN `X*D\k#
20r<&C!O
Z 21 B 20r<&C!O 283
17. 4i!qDdC!n#g{k*|DNN!q,k%wO;=#%wB;=*<
20#
20r<&C!O
284 IBM Tivoli Access Manager for e-business: Web Security 208O
20}L*<#kTr#K}LI\h*8VS#
18. `S policy server 0dX8z7D20MdC#
Windows 53
1a>XBt/531,%wB;=#53XBt/.s,aT>20r
<#8(oT"%wB;=# Policy server dCjI.s,%wjITKv
20r<#
dCK policy server .s,MITZ\mrP20d| Tivoli Access Manager 53#
PX Tivoli Access Manager 53DPm,kNDZ 13 3D:Tivoli Access Manager 5
3D`M;#
20r<&C!O
Z 21 B 20r<&C!O 285
286 IBM Tivoli Access Manager for e-business: Web Security 208O
Z 22 B 20r<!n
>Bhv9C20r<1rza>DdC!n#|,KTBwnDdC!n:
v Z 288 3D:Access Manager Runtime(LDAP);
v Z 290 3D:Access Manager Runtime(Active Directory);
v Z 293 3D:Access Manager Runtime(Domino);
v Z 294 3D:install_amacld;
v Z 296 3D:install_amadk;
v Z 297 3D:install_amjrte;
v Z 298 3D:install_ammgr;
v Z 300 3D:install_amproxy;
v Z 301 3D:install_amrte;
v Z 302 3D:install_amwas;
v Z 304 3D:install_amweb;
v Z 306 3D:install_amwebadk;
v Z 308 3D:install_amwebars;
v Z 309 3D:install_amwls;
v Z 311 3D:install_amwpi_apache;
v Z 312 3D:install_amwpi_ihs;
v Z 313 3D:install_amwpi_iis;
v Z 314 3D:install_amwpi_iplanet;
v Z 315 3D:install_amwpm;
v Z 316 3D:install_ldap_server;
© Copyright IBM Corp. 2001, 2003 287
Access Manager Runtime(LDAP)
m 13 PvK9C LDAP "am1 Access Manager Runtime m~|DdC!n#Zh
*K20i~D Tivoli Access Manager 53DdCZd,arza>b)!n#14
UZ 129 3D:9C20r<20;PD8>9C install_amrte 20r<1,2ar
za>b)!n#
":Z9C install_ammgr r<20 policy server Zd,;arza> policy server
!n#
m 13. Access Manager Runtime !n - LDAP. * m>XhD!n#
dC!n 1!5
"am *!qT8(* Tivoli Access Manager hCD"am~
qwD`M#1!5* LDAP#
IBM Global Security Kit D?<{
(vZ Windows Orza>)
8( GSKit 20?<#1!?<gB:
v AIX:/usr/opt/ibm/gsksa M /usr/opt/ibm/gskta
v HP-UX M Solaris:/opt/ibm/gsk7
v Linux:/usr/local/ibm/gsk7
v Windows:C:\Program Files\ibm\gsk7
IBM Tivoli Directory Client D?<{
(vZ Windows Orza>)
8( IBM Tivoli Directory Client 20?<#1!?<
gB:
v AIX M Linux:/usr/ldap
v HP-UX M Solaris:/opt/IBMldapc
v Windows:C:\Program Files\ibm\LDAP
Access Manager Runtime D?<{
(vZ Windows Orza>)
8( Access Manager Runtime 20?<#1!?<g
B:
v UNIX:/opt/PolicyDirector
v Windows:C:\Program Files\Tivoli\Policy
Director
tC Tivoli +2?<xPU>G<
!qtC Tivoli +2?< - C?<GKPCZf"
D~(}gzYM{"U>)D Tivoli m~D53OD
;vPD;C#
?<{F *
*Z;v20D Tivoli m~z78(U>?<#
Z;NdC Tivoli +2?<1,IT8(zk*U>D
~$tZDv?<#ZbTs,IT+ Tivoli m~dC
*9CK?<#
Policy Server wz{ *8( policy server D+^(wz{#}g:
pdmgr.tivoli.com
Policy Server SSL KZ *8( policy server C4l} SSL ksDKZE#1!
KZE* 7135#
Policy Server CA $iD~ D~ITT/S policy server BXr4F
r * 8(r{#1!5* Default, |m>\mr#
LDAP ~qwwz{ *8( LDAP ~qwC4l}DKZE#1!KZE*
389#
LDAP ~qwKZ *8( LDAP ~qwC4l} SSL ksDKZE#1!
KZE* 636#
20r<!n
288 IBM Tivoli Access Manager for e-business: Web Security 208O
m 13. Access Manager Runtime !n - LDAP (x). * m>XhD!n#
T " a m ~ q w t C 2 + W S V c
(SSL)
(vZ Windows Oa>)
8(Gq&tC SSL#(i9CK!n#
vT Windows,zITT LDAP ~qwtC SSL#g{wvK!q,r+a>za)TBD
v5:
x+76D SSL \?D~ * 8(M'z LDAP \?}]bD~Z Runtime 53O
yZ;CD+^(76{#K\?D~XkS LDAP
~qwq!#
":SSL $iD)p_Xk6p*M'z\?}]bP
DIEO$PD#
SSL \?D~\k * 8(M'z LDAP \?}]bD~D\k#
f Tivoli Access Manager a)D am_key.kdb D~_
P1!\k key4ssl#
g{9C install_ldap_server Lr20"dC IBM
Tivoli Directory Server,rb)1!5GICD#g{
v(9C gsk7ikm 5CLr|DK\k,rXkXd
K1!\k#
$ij) 8(*"M=~qwDM'z$iDM'z LDAP \
?}]bD~PDj)#
v1+~qwdC*Z SSL ("}LP*sM'zO
$1,r_zk*9C\?D~PDG1!$i1,
Eh*Kj)#
(#,LDAP ~qw;*sZM'z .kdb D~D4(
}LPy8(D~qwK$i#g{;*s SSL M'
z\?D~j),r+KVN#t*U#
SSL KZ * 8( LDAP ~qwC4l} SSL ksDKZE#1!
KZE* 636#
20r<!n
Z 22 B 20r<!n 289
Access Manager Runtime(Active Directory)
m 14 PvK9C Active Directory "am1 Access Manager Runtime i~DdC!
n#Zh*K20i~D Tivoli Access Manager 53DdCZd,arza>b)!
n#14UZ 129 3D:9C20r<20;PD8>9C install_amrte 20r<1,
2arza>b)!n#
Active Directory C'ITZ Tivoli Access Manager z7P10'VDyP Windows
M UNIX =(OKP Tivoli Access Manager(+ Windows NT }b)#
UNIX =({C IBM Tivoli Directory Client k Active Directory (E#Z policy server
rk>Xwz{Dr;,DivB,29CK LDAP M'z#
m 14. Access Manager Runtime !n - Active Directory. * m>XhD!n#
dC!n hv
"am *
!qT8(* Tivoli Access Manager hCD"am
~qwD`M - Active Directory#1!5*
LDAP#
IBM Global Security Kit D?<{
(vZ Windows Orza>)
8( GSKit 20?<#1!?<gB:
v AIX:/usr/opt/ibm/gsksa M /usr/opt/ibm/gskta
v HP-UX M Solaris:/opt/ibm/gsk7
v Linux:/usr/local/ibm/gsk7
v Windows:C:\Program Files\ibm\gsk7
IBM Tivoli Directory Client D?<{
(vZ Windows Orza>)
8( IBM Tivoli Directory Client 20?<#1!?
<gB:
v AIX M Linux:/usr/ldap
v HP-UX M Solaris:/opt/IBMldapc
v Windows:C:\Program Files\ibm\LDAP
Access Manager Runtime D?<{
(vZ Windows Orza>)
8( Web Security Runtime 20?<#1!?<g
B:
v UNIX:/opt/PolicyDirector
v Windows:C:\Program Files\Tivoli\Policy
Director
tC Tivoli +2?<xPU>G<
!qtC Tivoli +2?< - C?<GKPCZf"
D~(}gzYM{"U>)D Tivoli m~D53O
D;vPD;C#
?<{F *
*Z;v20D Tivoli m~z78(U>?<#
Z;NdC Tivoli +2?<1,IT8(zk*U>
D~$tZDv?<#ZbTs,IT+ Tivoli m~
dC*9CK?<#
Policy Server wz{ *8( policy server D+^(wz{#}g:
pdmgr.tivoli.com
Policy Server SSL KZ *8( policy server C4l} SSL ksDKZE#1
!KZE* 7135#
Policy Server CA $iD~ D~ITT/S policy server BXr4F
r * 8(r{#1!5* Default, |m>\mr#
20r<!n
290 IBM Tivoli Access Manager for e-business: Web Security 208O
m 14. Access Manager Runtime !n - Active Directory (x). * m>XhD!n#
>Xwz{ *8(wz53D+^({,Ce~+$tZCwz
53O#
Active Directory wz{ *8( Active Directory rXFw~qw{F#}g:
adserver.tivoli.com
Active Directory r * 8( Active Directory r{#}g:dc=ibm,dc=com
dC*`v Active Directory r
(vZ Windows Oa>)
4tC
!qdC*`vr#qr,Tivoli Access Manager +
dC*%vr#(1!5)
tCS\,S
(vZ Windows Oa>)
4tC
8( Kerberos CZ Active Directory ~qSZ
(ADSI)P,TZ= Active Directory ~qwD,S
PS\}]#KhCH,ZZG Windows 73Pt
C SSL ,S#
T Active Directory ~qwtC2+WS
Vc(SSL)
(v1Z UNIX 53OxP201,r_
Z;tZdCK policy server D Active
Directory rD53OxP201a>)
8(GqtCS\,S#g{}Z UNIX 53O20
Tivoli Access Manager,r(i9CK!n#
g{!qZK UNIX 53M Active Directory ~qw.dtC SSL (E,raa>za)
TBDv5:
x+76D SSL \?D~ * 8(M'z LDAP \?}]bD~yZ;CD+^(
76{#K\?D~XkS LDAP ~qwq!#
":SSL $iD)p_Xk6p*M'z\?}]b
PDIEO$PD#
SSL \?D~\k * 8(M'z LDAP \?}]bD~D\k#
f Tivoli Access Manager a)D am_key.kdb D~
_P1!\k key4ssl#
g{9C install_ldap_server Lr20"dC IBM
Tivoli Directory Server,rb)1!5GICD#g
{v(9C gsk7ikm 5CLr|DK\k,rXk
XdK1!\k#
$ij) 8(*"M=~qwDM'z$iDM'z LDAP \
?}]bD~PDj)#
v1+~qwdC*Z SSL ("}LP*sM'z
O$1,r_zk*9C\?D~PDG1!$i
1,Eh*Kj)#
(#,LDAP ~qw;*sZM'z .kdb D~D4
(}LPy8(D~qwK$i#g{;*s SSL
M'z\?D~j),r+KVN#t*U#
SSL KZ 8( LDAP ~qwC4l} SSL ksDKZE#1
!KZE* 636#
20r<!n
Z 22 B 20r<!n 291
m 14. Access Manager Runtime !n - Active Directory (x). * m>XhD!n#
Access Manager }];C(P{F *
8(k*f" Tivoli Access Manager }]D(P{
F#}g:dc=ibm,dc=com#1!5* Active Directory
r{#
20r<!n
292 IBM Tivoli Access Manager for e-business: Web Security 208O
Access Manager Runtime(Domino)
m 15 PvK9C Domino "am1 Access Manager Runtime i~DdC!n(vT
Windows)#Zh*K20i~D Tivoli Access Manager 53DdCZd,arza>
b)!n#14UZ 129 3D:9C20r<20;PD8>9C install_amrte 20
r<1,2arza>b)!n#
m 15. Access Manager Runtime !n - Domino. * m>XhD!n#
dC!n 1!5
"am *
!qT8(* Tivoli Access Manager hCD
"am~qwD`M - Domino#1!5*
LDAP#
IBM Global Security Kit D?<{8( GSKit 20?<#1!?<gB:
C:\Program Files\ibm\gsk7
Access Manager Runtime D?<{
8( Access Manager Runtime 20?<#1
!?<gB:
C:\Program Files\Tivoli\Policy Director
tC Tivoli +2?<xPU>G<
!qtC Tivoli +2?< - C?<GKP
CZf"D~(}gzYM{"U>)D
Tivoli m~D53OD;vPD;C#
?<{F *
*Z;v20D Tivoli m~z78(U>?
<#
Z;NdC Tivoli +2?<1,IT8(z
k*U>D~$tZDv?<#ZbTs,
IT+ Tivoli m~dC*9CK?<#
Policy Server wz{ *8( policy server D+^(wz{#}g:
pdmgr.tivoli.com
Policy Server SSL KZ *8( policy server C4l} SSL ksDKZ
E#1!KZE* 7135#
Policy Server CA $iD~ D~ITT/S policy server BXr4F
r *8(r{#1!5* Default, |m>\m
r#
Domino Server {F*8( Domino Server D+^({#}g:
Domino/tivoli
Notes M'z\k *8(k;ZKzwOD\mC'D Notes j
6D~X*D\k#
Notes X7>}]b{F * 1!5* names.nsf#
Tivoli Access Manager }]b{F *8(k Tivoli Access Manager }]X*D}
]b{F#1!5* PDMdata.nsf#
20r<!n
Z 22 B 20r<!n 293
install_amacldTivoli Access Manager authorization server 20r<(install_amacld)WHay]"
am~qwD`M,rza> Access Manager Runtime dC!n#PXb)dC!n
Dhv,kNDTBZ].;:
v Z 288 3D:Access Manager Runtime(LDAP);
v Z 290 3D:Access Manager Runtime(Active Directory);
v Z 293 3D:Access Manager Runtime(Domino);
m 16 PvKZ4UZ 105 3D:9C20r<20;PD8>9C
install_amacld r<xP20Zd,rza>D=S!n#
m 16. install_amacld dC!n. * m>XhD!n#
dC!n hv
Policy Server wz{ *8( policy server D+^(wz{#}g:
pdmgr.tivoli.com
Policy Server SSL KZ *8( policy server C4l} SSL ksDKZ
E#1!KZE* 7135#
r *8(r{#1!5* Default, |m>\m
r#
\m1j6 *8 ( \ m r D \ m 1 # 1 ! 5 *
sec_master#
Tivoli Access Manager \m1
\k *
8( Tivoli Access Manager sec_master \
m1J'D\k#
>Xwz{ *8(wz53D+^({,authorization server
+$tZCwz53O#
\mksKZ * 8(\mksKZ#1!KZE* 7137#
Z(ksKZ * 8((^ksKZE#1!KZE* 7136#
vZ UNIX O,zITT"am~qwtC SSL#g{wvK!q,r+a>za)TBDv
5:
x+76D SSL \?D~ * 8(M'z LDAP \?}]bD~Z policy
proxy server OyZ;CD+^(76{#K
\?D~XkS LDAP ~qwq!#
":SSL $iD)p_Xk6p*M'z\?
}]bPDIEO$PD#
SSL \?D~\k * 8(M'z LDAP \?}]bD~D\k#
f Tivoli Access Manager a)D am_key.kdb
D~_P1!\k key4ssl#
g{9C install_ldap_server Lr20"d
C IBM Tivoli Directory Server,rb)1!
5GICD#g{v(9C gsk7ikm 5CL
r|DK\k,rXkXdK1!\k#
20r<!n
294 IBM Tivoli Access Manager for e-business: Web Security 208O
m 16. install_amacld dC!n (x). * m>XhD!n#
$ij) 8(*"M=~qwDM'z$iDM'z
LDAP \?}]bD~PDj)#
v1+~qwdC*Z SSL ("}LP*s
M'zO$1,r_zk*9C\?D~P
DG1!$i1,Eh*Kj)#
(#,LDAP ~qw;*sZM'z .kdb D
~D4(}LPy8(D~qwK$i#g
{;*s SSL M'z\?D~j),r+K
VN#t*U#
SSL KZ * 8( LDAP ~qwC4l} SSL ksDKZ
E#1!KZE* 636#
20r<!n
Z 22 B 20r<!n 295
install_amadkTivoli Access Manager Development(ADK)53r<(install_amadk)y]"am~
qwD`M,rza> Access Manager Runtime dC!n#PXb)dC!nDhv,
kNDTBZ].;:
v Z 288 3D:Access Manager Runtime(LDAP);
v Z 290 3D:Access Manager Runtime(Active Directory);
v Z 293 3D:Access Manager Runtime(Domino);
^X(Z ADK DdC!n#
20r<!n
296 IBM Tivoli Access Manager for e-business: Web Security 208O
install_amjrtem 17 Pv Tivoli Access Manager Java Runtime Environment 53DdC!nhv#
Z4UZ 117 3DZ 8 B, :20 Java runtime environment 53;PD8>9C
install_amjtre 20r<D}LP,arza>b)!n#
m 17. install_amjrte dC!n. * m>XhD!n#
dC!n 1!5
tC Tivoli +2?<xPU>G<
!qtC Tivoli +2?< - C?<GKPC
Zf"D~(}gzYM{"U>)D Tivoli
m~D53OD;vPD;C#
?<{F *
*Z;v20D Tivoli m~z78(U>?
<#
Z;NdC Tivoli +2?<1,IT8(zk
*U>D~$tZDv?<#ZbTs,I
T+ Tivoli m~dC*9CK?<#
Policy Server wz{ *8( policy server D+^(wz{#}g:
pdmgr.tivoli.com
Policy Server SSL KZ *8( policy server C4l} SSL ksDKZ
E#1!KZE* 7135#
JRE ?< *8(}* Tivoli Access Manager xPdCD
Java Runtime Environment D?<#
20r<!n
Z 22 B 20r<!n 297
install_ammgrTivoli Access Manager policy server 20r<(install_ammgr)WHy]"am~q
wD`M,rza> Access Manager Runtime dC!n#PXb)dC!nDhv,
kNDTBZ].;:
v Z 288 3D:Access Manager Runtime(LDAP);
v Z 290 3D:Access Manager Runtime(Active Directory);
v Z 293 3D:Access Manager Runtime(Domino);
m 18 PvKZ4UZ 97 3D:9C20r<20;PD8>9C install_ammgr r
<xP20Zd,rza>D=S!n#
":y]20Z UNIX =(O9G Windows =(O,I\T;,ZQPvD3rrz
a>b)!n#
m 18. install_ammgr dC!n. * m>XhD!n#
dC!n hv
T i v o l i A c c e s s M a n a g e r \ m 1 \ k *
(sec_master D\k)
8( Tivoli Access Manager sec_master \
m1J'D\k#
\k7O * YN8( sec_master \kT7O#
Policy Server SSL KZ *8( policy server C4l} SSL ksDKZ
E#1!KZE* 7135#
SSL $iDP'Z(l) *8( SSL $iD~P'Dl}#1!Dl}
* 365#
SSL ,S,1(k) *8(Z,1.0 SSL ,SH}l&DVx1
d(Tk*%;)#1!Dk}* 7200#
ITT"am~qwtC SSL#g{wvK!q,r+a>za)TBDv5:
x+76D SSL \?D~ * 8(M'z LDAP \?}]bD~Z policy
proxy server OyZ;CD+^(76{#K
\?D~XkS LDAP ~qwq!#
":SSL $iD)p_Xk6p*M'z\?
}]bPDIEO$PD#
SSL \?D~\k * 8(M'z LDAP \?}]bD~D\k#
f Tivoli Access Manager a)D am_key.kdb
D~_P1!\k key4ssl#
g{9C install_ldap_server Lr20"d
C IBM Tivoli Directory Server,rb)1!
5GICD#g{v(9C gsk7ikm 5CL
r|DK\k,rXkXdK1!\k#
20r<!n
298 IBM Tivoli Access Manager for e-business: Web Security 208O
m 18. install_ammgr dC!n (x). * m>XhD!n#
$ij) 8(*"M=~qwDM'z$iDM'z
LDAP \?}]bD~PDj)#
v1+~qwdC*Z SSL ("}LP*s
M'zO$1,r_zk*9C\?D~P
DG1!$i1,Eh*Kj)#
(#,LDAP ~qw;*sZM'z .kdb D
~D4(}LPy8(D~qwK$i#g
{;*s SSL M'z\?D~j),r+K
VN#t*U#
SSL KZ * 8( LDAP ~qwC4l} SSL ksDKZ
E#1!KZE* 636#
g{T LDAP ~qwtC SSL,r9aa>za)TB5:
LDAP \m1 DN * 8( LDAP \m1D(P{F#1!{F*
cn=root#
LDAP \m1\k * 8(k LDAP \m1 DN `X*D\k#
20r<!n
Z 22 B 20r<!n 299
install_amproxyTivoli Access Manager policy proxy server 20r<(install_amproxy)WHy]"
am~qwD`M,rza> Access Manager Runtime dC!n#PXb)dC!n
Dhv,kNDTBZ].;:
v Z 288 3D:Access Manager Runtime(LDAP);
v Z 290 3D:Access Manager Runtime(Active Directory);
v Z 293 3D:Access Manager Runtime(Domino);
m 19 PvKZ4UZ 123 3D:9C20r<20;PD8>9C install_amproxyr<xP20Zd,rza>D=S!n#
m 19. install_amproxy dC!n. * m>XhD!n#
dC!n 1!5
\m1j6 *8 ( \ m r D \ m 1 # 1 ! 5 *
sec_master#
Tivoli Access Manager \m1\k *8( Tivoli Access Manager sec_master \
m1J'D\k#
>Xwz{ *8(wz53D+^({,policy proxy server
+$tZCwz53O#
\mksKZ * 8(\mksKZ#1!KZE* 7137#
zmksKZ *8(Z(ksKZE#1!KZE* 7138#
20r<!n
300 IBM Tivoli Access Manager for e-business: Web Security 208O
install_amrteTivoli Access Manager Runtime 53r<(install_amrte)y]"am~qwD`M,
rza> Access Manager Runtime dC!n#PXb)dC!nDhv,kNDTB
Z].;:
v Z 288 3D:Access Manager Runtime(LDAP);
v Z 290 3D:Access Manager Runtime(Active Directory);
v Z 293 3D:Access Manager Runtime(Domino);
20r<!n
Z 22 B 20r<!n 301
install_amwasm 20 Pv Tivoli Access Manager for WebSphere 53DdC!nhv#Z4UZ 200
3D:9C20r<20;PD8>9C install_amwas 20r<D}LP,arz
a>b)!n#
":1XhDz7Q201,20r<ITlb=,R;a"TXB20|G#
m 20. install_amwas dC!n. * m>XhD!n#
dC!n hv:
Policy Server wz{ *8( policy server D+^(wz{#}g:
pdmgr.tivoli.com
Policy Server SSL KZ *8( policy server C4l} SSL ksDKZE#
1!KZE* 7135#
JRE ?< *
8(Q20Df IBM WebSphere Application
S e r v e r a ) D J R E D 7 6 # g { 9 C
-is:java_home !nKPKr<,r java_home
76*1! JRE ?<#
Tivoli Access Manager for WebSphere
Application Server 20?<
8( Tivoli Access Manager for WebSphere D2
0?<#S\1!?<#
6L ACL C' *
8(C44( Access Manager &CLrj6D{
F,Cj6I Tivoli Access Manager for
W e b S p h e r e C 4 4 P ( ^ l i # } g :
pdpermadmin
sec_master \k *8( Tivoli Access Manager sec_master \m1
J'D\k#
Policy Server wz{ *8( policy server D+^(wz{#}g:
pdmgr.tivoli.com
Policy server KZ *8( policy server C4l} SSL ksDKZE#
1!KZE* 7135#
Authorization Server wz{ *
8(*I Tivoli Access Manager for WebSphere
9CD authorization server Dwz{#(iKw
z{k WebSphere wz{`,#
Authorization Server KZE *8( authorization server C4l} SSL ksDK
ZE#1!5* 7136#
*4PDdC`M#8(dC`M#!nG all"local r remote#
1!5* all#
g{Kz7f WebSphere b0,rhC*
true#
19C20r<xP201,<U+K5hC*
false#1!5* false#
Q20D WebSphere Application Server Df
>#*
8(Q20D WebSphere Application Server D
f>#!nG:WAS5 M WAS4#1!5*
WAS5#
Tivoli Access Manager for WebSphere
Application Server 20?<#
8(k*20 Tivoli Access Manager for
WebSphere D?<#5Qnk#
WebSphere Application Server 20?<#*8(20K WebSphere Application Server D?
<#K5&hC*k WAS_HOME 73d?`,#
20r<!n
302 IBM Tivoli Access Manager for e-business: Web Security 208O
m 20. install_amwas dC!n (x). * m>XhD!n#
+*dCD JRTE tTD~D URL#8( Access Manager Java Runtime Environment
PdPerm.properties D~D URL 76#
AMJRTE \?bD~D URL#
8(Z?CZk policy server M authorization
server (ED Access Manager Java Runtime
Environment \?bD URL 76#
20r<!n
Z 22 B 20r<!n 303
install_amwebTivoli Access Manager WebSEAL 20r<(install_amweb)WHy]"am~qw
D`M,rza> Access Manager Runtime dC!n#PXb)dC!nDhv,k
NDTBZ].;:
v Z 288 3D:Access Manager Runtime(LDAP);
v Z 290 3D:Access Manager Runtime(Active Directory);
v Z 293 3D:Access Manager Runtime(Domino);
m 21 PvKZ4UZ 223 3D:9C20r<20;PD8>9C install_amweb r
<xP20Zd,rza>D=S!n#
m 21. install_amweb dC!n. * m>XhD!n#
dC!n 1!5
Web Security RTE ?<{
(vZ Windows Oa>)
8( Web Security Runtime 20?<#1!
?<gB:
v Windows:
C:\Program Files\Tivoli\PDWebRTE
v UNIX:
/opt/pdwebrte
WebSEAL ?<{
(vZ Windows Oa>)
8( WebSEAL Server 20?<#1!?<
gB:
v Windows:
C:\Program Files\Tivoli\PDWeb
v UNIX:
/opt/pdweb
WebSEAL 5}{F *8( policy server C4*5K WebSEAL
Server D+^(wz{#
9C_-xgSZ *8(9C_-xgSZ#g{* yes,r+a
>za)_-xgSZD IP X7#
WebSEAL wz{ * 8( WebSEAL Server Dwz{#
l}KZ *8( WebSEAL Server C4l}ksDKZ
E#1!KZE* 7234#
\m1j6 *8 ( \ m r D \ m 1 # 1 ! 5 *
sec_master#
\m1\k *8( Tivoli Access Manager sec_master \
m1J'D\k#
vT Windows,zITT LDAP ~qwtC SSL#g{wvK!q,r+a>za)TBD
v5:
20r<!n
304 IBM Tivoli Access Manager for e-business: Web Security 208O
m 21. install_amweb dC!n (x). * m>XhD!n#
x+76D SSL \?D~ * 8(M'z LDAP \?}]bD~Z policy
proxy server OyZ;CD+^(76{#K
\?D~XkS LDAP ~qwq!#
":SSL $iD)p_Xk6p*M'z\?
}]bPDIEO$PD#
SSL \?D~\k * 8(M'z LDAP \?}]bD~D\k#
f Tivoli Access Manager a)D am_key.kdb
D~_P1!\k key4ssl#
g{9C install_ldap_server Lr20"d
C IBM Tivoli Directory Server,rb)1!
5GICD#g{v(9C gsk7ikm 5CL
r|DK\k,rXkXdK1!\k#
$ij) 8(*"M=~qwDM'z$iDM'z
LDAP \?}]bD~PDj)#
v1+~qwdC*Z SSL ("}LP*s
M'zO$1,r_zk*9C\?D~P
DG1!$i1,Eh*Kj)#
(#,LDAP ~qw;*sZM'z .kdb D
~D4(}LPy8(D~qwK$i#g
{;*s SSL M'z\?D~j),r+K
VN#t*U#
SSL KZ * 8( LDAP ~qwC4l} SSL ksDKZ
E#1!KZE* 636#
Jm HTTP CJ
8(GqtC HTTP CJ#g{!q,rX
k8( HTTP KZE#1!ivBtC
HTTP CJ#
HTTP KZ * 8( HTTP KZ#1!KZE* 80#
Jm HTTPS CJ
8(GqtC HTTPS CJ#g{!q,rX
k8( HTTPS KZE#1!ivBtC
HTTPS CJ#
HTTPS KZ 8( HTTPS KZ#1!KZE* 443#
Web D5y?< *
1!?<gB:
v UNIX:/opt/pdweb/www-default/docs
v W i n d o w s : C : \ P r o g a m
F i l e s \ T i v o l i \ P o l i c y D i r e c t o r
\PDWeb\www-default\docs
20r<!n
Z 22 B 20r<!n 305
install_amwebadkTivoli Access Manager WebSEAL Development(ADK)53r<(install_amwebadk)
WHy]"am~qwD`M,rza> Access Manager Runtime dC!n#PXb
)dC!nDhv,kNDTBZ].;:
v Z 288 3D:Access Manager Runtime(LDAP);
v Z 290 3D:Access Manager Runtime(Active Directory);
v Z 293 3D:Access Manager Runtime(Domino);
m 22 PvKZ4UZ 215 3D:9C20r<20;PD8>9C install_amwebadkr<xP20Zd,rza>D=S!n#
m 22. install_amwebadk dC!n. * m>XhD!n#
dC!n 1!5
Web Security RTE ?<{
(vZ Windows Oa>)
8( Web Security Runtime 20?<#1!?<
gB:
v Windows:
C:\Program Files\Tivoli\PDWebRTE
v UNIX:
/opt/pdwebrte
WebSEAL ?<{
(vZ Windows Oa>)
8( WebSEAL Server 20?<#1!?<g
B:
v Windows:
C:\Program Files\Tivoli\PDWeb
v UNIX:
/opt/pdweb
WebSEAL 5}{F 1!5
9C_-xgSZ *8(Gq9C_-xgSZ#g{* yes,r+
a>za)_-xgSZD IP X7#
WebSEAL wz{ * 8( WebSEAL Server Dwz{#
l}KZ *8( WebSEAL Server C4l}ksDKZE#
1!KZE* 7234#
\m1j6 * 8(\mrD\m1#1!5* sec_master#
\m1\k *8( Tivoli Access Manager sec_master \m1
J'D\k#
vT Windows,zITT LDAP ~qwtC SSL#g{wvK!q,r+a>za)TBD
v5:
x+76D SSL \?D~ * 8(M'z LDAP \?}]bD~Z policy
proxy server OyZ;CD+^(76{#K\?
D~XkS LDAP ~qwq!#
":SSL $iD)p_Xk6p*M'z\?}
]bPDIEO$PD#
20r<!n
306 IBM Tivoli Access Manager for e-business: Web Security 208O
m 22. install_amwebadk dC!n (x). * m>XhD!n#
SSL \?D~\k * 8(M'z LDAP \?}]bD~D\k#
f Tivoli Access Manager a)D am_key.kdb D
~_P1!\k key4ssl#
g{9C install_ldap_server Lr20"dC
IBM Tivoli Directory Server,rb)1!5GI
CD#g{v(9C gsk7ikm 5CLr|DK\
k,rXkXdK1!\k#
$ij) 8(*"M=~qwDM'z$iDM'z
LDAP \?}]bD~PDj)#
v1+~qwdC*Z SSL ("}LP*sM'
zO$1,r_zk*9C\?D~PDG1!
$i1,Eh*Kj)#
(#,LDAP ~qw;*sZM'z .kdb D~
D4(}LPy8(D~qwK$i#g{;*
s SSL M'z\?D~j),r+KVN#t*
U#
SSL KZ * 8( LDAP ~qwC4l} SSL ksDKZ
E#1!KZE* 636#
Jm HTTP CJ8(GqtC HTTP CJ#g{!q,rXk8
( HTTP KZE#1!ivBtC HTTP CJ#
HTTP KZE * 8( HTTP KZ#1!KZE* 80#
Jm HTTPS CJ
8(GqtC HTTPS CJ#g{!q,rXk
8( HTTPS KZE#1!ivBtC HTTPS C
J#
HTTPS KZE 8( HTTPS KZ#1!KZE* 443#
Web D5y?< *
1!?<gB:
v UNIX:/opt/pdweb/www-default/docs
v W i n d o w s : C : \ P r o g a m
F i l e s \ T i v o l i \ P o l i c y D i r e c t o r
\PDWeb\www-default\docs
20r<!n
Z 22 B 20r<!n 307
install_amwebarsm 23 Pv Tivoli Access Manager attribute retrieval service 53DdC!nhv#Z
4UZ 149 3D:9C20r<20;PD8>9C install_amwebars 20r<D}
LP,arza>b)!n#
m 23. install_amwebars dC!n. * m>XhD!n#
dC!n hv:
IBM HTTP Server D?<8( IBM HTTP Server 20?<#}g:
C:\Program Files\IBMHTTPServer
WebSphere Application Server D?<8( WebSphere Application Server 20?<#
}g:c:\Program Files\WebSphere\AppServer
Zc{
8(CZ\mD WebSphere Zc{#K{FZ
dZc(%*)iPXkG(;D#wz{G
>X53D DNS {Fr IP X7#
>Xwz{8(wz53D+^({,attribute retrieval
service +$tZCwz53O#
>X\m1j68(zC4G<D\m1j6#(Z UNIX O*
cn=root)
>X\m1\k 8(>X\m1D\k#
AM ARS D?<
8( Access Manager Attribute Retrieval Service
D 2 0 ? < # } g : c : \ P r o g r a m
Files\Tivoli\PDWebARS
20r<!n
308 IBM Tivoli Access Manager for e-business: Web Security 208O
install_amwlsm 24 Pv Tivoli Access Manager for WebLogic 53DdC!nhv#Z4UZ 180
3D:9C20r<20;PD8>9C install_amwls 20r<D}LP,arza
>b)!n#
m 24. install_amwls dC!n. * m>XhD!n#
dC!n hv
Policy Server wz{ *8( policy server D+^(wz{#}g:
pdmgr.tivoli.com
Policy Server KZE *8( policy server C4l}ksDKZE#1
!KZE* 7135#
?<{(vZ Windows Oa>)
8( Tivoli Access Manager for WebLogic 2
0?<#1!?<gB:
v UNIX:
/opt/pdwls
v Windows:
c:\Program Files\Tivoli\pdwls
6L ACL C' *8(* authorization server 4(D Tivoli Access
Manager C'#
sec_master \k *8( Tivoli Access Manager sec_master \m
1J'D\k#
Policy Server wz{ *8( policy server D+^(wz{#}g:
pdmgr.tivoli.com
Policy Server KZE *8( policy server C4l}ksDKZE#1
!KZE* 7135#
Authorization Server wz{ *8( Tivoli Access Manager authorization server
wz{#
Authorization Server KZE * 8(Z(ksKZE#1!KZE* 7136#
1hC* true 1,?p AMWLS5.1 Console
Extension
8(Gq?p AMWLS5.1 Console Extension#
1!5* true#
WebLogic r\m1 *
8( WebLogic rD\m1,Tivoli Access
Manager +y]CrxPdC#Zz4(
WebLogic r14(KC'#
WebLogic r\m1\k * 8( WebLogic r\m1\k#
= Access Manager for WebLogic Server 20
?<D76 *
8( WebLogic Server 20?<D76#1!
?<gB:
v Windows:
c:\Program Files\Tivoli\pdwls
v UNIX:
/opt/pdwls
20r<!n
Z 22 B 20r<!n 309
m 24. install_amwls dC!n (x). * m>XhD!n#
WebLogic \m~qwD URL
8( WebLogic \m~qwD URL#1! URL
*:
t3://localhost:7001
20r<!n
310 IBM Tivoli Access Manager for e-business: Web Security 208O
install_amwpi_apachePlug-in for Apache Web Server D20r<(install_amwpi_apache)WHy]"a
m~qwD`M,rza> Access Manager Runtime dC!n#PXb)dC!nD
hv,kNDTBZ].;:
v Z 288 3D:Access Manager Runtime(LDAP);
v Z 290 3D:Access Manager Runtime(Active Directory);
m 25 PvKZ4UZ 168 3D:9C20r<20;PD8>9C
install_amwpi_apache r<xP20Zd,rza>D=S!n#
m 25. install_amwpi_apache dC!n. * m>XhD!n#
dC!n hv
Tivoli Access Manager \m
C'j6 *
8 ( \ m r D \ m 1 # 1 ! 5 *
sec_master#
Tivoli Access Manager \mC'\k *8( Tivoli Access Manager sec_master \
m1J'D\k#
=|, Apache Web Server dCD~D?<D+
76{ *
8(|, Web Server dCD~D?<#}
g:/usr/local/apache/conf
20r<!n
Z 22 B 20r<!n 311
install_amwpi_ihsPlug-in for IBM HTTP Server D20r<(install_amwpi_ihs)WHy]"am~q
wD`M,rza> Access Manager Runtime dC!n#PXb)dC!nDhv,
kNDTBZ].;:
v Z 288 3D:Access Manager Runtime(LDAP);
v Z 290 3D:Access Manager Runtime(Active Directory);
m 26 PvKZ4UZ 168 3D:9C20r<20;PD8>9C install_amwpi_ihsr<xP20Zd,rza>D=S!n#
m 26. install_amwpi_ihs dC!n. * m>XhD!n#
dC!n hv
Tivoli Access Manager \m
C'j6 *
8 ( \ m r D \ m 1 # 1 ! 5 *
sec_master#
Tivoli Access Manager \mC'\k *8( Tivoli Access Manager sec_master \
m1J'D\k#
=|, IBM HTTP Server dCD~D?<D+
76{ *
8(|, Web Server dCD~D?<#}
g:/usr/HTTPServer/conf
20r<!n
312 IBM Tivoli Access Manager for e-business: Web Security 208O
install_amwpi_iisPlug-in for Internet Information Services D20r<(install_amwpi_iis)WHy]"
am~qwD`M,rza> Access Manager Runtime dC!n#PXb)dC!n
Dhv,kNDTBZ].;:
v Z 288 3D:Access Manager Runtime(LDAP);
v Z 290 3D:Access Manager Runtime(Active Directory);
v Z 293 3D:Access Manager Runtime(Domino);
m 27 PvKZ4UZ 168 3D:9C20r<20;PD8>9C install_amwpi_iisr<xP20Zd,rza>D=S!n#
m 27. install_amwpi_iis dC!n. * m>XhD!n#
dC!n hv
?<{
8(20K Access Manager Web Security
Runtime D?<{#1!20?<gB:
C:\Program Files\Tivoli\PDWebRTE
?<{
8(20K Access Manager Web server
plug-in for IIS D?<{#1!20?<g
B:
C:\Program Files\Tivoli\PDWebPI
Tivoli Access Manager \m
C'j6 *
8 ( \ m r D \ m 1 # 1 ! 5 *
sec_master#
Tivoli Access Manager \mC'\k *8( Tivoli Access Manager sec_master \
m1J'D\k#
20r<!n
Z 22 B 20r<!n 313
install_amwpi_iplanetPlug-in for Sun ONE Web Server D20r<(install_amwpi_iplanet)WHy]"
am~qwD`M,rza> Access Manager Runtime dC!n#PXb)dC!n
Dhv,kNDTBZ].;:
v Z 288 3D:Access Manager Runtime(LDAP);
v Z 290 3D:Access Manager Runtime(Active Directory);
m 28 PvKZ4UZ 168 3D:9C20r<20;PD8>9C
install_amwpi_iplanet r<xP20Zd,rza>D=S!n#
m 28. install_amwpi_iplanet dC!n. * m>XhD!n#
dC!n hv
Tivoli Access Manager \m
C'j6 *
8 ( \ m r D \ m 1 # 1 ! 5 *
sec_master#
Tivoli Access Manager \mC'\k *8( Tivoli Access Manager sec_master \
m1J'D\k#
=|, Sun ONE Web Server dCD~D?<D
+76 *
8(|, Web Server dCD~D?<#}
g:/usr/iplanet/servers
20r<!n
314 IBM Tivoli Access Manager for e-business: Web Security 208O
install_amwpmm 29 Pv Tivoli Access Manager Web Portal Manager 53DdC!nhv#Z4U
Z 135 3D:9C20r<20;PD8>9C install_amwpm 20r<D}LP,
arza>b)!n#
m 29. install_amwpm dC!n#. * m>XhD!n#
dC!n hv
IBM HTTP Server D?<{
(vZ Windows Orza>)
8( IBM HTTP Server 20?<#1!?<gB:
v AIX:/usr/HTTPServer
v Linux M Solaris:/opt/IBMHTTPServer
v Windows:c:\Program Files\IBMHttpServer
IBM WebSphere Application Server D?<
{
(vZ Windows Orza>)
8( IBM WebSphere Application Server 20?
<#1!?<gB:
v AIX:/usr/WebSphere/AppServer
v Linux M Solaris:/opt/WebSphere/AppServer
v W i n d o w s : c : \ P r o g r a m
Files\WebSphere\AppServer
Zc{ *
8(CZ\mD WebSphere Zc{#K{FZdZ
c(%*)iPXkG(;D#wz{G>X53
D DNS {Fr IP X7#
>Xwz{ *8(wz53D+^({,Web Portal Manager +
$tZCwz53O#
>X\m1j6 *8(zC4G<D\m1j6#(Z UNIX O*
cn=root)
>X\m1\k * 8(>X\m1D\k#
Policy Server wz{ *
8( policy server D+^(wz{#}g:
pdmgr.tivoli.com
":ZdC}LPa=Nrza>K!n#
Policy Server SSL KZ *
8( policy server C4l} SSL ksDKZE#
1!KZE* 7135#
":ZdC}LPa=Nrza>K!n#
JRE ?< *8(}* Tivoli Access Manager xPdCD Java
Runtime Environment D?<#
Policy server \m1j6 * 8(\mrD\m1#1!5* sec_master#
Policy server \m1\k *8( Tivoli Access Manager sec_master \m1
J'D\k#
20r<!n
Z 22 B 20r<!n 315
install_ldap_serverm 30 Pv IBM Tivoli Directory Server 0dX8m~DdC!n#y]20Z UNIX
=(O9G Windows =(O,I\T;,ZQPvD3rrza>b)!n#
m 30. IBM Tivoli Directory Server 20
dC!n hv
Global Security Kit ?<{
(vZ Windows Oa>)
8( GSKit 20?<#1!?<gB:
v A I X : / u s r / o p t / i b m / g s k s a M
/usr/opt/ibm/gskta
v HP-UX M Solaris:/opt/ibm/gsk7
v Linux:/usr/local/ibm/gsk7
v Windows:C:\Program Files\ibm\gsk7
IBM DB2 ?<{
(vZ Windows Oa>)
8( IBM DB2 20?<#1!?<gB:
v AIX M Linux:
/usr/ldap/db2
v Solaris:
/opt/IBM/db2
v Windows:
C:\Program Files\IBM\SQLLIB
IBM Tivoli Directory Server ?<{
(vZ Windows Oa>)
8( IBM Tivoli Directory Server 20?<#
1!?<gB:
v AIX M Linux:
/usr/ldap
v Solaris:
/opt/IBMldaps
v Windows:
C:\Program Files\IBM\LDAP
DB2 \m1j6 *
20.0,Xk4(;v DB2 }]byP_
j 6 , } g l d a p d b 2 ( U N I X ) r
db2admin(Windows)#`X<rkNDZ
56 3D:200*s;#
DB2 \m1\k * 8( DB2 \m1j6D\k#
Directory server }]bw?< *Windows O* C:
UNIX O* ldapdb2 C'Dw?<
DB2 }]b{F * amdb
\m1j6 * cn=root
\m1\k * *\m1j64(BD\k#
\k7O *
(vZ Windows Oa>)YN8(\m1j6\kT7O#
20r<!n
316 IBM Tivoli Access Manager for e-business: Web Security 208O
m 30. IBM Tivoli Directory Server 20 (x)
C'(eDs:8(s:T,$C'Mi}]#}g:
o=ibm,c=us
>Xwz{ *
(vZ Windows Oa>)
20r<lb"nd53Dwz{#
8(wz53D+^({,LDAP ~qw+$
tZCwz53O#
G SSL KZE *8( LDAP ~qwC4l}DKZE#1!
KZE* 389#
SSL KZE *8( LDAP ~qwC4l} SSL ksDKZ
E#1!KZE* 636#
x+76D SSL \?D~ *
T/4F=2L}/w#fey]=(T>
\?D~D;C#zITS\K;C,r_
/@T(;;,D\?D~#
SSL $iD)p_Xk6p*M'z\?}]
bPDIEO$PD#
SSL \?D~\k *8(k SSL \?D~`X*D\k#key4sslGk am_key.kdb D~`X*D\k#
SSL \?D~$ij)
8(k*"M= LDAP ~qwD SSL \?D
~$i`X*Dj)#1!\?D~$i*
PDLDAP(k am_key.kdb D~`X*)#
20r<!n
Z 22 B 20r<!n 317
20r<!n
318 IBM Tivoli Access Manager for e-business: Web Security 208O
Z 23 B pdconfig !n
>ZPvKZ9C pdconfig 5CLrdC Tivoli Access Manager i~}LPa>z
dkD!nhv#y]20Z UNIX =(O9G Windows =(O,I\T;,ZQP
vD3rrza>b)!n#
TBG*sdCD Tivoli Access Manager m~|:
v Z 320 3D:Access Manager Runtime — LDAP;
v Z 321 3D:Access Manager Runtime — Active Directory;
v Z 323 3D:Access Manager Runtime — Domino;
v Z 324 3D:Access Manager Attribute Retrieval Service;
v Z 325 3D:Access Manager Authorization Server;
v Z 326 3D:Access Manager Java Runtime Environment;
v Z 327 3D:Access Manager Plug-in for Edge Server;
v Z 328 3D:UNIX OD Access Manager Plug-in for Web Servers;
v Z 330 3D:Windows OD Access Manager Plug-in for Web Servers;
v Z 331 3D:Access Manager Policy Server;
v Z 332 3D:Access Manager Policy Proxy Server;
v Z 333 3D:Access Manager Web Portal Manager;
v Z 334 3D:Access Manager WebSEAL Server;
© Copyright IBM Corp. 2001, 2003 319
Access Manager Runtime — LDAPm 31 PvKZ9C LDAP "amdC Access Manager Runtime m~|}LPa>d
kD!n#
m 31. Access Manager Runtime dC!n - LDAP
dC!n hv
+ZKzwO20 policy server p mwGqZ,;zwO20 policy server#
tC Tivoli +2?<xPU>G< !qtC Tivoli +2?< - C?<GKPCZf"
D~(}gzYM{"U>)D Tivoli m~D53O
D;vPD;C#
"am !q LDAP !n#
LDAP ~qwwz{ 8( LDAP ~qwD+^(wz{#}g:
ldapserver.tivoli.com
LDAP ~qwKZ 8( LDAP ~qwC4l}DKZE#1!KZE*
389#
g{ Tivoli Access Manager policy server ;P20Zk Access Manager Runtime `
,D53O,r+a>zdkTB=v5:
Policy server wz{ 8( policy server D+^(wz{#}g:
pdmgr.tivoli.com
Policy server SSL KZ 8( policy server C4l} SSL ksDKZE#1
!KZE* 7135#
r 8(r{#1!5* Default, |m>\mr#
T/S policy server BX pdcacert.b64
D~?
Tivoli Access Manager policy server DdC4(;v
1! SSL $i(^D~,{* pdcacert.b64#ZI
&XdCK Access Manager Policy Server i~.s,
Xk+KD~V"=2+rPD?(zw#
*9 Tivoli Access Manager runtime 53r Tivoli
Access Manager ~qwO$,r?v Runtime 53+
*sKD~D;v1>#*qCKD~,k4PTB
Yw.;:
v ZdC Access Manager Runtime m~|}LP,!
qT/BX pdcacert.b64 D~#
v ZdC Access Manager Runtime i~.0,V/+
pdcacert.b64 D~4F= Tivoli Access Manager 5
3#
pdconfig !n
320 IBM Tivoli Access Manager for e-business: Web Security 208O
Access Manager Runtime — Active Directorym 32 PvKZ9C Active Directory "amdC Access Manager Runtime m~|}
LPa>dkD!n#
m 32. Access Manager Runtime dC!n - Active Directory
dC!n hv
8( Access Manager Policy Server D;C#g{!q Access Manager Policy Server 2
0Zm;vzwO,r+a>zdkTB=v5:
wz{ 8( policy server D+^(wz{#}g:
pdmgr.tivoli.com
l}KZ 8( policy server C4l} SSL ksDKZE#1!
KZE* 7135#
"am 8( Tivoli Access Manager "amD`M:Active
Directory
dC*` Active Directory r 4tC
!qdC*`vr#qr,Tivoli Access Manager +d
C*%vr#(1!5)
Active Directory wz{ * 8( Active Directory rXFw~qw{F#}g:
adserver.tivoli.com
Active Directory r 8( Active Directory r{#}g:dc=tivoli,dc=com
tCS\,S 4tC
8( Kerberos CZ Active Directory ~qSZ(ADSI)
P,TZ= Active Directory ~qwD,SPS\}
]#KhCH,ZZG Windows 73PtC SSL ,
S#
ZG Windows 53O,IT!qtCK Tivoli Access Manager runtime 53M ActiveDirectory ~qwdD SSL ,S#g{wvK!q,r+a>za)TBDv5:
KZE 8( LDAP ~qwC4l} SSL ksDKZE#1!
KZE* 636#
xP+76D\?D~ 8(ZtCS\(E14(D LDAP M'z\?D
~#
$ij) 8( SSL M'z$ij)#KVN*szdkNNV
{#IZ;XhCM'zK$iO$,rK+vTz
y8(DV{#
\?D~\k 8(M'z LDAP \?}]bD~D\k#
f Tivoli Access Manager a)D am_key.kdb D~_
P1!\k key4ssl#
g{9C install_ldap_server Lr20"dC IBM
Tivoli Directory Server,rb)1!5GICD#g{
v(9C gsk7ikm 5CLr|DK\k,rXkXd
K1!\k#
Active Directory \m1j6 8(ZZ 88 3D:4( Active Directory \mC';
P4(D\m1j6#
Active Directory \m1\k 8(k Active Directory \m1j6X*D\k#
pdconfig !n
Z 23 B pdconfig !n 321
m 32. Access Manager Runtime dC!n - Active Directory (x)
dC!n hv
Access Manager }];C(P{F 8(k*f" Tivoli Access Manager }]D(P{F#
}g:dc=tivoli,dc=com#1!5* Active Directory r
{#
tC Tivoli +2?<xPU>G< !qtC Tivoli +2?< - C?<GKPCZf"D
~(}gzYM{"U>)D Tivoli m~D53OD;
vPD;C#
?<{ *Z;v20D Tivoli m~z78(U>?<#
Z;NdC Tivoli +2?<1,IT8(zk*U>D
~$tZDv?<#ZbTs,IT+ Tivoli m~dC
*9CK?<#
g{}Z+ Act ive Direc tory w*"am9C,rZTB?<P+4(;v
activedir.conf D~:
%PD_INSTALL_DIR%\etc
dP PD_INSTALL_DIR G20 Tivoli Access Manager D?<R C:\Program
Files\Tivoli\Policy Director G1!?<#
pdconfig !n
322 IBM Tivoli Access Manager for e-business: Web Security 208O
Access Manager Runtime — Dominom 33 PvKZ9C Lotus Domino "amdC Access Manager Runtime m~|}L
Pa>dkD!n#
m 33. Access Manager Runtime dC!n - Domino dC!n
dC!n hv
8( Access Manager Policy Server D;C#g{!q Access Manager Policy Server 2
0Zm;vzwO,r+a>zdkTB=v5:
wz{ 8( policy server D+^(wz{#}g:
pdmgr.tivoli.com
l}KZ 8( policy server C4l} SSL ksDKZE#1!
KZE* 7135#
"am 8( Tivoli Access Manager "amD`M:Domino
Domino Server {F 8( Domino Server D+^({#}g:
Domino/tivoli
T"am~qwtC SSL fe!n;ICJ#%wB;=Lx#
Notes Client \k 8(k;ZKzwOD\mC'D Notes j6D~X
*D\k#
Access Manager }]b{F 8(k Tivoli Access Manager }]X*D}]b{
F#1!5* PDMdata.nsf#
tC Tivoli +2?<xPU>G< !qtC Tivoli +2?< - C?<GKPCZf"
D~(}gzYM{"U>)D Tivoli m~D53O
D;vPD;C#
?<{ *Z;v20D Tivoli m~z78(U>?<#
Z;NdC Tivoli +2?<1,IT8(zk*U>
D~$tZDv?<#ZbTs,IT+ Tivoli m~
dC*9CK?<#
pdconfig !n
Z 23 B pdconfig !n 323
Access Manager Attribute Retrieval Servicem 34 PvKdC Access Manager Attribute Retrieval Service m~|}LPa>dkD
!n#
m 34. Access Manager Attribute Retrieval Service
dC!n hv
Zc{ 8(CZ\mD WebSphere Zc{#K{FZdZc
(%*)iPXkG(;D#wz{G>X53D
DNS {Fr IP X7#
>Xwz{ 8(wz53D+^({,attribute retrieval service +
$tZCwz53O#
>X\m1j6 8(zC4G<D\m1j6#(Z UNIX O*
cn=root)
>X\m1\k 8(>X\m1D\k#
pdconfig !n
324 IBM Tivoli Access Manager for e-business: Web Security 208O
Access Manager Authorization Serverm 35 PvKdC Access Manager Authorization Server m~|}LPa>dkD!n#
":ZdC Access Manager Authorization Server m~|.0,HdC Access Manager
Runtime m~|#
m 35. Access Manager Authorization Server dC!n
dC!n hv
r 8(r{#1!5* Default, |m>\mr#;*|
DK5#
Policy server wz{ 8( policy server C4*5K~qwDwz{#1!
5G>X53Dwz{#
Policy server KZ 8( policy server C4l}ksDKZE#1!KZ
E* 7135#
Tivoli Access Manager \m1(r
Default rD\m1j6)
8(\mrD\m1#1!5* sec_master#;*|
DK5#
\k 8( Tivoli Access Manager \m1(sec_master)\k#
>Xwz{ 8(wz53D+^({,authorization server +$t
ZCwz53O#
\mksKZ 8(\mksKZ#1!KZ* 7137#
Z(ksKZ 8(Z(ksKZE#1!KZE* 7136#
pdconfig !n
Z 23 B pdconfig !n 325
Access Manager Java Runtime Environmentm 36 PvKdC Access Manager Java Runtime Environment m~|}LPa>dk
D!n#
m 36. Access Manager Java Runtime Environment dC!n
dC!n hv
dC`M *+ Access Manager Java Runtime Environment dC
*CZ10 JRE P,k!q;vdC`M:
j+:g{}ZdC Web Portal Manager r}ZtC
Java &CLrT\m09C Tivoli Access Manager 2
+T,r!qKn#
%z:g{zG9C Java runtime environment `D*
"_,r!qKn#;aa>zdkPX policy server
E"#
** Tivoli Access Manager dCD Java
Runtime Environment(JRE)Dj{76
8(= IBM JRE 1.3.1 D76#}g:
/usr/java131/jre
g{}Z20 Web Portal Manager 53,r7#8(
f WebSphere Application Server ;p20D JRE#}
g:
/usr/WebSphere/AppServer/java/jre
Access Manager policy server zwDw
z{
8( policy server D+^(wz{#}g:
pdmgr.tivoli.com
Access Manager policy server zwDK
ZE
8( policy server C4l} SSL ksDKZE#1!
KZE* 7135#
Access Manager Policy Server rE" U
tC Tivoli +2?<xPU>G< !qtC Tivoli +2?< - C?<GKPCZf"
D~(}gzYM{"U>)D Tivoli m~D53O
D;vPD;C#
?<{ *Z;v20D Tivoli m~z78(U>?<#
Z;NdC Tivoli +2?<1,IT8(zk*U>
D~$tZDv?<#ZbTs,IT+ Tivoli m~
dC*9CK?<#
pdconfig !n
326 IBM Tivoli Access Manager for e-business: Web Security 208O
Access Manager Plug-in for Edge Serverm 37 PvKdC Access Manager Plug-in for Edge Server m~|}LPa>dkD
!n#4a)20r<#
m 37. Access Manager plug-in for Edge Server dC!n
dC!n hv
Web Traffic Express DKZ 8( Edge Server _Y:fzmDKZE#1!KZ*
80#
Tivoli Access Manager \m1C'j6 8(\mrD\m1#1!5* sec_master#
Tivoli Access Manager \m1C'j6
\k
8( Tivoli Access Manager sec_master \m1J'
D\k#
":Z Windows 53O,TK Active Directory "am~qwe~DdC*s\m1
\k,T9dC$_4PI&#
pdconfig !n
Z 23 B pdconfig !n 327
UNIX OD Access Manager Plug-in for Web Serversm 38 PvK UNIX =(O plug-in for Web Servers DdC!n#
m 38. UNIX OD Plug-in for Web Servers
dC!n hv
=|, Web ~qwdCD~D?<D+
76{
(TZ Sun ONE Web server,+a>z
dk Sun ONE Web server Dy20?
<)
T> Web ~qwD1!2076#S\K76rdk
BD76#
*#$D)ibwz dkK%!nr x TKv
zP}v!q:
v g{k*e~;#$;vibwz,rZT>Pm
PdkkCibwz`XD}V#
v *#$`vibwz,rZT>PmPdkkib
wz;C`XD5#CUqV*dkD}V#
v dk all T9e~#$~qwOyPQ*Dibw
z#
Tivoli Access Manager \mC'j6 8(\mrD\m1#1!5* sec_master#TZ
Active Directory `r,bG
sec_master@domain_name#
Tivoli Access Manager \mC'j6\
k
8( Tivoli Access Manager sec_master \mJ'D
\k#
C4l}Z(_T|BDKZE Z(|BGZ&CLrYw}LP4T authorization
policy server D_TE"v?|D+M#dkCZl}
Z(|BDKZE,rS\1!5 7237#
vTZ UNIX OD LDAP "am,+a>zGqtC SSL (E#
Z Tivoli Access Manager Plug-in for
Web Servers authorization server M
LDAP ~qw.dtC SSL (E
Z Web ~qwM"am~qw;Z,;v2+xgD
73P,;h*tC SSL#g{\7#Z Web ~qw
M"am.d"MD}]Dj{M2+,r!q;9
C SSL +(}}%2+*zvSxgxm#
g{Z Tivoli Access Manager Plug-in for Web Servers authorization server M LDAP ~qw
.dtC SSL,r+a>zdkTBDv5:
LDAP SSL M'z\?D~D;C /usr/ldap/lib/ldapkey.kdb
":1 Tivoli Access Manager Plug-in for Web servers
20Zk policy server `,DzwO"RI SSL dC
* LDAP 1,;\2m LDAP M'zD~# UNIX
D~mI(TZ#$D~;\4Z(CJGXhD#
g{mI(Jme~C'CJ LDAP M'z\?D
~,rIT2mCD~#
pdconfig !n
328 IBM Tivoli Access Manager for e-business: Web Security 208O
m 38. UNIX OD Plug-in for Web Servers (x)
dC!n hv
SSL M'z$ij) 8(*"M=~qwDM'z$iDM'z LDAP \
?}]bD~PDj)#
v1+~qwdC*Z SSL ("}LP*sM'zO
$1,r_zk*9C\?D~PDG1!$i1,
Eh*Kj)#
(#,LDAP ~qw;*sZM'z .kdb D~D4(
}LPy8(D~qwK$i#g{;*s SSL M'
z\?D~j),r+KVN#t*U#
LDAP SSL M'z\?D~\k 8(M'z LDAP \?}]bD~D\k#
f Tivoli Access Manager a)D am_key.kdb D~_
P1!\k key4ssl#
g{9C install_ldap_server Lr20"dC IBM
Tivoli Directory Server,rb)1!5GICD#g{
v(9C gsk7ikm 5CLr|DK\k,rXkXd
K1!\k#
LDAP ~qw SSL KZE 8( LDAP ~qwC4l} SSL ksDKZE#1
!KZE* 636#
pdconfig !n
Z 23 B pdconfig !n 329
Windows OD Access Manager Plug-in for Web Serversm 39 PvK Windows =(O plug-in for Web Servers DdC!n#
m 39. Windows OD Plug-in for Web Servers
dC!n hv
*#$D)ibwz SPmP!qTmw*#$D)ibwz#
Tivoli Access Manager \mC'j6 8(\mrD\m1#1!5* sec_master#TZ
Active Directory `r,bG
sec_master@domain_name#
Tivoli Access Manager \mC'j6\
k
8( Tivoli Access Manager sec_master \m1J'
D\k#
C4l}Z(_T|BDKZE Z(|BGZ&CLrYw}LP4T authorization
policy server D_TE"v?|D+M#dkCZl}
Z(|BDKZE,rS\1!5 7237#
pdconfig !n
330 IBM Tivoli Access Manager for e-business: Web Security 208O
Access Manager Policy Server":
1. ZdC Access Manager Policy Server m~|.0,+a>zdC Access Manager
Runtime m~|#
2. Active Directory r Domino "am~qwD UNIX =(O;'V policy server#
m 40. Access Manager Policy Server dC!n
dC!n hv
Access Manager \m1j6 8(\mrD\m1#1!5* sec_master#TZ
Active Directory `r,bG
sec_master@domain_name#
Access Manager \m1\k 8( Tivoli Access Manager \mC'j6D\k#
7O\k YN8( sec_master \kT7O#
Policy server SSL KZ 8( policy server C4l} SSL ksDKZE#1!
KZE* 7135#
SSL $iP'Z 8( SSL $iD~P'Dl}#1!Dl}* 365#
SSL ,S,1 8(Z,1.0 SSL ,SH}l&DVx1d(Tk
*%;)#1!Dk}* 7200#
pdconfig !n
Z 23 B pdconfig !n 331
Access Manager Policy Proxy Serverm 41 PvKdC Access Manager Policy Proxy Server m~|}LPa>dkD!n#
":ZdC Access Manager Policy Proxy Server m~|.0,HdC Access Manager
Runtime m~|#
.
m 41. Access Manager Policy Proxy Server dC!n
dC!n hv
Policy Server wz{ * 8( policy server D+^(wz{#}g:
pdmgr.tivoli.com
Policy server KZ * 8( policy server C4l}ksDKZE#1!KZ
E* 7135#
\m1j6 * 8(\mrD\m1#1!5* sec_master#TZ
Active Directory `r,bG
sec_master@domain_name#
\k * 8( Tivoli Access Manager \mC'j6D\k#
>Xwz{ * 8(wz53D+^({,policy proxy server +$t
ZCwz53O#}g:
pdproxy.tivoli.com
\mksKZ * 8(\mksKZ#1!KZ* 7139#
zmksKZ * 8zmksKZ#1!KZ* 7138#
pdconfig !n
332 IBM Tivoli Access Manager for e-business: Web Security 208O
Access Manager Web Portal Managerm 42 PvKdC Access Manager Web Portal Manager m~|}LPa>dkD!n#
m 42. Access Manager Web Portal Manager dC!n
dC!n hv
Tivoli Access Manager \m1 8(\mrD\m1#1!5* sec_master#
Tivoli Access Manager \m1\k 8( Tivoli Access Manager sec_master \m1J'
D\k#
pdconfig !n
Z 23 B pdconfig !n 333
Access Manager WebSEAL Serverm 43 PvKdC Access Manager WebSEAL Server m~|}LPa>dkD!n#
":ZdC Access Manager WebSEAL Server m~|.0,HdC Access Manager
Runtime m~|#
m 43. Access Manager WebSEAL Server dC!n
dC!n hv
WebSEAL 5}{F 8( policy server C4*5K WebSEAL Server D+
^(wz{#
9C_-xgSZ 8(9C_-xgSZ#g{* yes,r+a>za)
_-xgSZD IP X7#
WebSEAL wz{ 8( WebSEAL Server Dwz{#
WebSEAL l}KZ 8( WebSEAL Server C4l}ksDKZE#1!
KZE* 7234#
\m1j6 8(\mrD\m1#1!5* sec_master#
\m1\k 8( Tivoli Access Manager sec_master \m1J'
D\k#
Jm HTTP CJ(G/q) 8(GqtC HTTP CJ#g{!q,rXk8(
HTTP KZE#1!ivBtC HTTP CJ#
HTTP KZ [80] 8( HTTP KZ#1!KZE* 80#g{fZkKZ
De;,rdC+lb=e;"vSKZED!q#
Jm2+ HTTPS CJ(G/q) 8(GqtC HTTPS CJ#g{!q,rXk8(
HTTPS KZE#1!ivBtC HTTPS CJ#
HTTPS KZ [443] 8( HTTPS KZ#1!KZE* 443#g{fZkK
ZDe;,rdC+lb=e;"vSKZED!
q#
W e b D 5 y ? <
[opt/pdweb/www-default/docs]
1!?<gB:
v UNIX:/opt/pdweb/www-default/docs
v Windows:C:\Progam Files\Tivoli\PolicyDirector
\PDWeb\www-default\docs
pdconfig !n
334 IBM Tivoli Access Manager for e-business: Web Security 208O
Z 24 B tC2+WSVc
(izZ LDAP ~qwM'V IBM Tivoli Access Manager m~D IBM Tivoli Directory
Client .dtC2+WSVc(SSL)(E#
":g{G9C20r<420 IBM Tivoli Directory Server,rITx}>BPD8
>E"# install_ldap_server LrZ20"dCK LDAP ~qw0dX8m~
D,1,}<zp=jItC SSL D}L#
*tC SSL (E,XkWHZ~qwOdC SSL,;sZ IBM Tivoli Directory Client
OdC SSL#Z SSL dCZd,aa>z!qTBO$`M.;:
~qwO$
~qw+d$i"M=M'z,M'zO$~qw#
~qwMM'zO$
Z~qwQ+d$i"M=M'zRQqM'zO$.s,~qwksM'z
D$i#ZKivB,h**M'z53T0~qw534($i#
g{!q;5V~qwO$,rXkdC~qwM IBM Tivoli Directory Client TxP
SSL CJ#;x,g{!q5V~qwMM'zO$,rXkZ~qwOdC SSL,Z
M'zOdC SSL,;sq-Z 351 3D:dC LDAP ~qwMM'zO$;PD8
>E"#
>B|,TBw*?V:
v :dC IBM Tivoli Directory Server TxP SSL CJ;
v Z 340 3D:dC IBM z/OS M OS/390 2+~qwTxP SSL CJ;
v Z 342 3D:dC Microsoft Active Directory TxP SSL CJ;
v Z 344 3D:dC Novell eDirectory Server TxP SSL CJ;
v Z 346 3D:dC Sun ONE Directory Server TxP SSL CJ;
v Z 349 3D:dC IBM Tivoli Directory Client TxP SSL CJ;
v Z 351 3D:dC LDAP ~qwMM'zO$;
dC IBM Tivoli Directory Server TxP SSL CJ
ITtC SSL T#$ Tivoli Access Manager ~qwM LDAP ~qw.dD(E#K
=h;hZWN(" LDAP ~qwM IBM Tivoli Directory Client .dD SSL (E
14P#
g{H0Z LDAP ~qwdCZdQtCT LDAP ~qwD SSL CJ,rXk+M
'zM~qw\?7T4F=?v9C SSL CJD=S Tivoli Access Manager 53#
g{ LDAP ~qwh* SSL CJ,rk9C GSKit 4P SSL \?\m# GSKit a
)K;v{* gsk7ikm D<N/\?\m5CLr#XZgN9C gsk7ikm 5CL
r4tC SSL Dj{8>E",kND SSL Introduction and iKeyman User’s Guide#
*Z IBM Tivoli Directory Server OtC SSL CJ,kjITBwZPD8>E":
© Copyright IBM Corp. 2001, 2003 335
v Z 336 3D:4(\?}]bD~M$i;
v Z 337 3D:SO$PDq!vK$i;rZ 337 3D:4(Mi!T)p$i;
v Z 338 3D:tC SSL CJ;
4(\?}]bD~M$i
*Z LDAP ~qwOtC SSL 'V,~qwXkP;vCZj6~qwD$i,xR
C$iITCwvK$i#KvK$iG~qw"M=M'zTJmM'zO$~q
wD$i#b)$iT0+CM(C\?Tf"Z\?}]bD~P#C'(#SO
$PD(}g VeriSign)q!Q)pD$i#
mb,C'9IT9CT)p$i#g{C'9CT)p$i,ZOfzI$iD5
3MI*O$PD#
9C gsk7ikm 5CLr4(\?}]bD~M$i#*4(\?}]bD~M$i(T
)pr)p),kq-TBb)=h:
1. 7#Z LDAP ~qwMNN+9C SSL D IBM Tivoli Directory Client Oy2
0\'Vf>D GSKit M gsk7ikm#
2. (iz9C4TO$PD(CA)D$ir GSKit iKeyman 5CLrZ\'VD"
am~qwM IBM Tivoli Directory Client .dtC SSL (E#*jIbnYw,
kq-TBb)=h:
a. hC iKeyman 5CLr#`X8>E",kNDZ 235 3D:hC GSKit
iKeyman 5CLr;#
b. T\'VD"am~qwtC SSL#`X8>E",kNDZ 335 3DZ 24 B,
:tC2+WSVc;#
":PX9C iKeyman 5CLrD|`E",kND IBM Global Security Kit
Secure Sockets Layer and iKeyman User’s Guide#
3. t/ gsk7ikm 5CLr,|;ZTB1!?<.;:
53 76
AIX /usr/lpp/ibm/gsk7/bin/gsk7ikm
HP-UX /opt/ibm/gsk7/bin/gsk7ikm
Linux /usr/local/ibm/gsk7/bin/gsk7ikm
Solaris /opt/IBM/GSK7/bin/gsk7ikm
Windows C:\Program Files\IBM\gsk7\bin\gsk7ikm.exe
4. *4(BD\?}]bD~,!q\?}]bD~ → B(#
5. i$ CMS G!(D\?}]b`M#
6. ZD~{VNMz#{\?}]bD~&ZD;CVNdkE",;s%w7
(#\?}]bD~D)9{* .kdb#
7. dk\?}]bD~D\k"7O#kG!K\k,r*`-\?}]bD~1
|GXhD#
8. S\1!D=Z1d,r_|D*i/*sD=Z1d#
9. g{k*ZG\k"+df"=f"D~P,k!q+\kf"=D~P#
SSL — IBM Tivoli Directory Server
336 IBM Tivoli Access Manager for e-business: Web Security 208O
;)&CLrIT9Cf"D~,Sx&CLr^h*@\kM\9C\?}]
bD~#f"D~D;CM{Fk\?}]bD~`,,+)9{* .sth#
10. %w7(#bMjIK\?}]bD~D4(#P;i1!D)p_$i#b)
)p_$iGQ6pD1!O$PD#
SO$PDq!vK$i
g{F.9C4TO$PDD$ixGT)p$i,rXkSO$PDks$i,;
sZjI|.sxPSU#
g{F.9CT)p$i,rx}K?Vx*A:4(Mi!T)p$i;#
*ks"SU$i,kq-TBb)=h:
1. 9C gsk7ikm TSO$PDks$i,;s+BD$iSUx\?}]bD~P#
2. %w\?}]bD~DvK$iks?V#
3. %wB(#
4. *zIIT"M=O$PDDks,kn4E";s%w7(#
5. *ZO$PD5X$i.s+$i20=\?}]bD~,%wvK$i?V,;
s%wSU#
6. Z\?}]bD~P5P LDAP ~qwD$i.s,rdC LDAP ~qwTtC
SSL#
Lx=Z 338 3D:tC SSL CJ;#
4(Mi!T)p$i
g{Qg:SO$PDq!vK$i;PyvSQ*O$PDq!$i,rx}K?
V"*AZ 338 3D:tC SSL CJ;#
*4(BDT)p$i"+df"=\?}]bD~P,kq-TBb)=h:
1. !q4( → B(T)p$i#
2. Z\?j)VNdk{F,GSKit I9CC{FZ\?}]bPj6KBD$i#
}g,Cj)ITG LDAP ~qwD53{F#
3. S\f>VND1!5(X509 V3)M\?s!VND1!5#
4. S\K$i1!D53{FrZ +2{FVNdk;,D(P{F#
5. Zi/VNdk+>{F#
6. jINNI!VNr#t|G*U#
7. TzRrXxVNS\1!5,T P'ZVNS\5 365,2IT|D|GT{O
i/D*s#
8. %w7(#GSKit zIBD+CM(C\?T"4($i#
g{Z\?}]bD~PP`vvK$i,GSKit a/JzGqk*9K\?I*
}]bPD1!\?#ITS\|GPD;vw*1!\?#g{4a)j)T
!q9CDv$i,raZKP19C1!$i#
bMjIK LDAP ~qwDvK$iD4(#|aT>Z\?}]bD~D0vK
$i1?V#9C\?\m5CLrDPduZ#fZ\?}]bD~PD$i
`M.dxP!q#
SSL — IBM Tivoli Directory Server
Z 24 B tC SSL 337
C$i9aT>Z\?}]bD~D0)p_$i1?V#1zZ\?}]bD
0)p_$i1?VP1,ki$BD$i2ZGo#
SE,Xk+ LDAP ~qwD$ii!= Base64 `kD ASCII }]D~#
9. 9C gsk7ikm + LDAP ~qwD$ii!= Base64 `kD ASCII }]D~#
KD~CZZ 350 3D:mS)p_$i;P#
10. ;vT>zUE4(DT)p$i#
11. %wi!$i#
12. %w Base64 `k ASCII }]w*}]`M#
13. *Bi!D$idk$iD~{#$iD~D)9{(#* .arm#
14. dkzk*C4f"i!D$iD;C#
15. %w7(#
16. +Ki!D$i4F= IBM Tivoli Directory Client 53#
VZzMITdC LDAP ~qwTtC SSL K#Lx=:tC SSL CJ;#
tC SSL CJ
*dC IBM Tivoli Directory Server TtC SSL,kq-TBb)=h:
1. 7# IBM Tivoli Directory Server M\mX$xL}ZKP#*t/C~qw,k
4PTBYw.;:
v Z UNIX 53O,9C ibmdirctl |n#
v TZ Windows 53,9C ibmdirctl |n,r_:
a. %w*< → hC → XFfe#
b. k4PBPYw.;:
– Z Windows NT 53O,%w~q#!q IBM Tivoli Directory V5.2 "
%wt/#T IBM Tivoli Directory Admin Daemon ~qX4K=h#
– Z Windows 2000 53O,%w\m$_ → ~q#R|%w IBM TivoliDirectory V5.1 "%wt/#T IBM Tivoli Directory Admin Daemon~qX4K=h#
2. k4PBPYw.;:
v *dC SSL (E,dkTB|n:
ldapmodify -D Admin_DN -w admin_password -i filename
dP filename |,:
dn:cn=SSL,cn=Configurationchangetype:modifyreplace:ibm-slapdSecurityibm-slapdSecurity:SSL | none | SSLOnly-replace:ibm-slapdSslAuthibm-slapdSslAuth:serverauth | serverClientAuth-replace:ibm-slapdSslCertificateibm-slapdSslCertificate: ldapserv-replace:ibm-slapdSslKeyDatabaseibm-slapdSslKeyDatabase: /usr/ldap/etc/key.kdb
v `- ibmsladp.conf D~,"+TBZ]mS=T
SSL — IBM Tivoli Directory Server
338 IBM Tivoli Access Manager for e-business: Web Security 208O
dn:cn=SSL,cn=Configuration
*<DZ:
ibm-slapdSecurity:SSL | none | SSLOnlyibm-slapdSslAuth:serverauth | serverClientAuthibm-slapdSslCertificate: ldapservibm-slapdSslKeyDatabase: /usr/ldap/etc/key.kdb
3. gB#9 IBM Tivoli Directory Server M\mX$xL=_:
v TZ UNIX 53:
ibmdirctl -D ldap_admin -w ldap_pwd stopps -ef | grep ibmdiradmkill -9 pid_obtained_by_previous_command
v TZ Windows 53,%w*< → hC → XFfe → \m$_ → ~q#R|
%w IBM Tivoli Directory V5.2 "%w#9#T IBM Tivoli Directory AdminDaemon ~qX4K=h#
4. gBt/ IBM Tivoli Directory Server M\mX$xL=_:
v TZ UNIX 53,gB9C ibmdirctl |nt/\mX$xL,;s9C
ibmdirctl |nt/?<~qw:
ibmdiradmibmdirctl -D ldap_admin -w ldap_pwd start
v TZ Windows 53,9C ibmdirctl |nr%w *< → hC → XFfe → \
m$_ → ~q#R|%w IBM Tivoli Directory V5.2 "%wt/#T IBMTivoli Directory Admin Daemon ~qX4K=h#
5. *bTQtC SSL,S LDAP ~qw|nPdkTB|n:
ldapsearch -h ldaphost -Z -K keyfile -P key_pw -b "" -s base objectclass=*
dP:
ldaphost
8( LDAP ~qwD DNS wz{#
keyfile_pwd
8( SSL \?}]bD~D{F(xP1!D)9{ .kdb)#g{\?}
]bD~;Z10?<P,rk8(+^(\?}]bD~{#
key_pw 8(\?D~\k#K\kTZCJ\?}]bD~(|I\|,;vr
`v(C\?)PDS\E"GXhD#g{3v\kf"D~kK\?
}]bD~`X*,rS\kf"D~Pq!\k,R;h* –P !n#g
{H48( –Z 248( –K,rvTK!n#
ldapsearch |n5X LDAP y>E",|( LDAP ~qwODs:#
VZMjIK LDAP ~qw SSL hC#
6. SE,hC IBM Tivoli Directory Client TxP SSL CJ#Lx=Z 349 3D:d
C IBM Tivoli Directory Client TxP SSL CJ;#
SSL — IBM Tivoli Directory Server
Z 24 B tC SSL 339
dC IBM z/OS M OS/390 2+~qwTxP SSL CJ
1 Tivoli Access Manager M LDAP ~q;Z,;v\#$DxgO1,(izZ LDAP
~qwM'V Tivoli Access Manager m~DM'z.dtC SSL (E#K-iZ?
v~qwMM'z.da)2+DS\(E#Tivoli Access Manager +b)(EE@C
wxPO$MZ(v_D}LD;?V#
*Z OS/390 r z/OS OdC LDAP ~qwTxP SSL (E,IN<kTzX(D
OS/390 r z/OS "PfD LDAP Server Administration and Use Manual#CD5;Z:
http://www.ibm.com/servers/eserver/zseries/zos/bkserv/
TB_6p=hTZ* z/OS R1.2 = R1.4 OD LDAP tC SSL 'VGXhD#b
)=hY(zQ20"dCK LDAP ?<~qw,Q20K z/OS \k~q53 SSL,
"hCK STEPLIB"LPALIB r LINKLIST#
1. dC LDAP ~qwZ SSL KZOl} LDAP ksTxP~qwO$M(I!D)
M'zO$#kND:hC2+!n;#
2. zI LDAP ~qw(C\?M~qw$i,"+djG*\?}]bPD1!5,
r+dj)CZ sslCertificate dCD~!n#XZ9C gskkyman 5CLr4
(\?}]bD~D>},kNDZ 341 3D:4(\?}]bD~;#
3. XBt/ LDAP ~qw#
hC2+!n
TB SSL !nITZ slapd.conf D~PhC:
listen ldap_URL
T LDAP URL q=8( IP X7(rwz{)M LDAP ~qwCZl}xk
DM'zksDKZE#KN}IZdCD~P`N8(#
sslAuth {serverAuth | serverClientAuth}
8( SSL O$=(#serverAuth =(Jm LDAP M'zZM'zM~qw
.dDnuS%1i$ LDAP ~qw# serverAuth =(G1!=(#
sslCertificate {certificateLabel | none}
8(CZ~qwO$D$ij)#|f"Z\?}]bD~P,(}9C
gskkyman $_4(M\m#
sslCipherSpecs int
8(+SM'zS\D SSL \kf6#
m 44. \'VD\k
\k .yxF5 .xF5
SLAPD_SSL_RC4_MD5_US 0x0800 2048
SLAPD_SSL_RC4_SHA_US 0x0400 1024
SLAPD_SSL_TRIPLE_DES_SHA_US 0x0100 256
SLAPD_SSL_DES_SHA_EXPORT 0x0200 512
SLAPD_SSL_RC2_MD5_EXPORT 0x1000 4096
SLAPD_SSL_RC4_MD5_EXPORT 0x2000 8192
SSL - z/OS M OS/390 ~qw
340 IBM Tivoli Access Manager for e-business: Web Security 208O
k sslCipherSpecs X|V;p9CD{}5GIZ 340 3Dm 44 PD.yx
F5(eD ORed ;AND.xFm>#}g,*9CyPZ@zICD\k,
C5&C* 15104#(Z@zTb,8>yPP'D\kf6D5* 12288#)
ZKivB,'Vb)\kPNN;vDM'z&\("k~qwD SSL ,
S#
sslKeyRingFile filename
8(~qwD SSL \?}]bD~D76MD~{#CD~{Xk(}9C
gskkyman $_k\?}]bD~{%d#
sslKeyRingFilePW string
8(T SSL \?}]bD~D\k#$CJ#C\kV{.Xkk9C
gskkyman $_4(D\?}]bD~D\k%d#
":?R(iz;*9C sslKeyRingFilePW dC!n#w*fz,I9C
RACF \?7'Vr_ sslKeyRingPWStashFile dC!n#byaSd
CD~P{}K\k#
sslKeyRingPWStashFile filename
8(CZf"~qwD\?}]bD~\kDD~{#g{K!nfZ,r4
TKf"D~D\ka2G sslKeyRingFilePW dC!n(g{CdC!nf
Z)#+ gskkyman 5CLrk –s !n;p9C,I4(\?}]b\kf
"D~#
4(\?}]bD~
TB>}rzT>gN9C gskkyman 5CLr4(\?}]bD~#
1. gBS shell a>{(OMVS r rlogin a0)t/ gskkyman 5CLr:
$ gskkyman
gskkyman 5CLra)K;vyZK%Dgf#*4P&\,I(}Z|na>
{Bdkd`E4!qk*4PD!n#arza>dC!n#Z?va>.s4
Enter |Lx#
2. dk!n 1 4(BD\?}]bD~#
3. dk\?}]b{FrS\1!5(key.kdb),;s4 Enter |#
4. 4(\kT#$\?}]b#
5. YNdk}]b\kT7O#
6. Tl*%;dk\k=Z1ddt,rS\1!5(^=ZUZ)#
7. dk}]bG<$HrS\1!5(2500)#
4(K\?}]b,"aT>;u{",8>KYwGI&9G'\
8. S0\?\m1K%,!q!n 6 T4(;vT)p$i"q-a>#
9. 4($i.s,Xki!K$i,by|MIT"M= LDAP M'z53,"w*
IED CA $imS#*jIbnYw,kq-TBb)=h:
a. !q!n 1 T\m\?M$i#
b. S0\?M$i1PmPdkj)E#
c. S0\?M$i1K%Pdk!n 6 T+$i<v=D~P#
d. S0<vD~q=1T0rP,!q<vq=#}g,!q!n 1 <v=~xF
ASN.1 DER#
SSL - z/OS M OS/390 ~qw
Z 24 B tC SSL 341
<vK$i#VZzMIT+<vDD~+M= LDAP M'z53,"+dw*
IED CA $imS#IZT<vQ8(~xF DER DD~q=,rKZ4P
mSYw1,K`,DD~`MXk8(= LDAP M'z53OD gsk7ikm 5
CLr#
dC Microsoft Active Directory TxP SSL CJ
7# Active Directory rQhC,Tivoli Access Manager policy server QZ Windows
2000 53O20"dC#
Z Active Directory ~qwO<v$i
*Z Active Directory ~qwO<v CA $i,kq-TBb)=h:
1. w*%zFczD>X\m12+iDI1G<,r_w*,S=CrDFczD
r\m12+iDI1G<#
2. Z Windows Server O20O$PD(CA),b+Z Active Directory ~qwO2
0~qw$i#*jIbnYw,kq-TBb)=h:
a . %w*< → \m$_ → O$PDTr* CA Microsof t \mXF(
(MMC)GUI#
b. ;vT> CA zw"R|%wT!q CA DtT#
c. S#fK%P%wi4$i#
d. !qj8E"S<,;s%w0ZRBGD4F=D~...4%#
e. 9C$i<vr<+ CA $i#fZD~P#
":ITT DER `k~xF X-509 q=r_ Based-64 `k X-509 q=#f
CA $i#
3. *i$Z Active Directory ~qw(Windows 2000 r Windows 2003)OtCK
SSL,kq-TBb)=h:
a. 7#Z Active Directory zwO20K Windows 2000 Support Tools(Windows
2003 O* Windows Support Tools)# suptools.msi 20Lr;Z Windows CD
D \Support\Tools\ ?<P#
b. !qTBwn.;:
v TZ Windows 2000 53,!q*< → Windows 2000 Support Tools →$_ → Active Directory \m$_"t/ ldp $_#
v TZ Windows 2003 53,!q*< → Windows Support Tools → $_ →|na>{"t/ ldp $_#
c. S ldp 0Z,!q,S → ,S"a)wz{MKZE(636)#
":7#}7Xdk Active Directory r~qw{F#
g{I&,aT>;0Z,Pvk Active Directory SSL ,S`XDE"#g{,S;
I&,kXBt/53"X4K}L#
Z LDAP M'z53O<k$i
QZ Active Directory ~qwO<v$i.s,XkZ?vzF.ZOfhCS\(E
DG Windows D Tivoli Access Manager 53O<kC$i#*jIbnYw,kq
-TBb)=h:
SSL - z/OS M OS/390 ~qw
342 IBM Tivoli Access Manager for e-business: Web Security 208O
1. 7# Tivoli Access Manager 53O0PTBi~#
"b: kpZK1dC Access Manager Runtime i~#
v Global Security Kit(GSKit)
v IBM Tivoli Directory Client(LDAP M'z)
v Access Manager Runtime
2. 7#QhCk GSKit ;p20D iKeyman \?\m5CLr#`X8>E",k
NDZ 233 3D:20 Global Security Kit;PPXhC GSKit iKeyman 5CLr
DE"#
3. Z Tivoli Access Manager 53O20i!D CA $i#
4. (}9C GSKit iKeyman 5CLr,4(\?}]bD~"+ Active Directory ~
qwD CA $i<k=K\?D~#7#<kD CA $i8rS Active Directory
~qw53i!D CA $iD~#`X8>E",kNDZ 349 3D:dC IBM
Tivoli Directory Client TxP SSL CJ;rND SSL Introduction and iKeyman
User’s Guide#
5. *9CzU4(D\?D~bT= Active Directory ~qwD SSL ,S,IZ Tivoli
Access Manager 53O9C ldapsearch |n#`X8>E",kND:bT SSL
CJ;#
6. 9C Tivoli Access Manager pdconfig 5CLrTdC Access Manager Runtime i
~#1a>tCS\,S1,!qG#XZdC!nDhv,kNDZ 321 3D
:Access Manager Runtime — Active Directory;#
7. g{ZK53O20K=S Tivoli Access Manager i~,}g Access Manager
Authorization Server r Web Portal Manager,rZK1dCb)i~#
VZMjIK SSL hC#
bT SSL CJ
Z Active Directory ~qw6p4(KM'zvK$iDO$PD.s,(}Z LDAP
M'zO9CTB|nbT SSL CJ:
ldapsearch -h AD_servername -s base -Z -K client_keyfile -P keyfile_pwd objectclass=*
|nd?gB:
d? hv
AD_servername 8( Active Directory ~qwD DNS wz{#
client_keyfile 8(zIDM'z\?D~D+^(76{#
keyfile_pwd 8(zID\?D~D\k#
g{I&,aT>;0Z,Pvk Active Directory ~qwE"#g{,S;I&,k
XBt/53"X4K}L#
SSL — Microsoft Active Directory
Z 24 B tC SSL 343
dC Novell eDirectory Server TxP SSL CJ
2+WSVc(SSL)JmTZ Tivoli Access Manager ~qM NDS eDirectory .d+
MD}]xPS\,Ta)}]~=Mj{T#(i\m1tC SSL T#$ngC'
\kM(C}].`DE"#+G,SSL TZ Tivoli Access Manager DKP;GXh
D#g{zD Tivoli Access Manager 73P;h* SSL,kx}K?V#
Tivoli Access Manager ;'Vr Novell eDirectory xP~qwKO$#** SSL d
C Novell eDirectory Server,k7#Q20 ConsoleOne $_,"jITB?V:
v :4(i/DO$PDTs;
v Z 345 3D:4(T)p$i;
v Z 345 3D:* LDAP ~qw4(~qw$i;
v Z 345 3D:tC SSL;
v Z 346 3D:mST)p CA $i= IBM \?D~;
":PX|`E",kND;ZTB Web >cD Novell z7D5:
TZ Novell eDirectory V8.6.2,kND:
http://www.novell.com/documentation/lg/ndsedir86/index.html
TZ Novell eDirectory V8.7,kND:
http://www.novell.com/documentation/lg/edir87/index.html
4(i/DO$PDTs
Z eDirectory D20Zd,1!ivBa4( NDSPKI:Certificate Authority Ts(g
{xgPP;fZD0)#we{(GTs{)&GP'D)p_,bc\X*#we
{XkP*I Tivoli Access Manager 6p*P'Di/VNMzRrXxVN#1!
we{gB:
0=organizational_entry_name.OU=Organizational CD
b;G;vP'D)p_#*xP|D,XkTP'Dwe{XB4(O$PDT
s#*jIbnYw,kq-TBb)=h:
1. t/ ConsoleOne#
2. !q2+T]wTs#TsaZ0ZDRV0qPT>#
3. !qi/ CA Ts">}|#
4. YNR|%w2+T]wTs,"%wB( → Ts#
5. S0B(Ts1T0rPDPmrP,+w NDSPKI:O$PD#aT>04(i
/O$PDTs1T0r#q-*z8>E"#
6. !q?j~qw"dk eDirectory Ts{#}g:
Host Server Field = C22Knt_NDS.AM
Object Name Field = C22KNT-CA
7. Z04(=(1P,!q(F"%wB;=#
y]Q20D Novell eDirectory f>,I\aT>=v=SA;#%wB;==N
TLx#
SSL — Novell eDirectory Server
344 IBM Tivoli Access Manager for e-business: Web Security 208O
8. *}Z(eDO$PDS\1!we{rdk;vP'D(P{F#yPIO$P
DzID$iaECZK;C#
9. i/O$PDw* C22KNT-CA T>Z ConsoleOne P#
4(T)p$i
*4(T)p$i,k4PTBYw:
1. *Ai/O$PD(C22KNT-CA)DtT#aT>0tT10Z#
2. !q0$i1!n(,;sSB-K%P!q0T)p$i1#
3. i$$i#
4. <v$i#aT>0<v$i10Z#
5. S\1!5,"4B+C4#fT)p$iD;C#}g:
c:\c22knt\CA-SelfSignedCert.der
6. +M((} FTP)D~= Tivoli Access Manager w?<#}g:
c:\Program Files\Tivoli\Policy Directory\keytab
kG!bG;v~xFD~#
* LDAP ~qw4(~qw$i
** Novell eDirectory Server 4(~qw$i,kq-TBb)=h:
1. ** LDAP ~qw4(~qw$i,R|%wi/u?,;s%wB( → Ts#
aT>0B(Ts10Z#
2. !q NDSPKI:\?DO;s%w7(#aT>04(~qw$i(\?DO)1
0Z#
3. dk$i{F(}g AM),T4(=(!q(F,;s%wB;=#
4. T08(O$PD1!n(C!n+8($i)9C1!5,;s%wB;=#
5. 8(\?s!,TyPd|!nS\1!5,;s%wB;=#
":Novell eDirectory V8.6.2 D1!\?s!* 1024 ;,V8.7 D* 2048 ;#
6. Z08($iN}10ZP,%w0we{F1VNT_D`-4%#aT>0`
-we10Z#
7. dkwe{F,;s%w7(#aT>|B}0we{F1VND04(~qw$
i(\?DO)10Z#%wB;=Lx#
8. *ZSB4D0ZPS\1!5,I%wB;==N,;s%wjIT4(\?D
O#
aY1T>04($i10Z#1|e}s,aC{* AM D\?DOu?|B
ConsoleOne DR0q#bG~qw$i#
tC SSL** Novell LDAP ~qwtC SSL,k4PTBYw:
1. Z ConsoleOne DRV0qP,(;{* LDAP ~qw - wz{Du?,;sR
|%wCu?#
2. SB-K%P,!qtT#S0tT1JG>P,!q0SSL dC1!n(#
SSL — Novell eDirectory Server
Z 24 B tC SSL 345
3. %w0SSL $i1VNT_D0wQw1<j#aT>0!q SSL $i10Z#
0SSL $iPm10qaT>i/Q*D$i#
4. !q AM $i"%w7(#aXBT>0LDAP ~qwtT - wz{10Z,"
xP|B}D0SSL $i1VN#
":kp!q0tC"*s`%O$1#
mST)p CA $i= IBM \?D~
*+T)p CA $imS= Tivoli Access Manager ~qwOD IBM \?D~,kq
-TBb)=h:
1. t/ gsk7ikm 5CLr#aT>0IBM \?\mw10Z#
2. !q\?}]bD~ → B(#aT>0B(10Z#
3. +VN|B*TB5,;s%w7(:
\?}]b`M:CMS \?}]bD~D~{:key.kdb;C:/var/PolicyDirector/keytabs
aT>0\ka>10Z#
4. 4(\k,dk=NTxPdC,;s%w7(#aT>0IBM \?\mw10Z,
0ZPT>0)p_$i1T0r#
5. %wmS4%#aT>0SD~mS CA D$i10Z# |BTBVN,;s%w
7(:
}]`M:~xF der }]$iD~{:<hostname>CA-SelfSignedCert.der;C:/var/PolicyDirector/keytabs
VZMaT{* AM D$i|B0)p_$i1T0r#
dC Sun ONE Directory Server TxP SSL CJ
SSL JmTZ Tivoli Access Manager ~qM Sun ONE Directory Server .d+MD
}]xPS\,Ta)}]~=Mj{T#(i\m1tC SSL T#$ngC'\k
M(C}].`DE"#+G,SSL TZ Tivoli Access Manager DKP;GXhD#
K}L;h*ZWNhC Sun ONE Directory Server M IBM Tivoli Directory Client .
dD SSL (E14P#*tC SSL (E,Sun ONE Directory Server M IBM Tivoli
Directory Client yXkdC#
XZZ Sun ONE Directory Server OtC SSL CJDj{E",kND;ZTB Web
X7D Sun D5:
http://docs.sun.com/db/prod/s1dirsrv
jITB?VPD8>E":
v Z 347 3D:q!~qw$i;
v Z 347 3D:20~qw$i;
v Z 348 3D:tC SSL CJ;
SSL — Novell eDirectory Server
346 IBM Tivoli Access Manager for e-business: Web Security 208O
q!~qw$i
*tC SSL 'V,Sun ONE Directory Server h*\rM'z53$5dm]D$i#
~qw"M$i=M'z,T9M'z\T~qwxPO$#K$iF*~qw$
i#
9C Sun ONE Console 5.1 M$i20r<T("~qw$i:
1. t/ Sun ONE Server Console 5.2#
2. S0Sun ONE Server Console G<1T0rP,dkC?<~qwD\m1C'j
6"\kT0\m~qwD URL#
3. !q*I Tivoli Access Manager 9CDr#
4. 9*~qw{F#
5. 9*~qwi#
6. !qj"*?<~qwDu?#
aT>XZ Sun ONE Directory Server DdCE"#
7. %wr*#rCJK Sun ONE Directory Server#
8. %wdC!n(#
9. %wS\!n(#
10. i$4!P*K~qwtC SSL 4!r#
11. %wNq!n(,;s%w\m$i#
":$iD(C\?f"ZF*nFDZ?2+h8P,nFG\\k#$D#
WN%w\m$i4%1,aa>z4(CnFD\k#
12. =Ndk2+\k,;s%w7(#aT>\m$i0Z#
13. Z02+h81B-PmP,7#Q!qZ?(m~),"7#Q!q~qw$
i!n(#
14. %w;Z0ZW?Dks4%#aT>0$iksr<1fe#
15. 7#!qV/ks$i4%,;s%wB;=#
16. dkks=E",;s%wB;=#7#jIyPVN#1a>Lx1,%w
G#
17. 7#n/S\nFVN*Z?(m~)#
18. dk2+h8\k,;s%wB;=#
19. *+$iks#f=D~,%w#f=D~#*+ks4F=tye,%w4F
=tye#;s%w4PTjIks#
20. +ks(}gSJ~"MxO$PD\m1,r_=S#fDD~"+ks"M
xO$PD\m1#
20~qw$i
ZQSO$PDSU=$i.s,I(}jITB=h20$i:
1. r* Sun ONE Server Console 5.2#
2. %wNq!n(,;s%w\m$i#
3. 7#!q~qw$i,;s%w20#
4. k4PBPYw.;:
SSL — Sun ONE Directory Server
Z 24 B tC SSL 347
v *SD~20$i,!qZK>XD~P#
v *Z0ZP3yD>,!qZTBQ`kD>iP,4F$iDD>,;s%w
Stye3y#
5. %wB;=#
6. i$$iE"}7,;s%wB;=#
7. ZK$i+|{*VNP,dk$i{FrSU1!{F server-cert,;s%wB
;=#
8. dknF\k,;s%w4P#g{K}LI&,aT>0\m$i1fe,Ra
Z~qw$i!n(BPvC~qw$i{F#
9. Lx=:tC SSL CJ;#
tC SSL CJ
Kv$i20r<.s,a5X=T>*
DS\!n(
1. !q*K~qwtC SSL#
2. !q9C\k5P;RSA#
3. g{;rc*syZ$iDM'zO$,!q;JmM'zO$#
4. %w#f#
5. XBt/ Sun ONE Directory Server T9|Dz'#
":?Nt/~qw1yXkdkEN}]b\k#
VZMZ Sun ONE Directory Server OtCK SSL#SB4,zh*Z+d1 Sun
ONE Directory Server D LDAP M'zD IBM Tivoli Directory Client 53OtC
SSL#
SSL — Sun ONE Directory Server
348 IBM Tivoli Access Manager for e-business: Web Security 208O
kNDZ 349 3D:dC IBM Tivoli Directory Client TxP SSL CJ;#
dC IBM Tivoli Directory Client TxP SSL CJ
XkWHhC LDAP ~qwTxP SSL CJ,;sE\hC LDAP M'zTxP SSL
CJ#g{P4dC~qwTxP SSL CJ,kq-TBZ].;PD8>E":
v Z 335 3D:dC IBM Tivoli Directory Server TxP SSL CJ;
v Z 346 3D:dC Sun ONE Directory Server TxP SSL CJ;
v Z 344 3D:dC Novell eDirectory Server TxP SSL CJ;
v Z 340 3D:dC IBM z/OS M OS/390 2+~qwTxP SSL CJ;
k*~qw4(\?}]bD~`F,zXkZM'z53O4(\?}]bD~#
kG!*9M'zO$ LDAP ~qw,M'zXk6p4( LDAP ~qwD$iDO
$PD()p_)#g{ LDAP ~qwZ9CT)p$i,rXk9M'z\;+zI
LDAP ~qwD$iD536p*IEy(O$PD)#
*dC LDAP M'zTT LDAP ~qwxP SSL CJ,kjITB?VPD8>E
":
v Z 349 3D:4(\?}]bD~;
v Z 350 3D:mS)p_$i;
v Z 350 3D:bT SSL CJ;
4(\?}]bD~
9C gsk7ikm 5CLr4(\?}]bD~#*4(\?}]bD~,kq-TBb
)=h:
1. 7#Z LDAP ~qwMNN+9C SSL D LDAP M'zOy20 GSKit M
gsk7ikm 5CLr#
2. t/ gsk7ikm 5CLr,|;ZTB1!?<.;:
53 76
AIX /usr/lpp/ibm/gsk7/bin/gsk7ikm
HP-UX /opt/ibm/gsk7/bin/gsk7ikm
Linux /usr/local/ibm/gsk7/bin/gsk7ikm
Solaris /opt/IBM/gsk7/bin/gsk7ikm
Windows C:\Program Files\IBM\gsk7\bin\gsk7ikm.exe
3. *4(BD\?}]bD~,!q\?}]bD~ → B(#
4. i$ CMS \?}]bD~G!qD\?}]b`M#
5. ZD~{VNMz#{\?}]bD~&ZD;CVNdkE"#\?}]bD
~D)9{* .kdb#
6. %w7(#
7. dk\?}]bD~D\k"7O#
kG!K\k,r*`-\?}]bD~1|GXhD#
8. S\1!D=Z1d,r_|D*i/*sD=Z1d#
9. g{k*ZG\k"+df"=f"D~P,k!q+\kf"=D~P#
SSL — Sun ONE Directory Server
Z 24 B tC SSL 349
;)&CLrIT9Cf"D~,Sx&CLr^h*@\kM\9C\?}]
bD~#f"D~D;CM{Fk\?}]bD~`,,+)9{* .sth#
10. %w7(#bMjIK\?}]bD~D4(#P;i1!D)p_$i#b)
)p_$iGQ6pD1!O$PD#
*9M'z\O$ LDAP ~qw,M'zXk6p4( LDAP ~qwD$iDO
$PD()p_)#g{ LDAP ~qwZ9CT)p$i,rXk9M'z\;+
zI LDAP ~qwD$iD536p*IEy(O$PD)#
11. 4(\?}]bD~.s,+\?}]bD~DD~yP(|D* ivmgr#9CO
JDYw53|nT|DD~yP(#}g,Z UNIX 53O,dkTB|n:
# chown ivmgr keyfile
mS)p_$i
*Z4(K\?}]bD~.smS)p_$i,kq-TBb)=h:
1. g{** LDAP ~qw9CT)p$i,k7#SZ 337 3D:4(Mi!T)p
$i;PD\?}]bD~i!D$iQ4F=M'z53#g{P44F,r
kVZ4F#qr,k7#zP4( LDAP ~qw$iDO$PDD$i#
2. %wM'z CMS \?}]bD~D)p_$i?V#
3. %wmS#
4. S\ Base64 `k ASCII }]w*}]`M#
5. 8>$iDD~{0d;C#$iD~D)9{(#* .arm#
6. %w7(#
7. dkzZmSD)p_$iDj)#}g,zIT+ LDAP ~qwD53{FCw
j)#g{ LDAP ~qwD$iQIO$PD4(,zIT9CO$PDD{Fw
*j)#
8. %w7(#C$iaw*)p_$iT>ZM'zD\?}]bP#
9. ;vT>BmSD)p_$i,;s%wi4/`-#
10. 7#!qhC$iw*IEy,by$iMjG*IEy#
g{ LDAP ~qwD$iQI#fO$PD4(,k7#CO$PDw*)p_$
iPv,"jG*IEy#g{;G,r+O$PDD$iw*)p_$im
S,"8>|GIEy#
M'zVZMIT("k LDAP ~qwD SSL a0K#
bT SSL CJ
*bTQtC SSL CJ,IZ LDAP M'zOdkTB|n:
ldapsearch -h servername -Z -K client_keyfile -P keyfile_pwd-b "" -s base objectclass=*
|nd?gB:
d? hv
servername 8( LDAP ~qwD DNS wz{#
client_keyfile 8(zIDM'z\?D~D+^(76{#
keyfile_pwd 8(zID\?D~D\k#
SSL — IBM Tivoli Directory Client
350 IBM Tivoli Access Manager for e-business: Web Security 208O
K|n5X LDAP y>E",|( LDAP ~qwODs:#
ZZ 335 3D:dC IBM Tivoli Directory Server TxP SSL CJ;P LDAP ~q
wdCZd,zQ!qO$=(*~qwO$r~qwMM'zO$#
v g{!qDG~qwO$,r SSL hCVZQjI#
v g{!qDG~qwMM'zO$,r*A:dC LDAP ~qwMM'zO$;#
dC LDAP ~qwMM'zO$
ZgZ 338 3D:tC SSL CJ;PyvdC LDAP ~qwTtC SSL CJZd,
aa>z!q~qwO$r~qwMM'zO$#
g{!qDG~qwO$,r SSL dCQjI#
g{!qDG~qwMM'zO$,rVZXk*M'z53("$i#ZKO$=
=B,~qwksM'zD$i,"9CC$iO$M'zDm]#
**M'z53("$i,kjITB?VPD8>E":
v Z 351 3D:4(\?}]bD~;
v Z 352 3D:SO$PDq!vK$i;
v Z 352 3D:4(Mi!T)p$i;
v Z 353 3D:mS)p_$i;
v Z 354 3D:bT SSL CJ;
4(\?}]bD~
g{P44(M'z\?}]bD~,r9C gsk7ikm 5CLr4(\?}]bD~
M$i#g{Q4(\?}]bD~,r*AZ 352 3D:SO$PDq!vK$
i;#
*4(\?}]bD~M$i(T)pr)p),kq-TBb)=h:
1. 7#Z LDAP ~qwMNN+9C SSL DM'zOy20 GSKit M gsk7ikm#
2. t/ gsk7ikm 5CLr,|;ZTB1!?<.;:
53 76
AIX /usr/lpp/ibm/gsk7/bin/gsk7ikm
HP-UX /opt/ibm/gsk7/bin/gsk7ikm
Linux /usr/local/ibm/gsk7/bin/gsk7ikm
Solaris /opt/IBM/gsk7/bin/gsk7ikm
Windows C:\Program Files\IBM\gsk7\bin\ gsk7ikm.exe
3. !q\?}]bD~ → B(#
4. i$ CMS \?}]bD~G!qD\?}]b`M#
5. ZD~{VNMz#{\?}]bD~&ZD;CVNdkE"#\?}]bD
~D)9{* .kdb#
6. %w7(#
SSL — IBM Tivoli Directory Client
Z 24 B tC SSL 351
7. dk\?}]bD~D\k"7O#kG!K\k,r*`-\?}]bD~1
|GXhD#
8. S\1!D=Z1d,r_|D*i/*sD=Z1d#
9. g{k*ZG\k"+df"=f"D~P,k!q+\kf"=D~P#
;)&CLrIT9Cf"D~,Sx&CLr^h*@\kM\9C\?}]
bD~#f"D~D;CM{Fk\?}]bD~`,,+)9{* .sth#
10. %w7(#
bMjIK\?}]bD~D4(#P;i1!D)p_$i#b))p_$i
GQ6pD1!O$PD#
11. 4(\?}]bD~.s,+\?}]bD~DD~yP(|D* ivmgr#9CO
JDYw53|nT|DD~yP(#}g,Z UNIX 53O,dkTB|n:
# chown ivmgr keyfile
SO$PDq!vK$i
g{F.9C4TO$PD(}g VeriSign)D$ixGT)p$i,rXkSO$P
Dks$i,;sZ|jI.sxPSU#
g{F.9CT)p$i,rx}K?Vx*A:4(Mi!T)p$i;#
*ks"SU$i,kq-TBb)=h:
1. 9C gsk7ikm TSO$PDks$i,;s+BD$iSUx\?}]bD~P#
2. %w\?}]bD~DvK$iks?V#
3. %wB(#
4. *zIIT"M=O$PDDks,kn4E";s%w7(#
5. *ZO$PD5X$i.s+$i20=\?}]bD~,%wvK$i?V,;
s%wSU#
6. Z\?}]bD~P5P LDAP M'zD$i.s,ITmSO$PDD$i,d
PO$PDQ+M'zD$i4(= LDAP ~qw#
7. Lx=Z 353 3D:mS)p_$i;#
4(Mi!T)p$i
g{Qg:SO$PDq!vK$i;PyvSQ*O$PDq!$i,rx}K?
V"*AZ 353 3D:mS)p_$i;#
*4(BDT)p$i"+df"=\?}]bD~P,kq-TBb)=h:
1. t/ gsk7ikm 5CLr,|;ZTB1!?<.;:
53 76
AIX /usr/lpp/ibm/gsk7/bin/gsk7ikm
HP-UX /opt/ibm/gsk7/bin/gsk7ikm
Linux /usr/local/ibm/gsk7/bin/gsk7ikm
Solaris /opt/IBM/gsk7/bin/gsk7ikm
Windows C:\Program Files\IBM\gsk7\bin\gsk7ikm.exe
2. !q4( → B(T)p$i#
SSL - ~qwMM'zO$
352 IBM Tivoli Access Manager for e-business: Web Security 208O
3. Z\?j)VNdk{F,GSKit I9CC{FZ\?}]bPj6KBD$i#
}g,Cj)ITG LDAP M'zD53{F#
4. S\f>VND1!5(X509 V3)M\?s!VND1!5#
5. S\K$i1!D53{FrZ +2{FVNdk;,D(P{F#
6. Zi/VNdk+>{F#
7. jINNI!VNr#t|G*U#
8. TzRrXxVNS\1!5,T P'ZVNS\5 365,2IT|D|GT{O
i/D*s#
9. %w7(#GSKit zIBD+CM(C\?T"4($i#
g{Z\?}]bD~PP`vvK$i,GSKit a/JzGqk*9K\?I*
}]bPD1!\?#ITS\|GPD;vw*1!\?#g{4a)j)T
!q9CDv$i,raZKP19C1!$i#
bMjIK LDAP M'zDvK$iD4(#|aT>Z\?}]bD~D0vK
$i1?V#9C\?\m5CLrDPduZ#fZ\?}]bD~PD$i
`M.dxP!q#
C$i9aT>Z\?}]bD~D0)p_$i1?V#1zZ\?}]bD
0)p_$i1?VP1,ki$BD$i2ZGo#
SE,Xk+ LDAP ~qwD$ii!= Base64 `kD ASCII }]D~#
10. 9C gsk7ikm + LDAP ~qwD$ii!= Base64 `kD ASCII }]D~#
11. ;vT>zUE4(DT)p$i#
12. %wi!$i#
13. %w Base64 `k ASCII }]w*}]`M#
14. *Bi!D$idk$iD~{#$iD~D)9{(#* .arm#
15. dkzk*C4f"i!D$iD;C,;s%w7(#
16. +Ki!D$i4F= LDAP ~qw53#
Z LDAP ~qwO,ZM'zDvK$iQ4("mS=M'z\?}]bD~.s,
4(CM'z$iDO$PDXk6p*)p_$i(IEy)#
mS)p_$i
XkZ LDAP ~qwO4PK=h#
*Z4(K\?}]bD~.smS)p_$i,kq-TBb)=h:
1. k4PBPYw.;:
v g{**M'z9CT)p$i,k7#SZ 352 3D:4(Mi!T)p$
i;PD\?}]bD~i!D$iQ4F=~qw53#g{P44F,r
kVZ4F,"x}TB=h#
v g{M'z$iQIO$PD4(,r9CTB=h+O$PDD$iw*I
E)p_mS#
2. %wM'z CMS \?}]bD~D)p_$i?V#
3. %wmS#
4. %w Base64 `k ASCII }]ThC}]`M#
5. 8>$iDD~{0d;C#$iD~D)9{(#* .arm#
SSL - ~qwMM'zO$
Z 24 B tC SSL 353
6. %w7(#
7. dkzZmSD)p_$iDj)#}g,zIT+ LDAP M'zD53{FCw
j),r_9CzIM'zD$iDO$PDD{F#
8. %w7(#CT)p$iaw*)p_$iT>ZM'zD\?}]bP#
9. ;vT>BmSD)p_$i,;s%wi4/`-#
10. 7#!qhC$iw*IEy,by$iMjG*IEy#
g{ LDAP M'zD$iQI#fO$PD4(,k7#CO$PDw*)p_$
iPv,"jG*IEy#g{;G,r+O$PDD$iw*)p_$im
S,"8>|GIEy#
~qwVZMIT("k LDAP M'zD SSL a0K#
11. Lx=:bT SSL CJ;#
bT SSL CJ
Z LDAP ~qw6p4(KM'zvK$iDO$PD.s,(}Z LDAP M'zO
9CTB|nbT SSL CJ:
ldapsearch -h servername -Z -K client_keyfile -P key_pw -N \client_label -b "" -s base objectclass=*
|nd?gB:
d? hv
servername LDAP ~qwD DNS wz{#
client_keyfile zIDM'z\?7D+^(76{#
key_pw zID\?7D\k#
client_label k\?`X*Dj)(g{fZ)#KVNGI!
D,R;Z LDAP ~qwdC*H4P~qwO$2
4PM'zO$DivBh*#
ldapsearch |n5X LDAP y>E",|( LDAP ~qwODs:#k"b –N N
}8>1M'zDvK$imS=M'zD\?}]bD~18(Dj)#
":kp8( LDAP ~qwD)p_$ij)# –N !nr GSKit 8>1ks1Dv
M'z$iQ"M=~qw#g{48(NNj),r1~qwksM'zD$
i1,a"M1!vK$i#
VZMjIK SSL hC#
SSL - ~qwMM'zO$
354 IBM Tivoli Access Manager for e-business: Web Security 208O
Z 25 B AIX:208C policy server
ITdC8C~qwZ53JOrbb#zDivBS\ policy server &\#1 policy
server 1z1,8C policy server ad1w policy server,1Aw policy server VP
#Kd-4DG+#SE,8C policy server +X4*8CG+#ZNNx(1L,;
P;vn/D policy server R;P;v_T}]b2m1>#
Tivoli Access Manager 'VZ\'VD AIX =(O9C;v8C policy server#Kb,
?p8C policy server h*20"dC_ICT:/`&m(HACMP)m~ - Cm
~G;V:/bv=8,hF*(}i~_`M&CLrJO*Fa)TX|5q}
]M&CLrD_ICTCJ#
>B|,BP?V:
v Z 356 3D:200*s;
v Z 357 3D:HACMP 73&C!O;
v Z 366 3D:4(8C policy server 73;
HACMP &C!Ow*(C8Oa),rzT>gN20"dC HACMP 73T9C8
C policy server \&#Z20 HACMP 73.s,kq-XZZ Tivoli Access Manager
2+rP4(8C policy server DX(Zz7D8>E"#*KzD=c,a)KE>
M>}#
XZ:/M HACMP Dj8E",kNDTB Web >c:
http://www.ibm.com/servers/eserver/clusters/software/
http://www.ibm.com/servers/aix/products/ibmsw/ high_avail_network/hacmp.html
fr
v IT4(;vw policy server M;v8C policy server#
v w policy server M8C policy server yXk$tZ AIX 53O,dP AIX
53G_ICT:/`&m(HACMP)73D;?V#
v ?v AIX 53Xk_PT*}]_`TxdCD2mELsPDCJ(#
v policy server y9CD_T}]bMdCD~Xk$tZ2mELsPO#
v Xka)"am~qw(}g IBM Tivoli Directory Server 5.2),"20ZV
kD53O#
© Copyright IBM Corp. 2001, 2003 355
200*s
Z20w/8C policy server 73.0,k7#zcTBu~:
v 7#=(zw(wM8C)&Z,;,$|,R_P`FD2~/T\\&#\'
VD,$|gB:
– TZ AIX 5.1,,$| 3 r|_f>
– TZ AIX 5.2,,$| 1 r|_f>
v 7#ZwM8C policy server 53O,HACMP 4.5 r|_f>yQ20"dC"}
ZKP#
v 7#20K2mD~53#}g,IT+b?yZ SSA Df"w~(}gyZ SSA
D 7133 ME T40 f"wG),S==v53#
XZ20y> HACMP 73D(C8>E",kNDZ 357 3OD&C!O#
AIX:208C policy server
356 IBM Tivoli Access Manager for e-business: Web Security 208O
HACMP 73&C!O
K&C!O;G;vITgN20"dC HACMP 73T9C8C policy server \&
D>}#ZK>}P,kd|*8C policy server \&a)D HACMP 73`F,z
Xk*w53D~q IP X7D IP X7S\T0*=b?D~53D2mCJdC
HACMP 73#
XZgNdC"20b)73D|`j{j8E",kND:r>z71|,D
HACMP D5#g{zPNNf0= HACMP D~qJb,k*5b)z7D IBM '
V#
K&C!Oa)XZZ=v AIX 53D?;vOf20 policy server D8>E"#Z
K&C!OD{v}LP9CDwz53gB:
v tucana _P~q IP X7 192.168.2.13,}< IP X7 192.168.2.79,T08C IP
X7(CX7Xkk~qM}< IP X7;Z;,DSxO)192.168.3.2#b) IP
X7*sZ tucana Oa)=vxgJdw(}gT+xJdw)#;h*=vxgJ
dw,r*Z HACMP 73P,1 HACMP :/Z HACMP ZcOt/.s,a
$n~q IP X7x!{$n}< IP X7
v perseus _P~q IP X7 192.168.2.14,}< IP X7 192.168.2.80,T08C
IP X7(CX7Xkk~qM}< IP X7;Z;,DSxO)192.168.3.3#b)
IP X7*sZ perseus Oa)=vxgJdw(}gT+xJdw)#
":?v AIX 53OD~qM}< IP X7+9C,;vxgJdw#?v AIX 53
OD8C IP X7+9Cm;vxgJdw#
+Zw AIX 53O20MdCw policy server#K&C!OPDwwz53* tucana#
+Zm;v#`D AIX 53O20MdC8C policy server#K&C!OPm;vw
z53* perseus#
2~*s
K&C!OP9CTB2~#y]zDdC,2~*s+;,#
v xPTB2~D=v AIX 53:
– ,S"dC=xgD=vT+xrnF7(
– S;v AIX 53OD.PKZ,S=m;v AIX 53OD.PKZD.P
gB
":?v AIX 53Xk\; ping m;v AIX 53D IP X7#
– SSA Jd(
v yZ SSA DELsP,}g:IBM 7133 ME T40 f"w~r IBM 7133 D40
z\20G
v }u SSA ,SgB#=u(?v AIX 53;u),S=ELsP,;u,S
Z=v AIX 53.d
v =v AIX 53OD IBM AIX 5.1 Service Pack 3((iDf>M service pack)
20 CD#g{9Cd|f>,rf>M service pack 6pXkZ=(zwO%
d#
AIX:208C policy server
Z 25 B AIX:208C policy server 357
9CTB&C!OZ AIX O20y> HACMP 73:
1. 9C AIX 20 CD 20 AIX 5.1 Yw53,|(yPy> rsct m~|M Service
Pack 3#*liYw536p,dk:
oslevel -r
g{0P Service Pack 3,rT> 5100–03#
2. 20%@:rD HACMP V4.5 ES/CRM m~T0NNyhD AIX y!Yw53X
8m~#
3. (}4PTBYw|BD~E":
a. Z=v AIX 53OD /etc/hosts D~P,dkyPx(,SDwz{M IP X
7#}g,g{Z=v53.dPDv,Sx(,r /etc/hosts D~Xk|,
`FTB>}DP:
# @(#)47 1.1 src/bos/usr/sbin/netstart/hosts, cmdnet, bos510 7/24/91 10:46## COMPONENT_NAME: TCPIP hosts## FUNCTIONS: loopback## ORIGINS: 26 27## (C) COPYRIGHT International Business Machines Corp. 1985, 1989# All Rights Reserved# Licensed Materials - Property of IBM## US Government Users Restricted Rights - Use, duplication or# disclosure restricted by GSA ADP Schedule Contract with IBM Corp.## /etc/hosts## This file contains the hostnames and their address for hosts in the# network. This file is used to resolve a hostname into an Internet# address.## At minimum, this file must contain the name and address for each# device defined for TCP in your /etc/net file. It may also contain# entries for well-known (reserved) names such as timeserver# and printserver as well as any other host name and address.## The format of this file is:# Internet Address Hostname # Comments# Items are separated by any number of blanks and/or tabs. A ’#’# indicates the beginning of a comment; characters up to the end of the# line are not interpreted by routines which search this file. Blank# lines are allowed.
# Internet Address Hostname # Comments# 192.9.200.1 net0sample # ethernet name/address# 128.100.0.1 token0sample # token ring name/address# 10.2.0.2 x25sample # x.25 name/address127.0.0.1 loopback localhost # loopback (lo0) name/address192.168.2.13 tucana192.168.2.79 tucana-boot192.168.3.2 tucana-stby192.168.2.14 perseus192.168.2.80 perseus-boot192.168.3.3 perseus-stby
b. `- /.rhosts D~T7#d|,}7Dwz{#}g:
AIX:208C policy server
358 IBM Tivoli Access Manager for e-business: Web Security 208O
perseusperseus-bootperseus-stbytucanatucana-boottucana-stby
c. *hC}7DmI(,IKPTB|n:
chmod 600 /.rhosts
d. `- /etc/rc.net D~"mSb)P:
no -o thewall=10240no -o routerevalidate=1no -o ipqmaxlen=512
4. dC HACMP :/#*jIbnYw,kN< HACMP m~D5#I9C:>}
HACMP dC;w*8O#
>} HACMP dC
K?V* Tivoli Access Manager a)dMD HACMP dC>}#K>}5wZ4P5
JbTC}16q=D SMITTY K%fe#K>}Dw?VgB:
v Z 360 3D:Z 1 ?V:\e HACMP :/XK;
hv HACMP 73D\e:/XK,|(Zc{F"xg(eT0d|`XE"#
v Z 362 3D:Z 2 ?V:HACMP XKPD:/J4;
hv HACMP :/XKPD:/J4,|(J4iM2mD~53#
v Z 366 3D:Z 3 ?V:HACMP XKPD&CLr~qw(e;
hv HACMP :/XKPD&CLr~qw(e(K>}P* policy server)#
< 3 5wK2mb?f"wGD+53(r+Zc)dC#
w(tucana)M8C(perseus)policy server 2myZ SSA Db?f"wG#1w
policy server IZJO*FB~(}gxgr2~JO)x1z1,8C53OD
HACMP m~6pKB~,"S\w policy server D~q IP X7# HACMP m~9
< 3. 8C policy server dC
AIX:208C policy server
Z 25 B AIX:208C policy server 359
Z8C53O202mD~53"t/8C policy server#Z8C53OD HACMP m
~6pvw53Q4-.0,8C policy server #VKw#w534-.s,w53O
D HACMP m~4PTBYw:
1. V4Tkw53`X*D~q IP X7DXF
2. 202mD~53
3. t/w policy server
":Zw53OD HACMP m~4Pb)YwD,1,8C53OD HACMP m~#
98C policy server,602mD~53,"EzTw policy server D~q IP X
7DXF#
TB>}5wK|,w policy server M8C policy server D HACMP 73#Z?v
SMITTY A;6=.0GK%cNa9,zXk(}K%cNa9E\T>A;#
Z 1 ?V:\e HACMP :/XK
SMITTY K%cNa9:
HACMP for AIX- :/dC- :/XK- T>:/XK- T>:/XK
|n4,
|n:OK stdout:yes stderr:no
Z|njI.0,I\T>gB=S8>E"#
[TOP]:/ am51bos D:/hv:/j6:1(eK=vxg:tucanaip,tucanatty1K:/PP 2 vZc
Zc perseus:KZcP=v 2 ~qSZ:
~qSZ perseus:IP X7: 192.168.2.142~X7:xg: tucanaiptT: public
~qSZ perseus _PI\DydC:y(8C~q)SZ:perseus-boot
IP X7: 192.168.2.80xg: tucanaiptT: public
~qSZ perseus _P 1 v8CSZ8CSZ 1:perseus-stby
IP X7: 192.168.3.3xg: tucanaiptT: public
~qSZ perseus-tty1:IP X7: /dev/tty1
AIX:208C policy server
360 IBM Tivoli Access Manager for e-business: Web Security 208O
2~X7:xg: tucanatty1tT: serial
~qSZ perseus-tty1 ;P8CSZ
Zc tucana:KZcP=v 2 ~qSZ:
~qSZ tucana:IP X7: 192.168.2.132~X7:xg: tucanaiptT: public
~qSZ tucana _PI\DydC:y(8C~q)SZ:tucana-boot
IP X7: 192.168.2.79xg: tucanaiptT: public
~qSZ tucana _P 1 v8CSZ8CSZ 1:tucana-stby
IP X7: 192.168.3.2xg: tucanaiptT: public
~qSZ tucana-tty1:IP X7: /dev/tty12~X7:xg: tucanatty1tT: serial
~qSZ tucana-tty1 ;P8CSZ
xg,SDPO:
=xg tucanaip D,SZc perseus (}TBb)SZ,S=xg tucanaip:
perseus-bootperseusperseus-stby
Zc tucana (}TBb)SZ,S=xg tucanaip:tucana-boottucanatucana-stby
=xg tucanatty1 D,SZc perseus (}TBb)SZ,S=xg tucanatty1:
perseus-tty1
Zc tucana (}TBb)SZ,S=xg tucanatty1:tucana-tty1
[BOTTOM]
AIX:208C policy server
Z 25 B AIX:208C policy server 361
Z 2 ?V:HACMP XKPD:/J4
SMITTY K%cNa9:
HACMP for AIX- :/dC- :/J4- T>:/J4- 4ZcT>J4E"- !qZc{- perseus
|n4,
|n:OK stdout:yes stderr:no
Z|njI.0,I\T>gB=S8>E"#
[TOP]
J4i{F tucanasipZcX5 cascadingNkZc{ tucana perseus~q IP j) tucanaD~53 /am510fs1D~53;BTli fsckD~53V4=( sequential*<vDD~53/?< /am510fs1*20 NFS DD~53NFS 20Dxgmi am510vg""miEL
2mExJ4AIX ,S~qAIX l,S~q&CLr~qw PDMGR_IC(E47Sn}]T/<kmi false;n/DS\ false^XK6* false9333 EL@$ falseSSA EL@$ falsedC IP .020DD~53 false
J4i{F perseusipZcX5 cascadingNkZc{ perseus tucana~q IP j) perseusD~53D~53;BTli fsckD~53V4=( sequential*<vDD~53/?<*20 NFS DD~53NFS 20Dxgmi""miEL
2mExJ4AIX ,S~qAIX l,S~q&CLr~qw_IC(E47
AIX:208C policy server
362 IBM Tivoli Access Manager for e-business: Web Security 208O
Sn}]T/<kmi false;n/DS\ false^XK6* false9333 EL@$ falseSSA EL@$ falsedC IP .020DD~53 false
KP1N}:
Zc{ perseuswT6p highwz9C NIS r{F~qw false
[BOTTOM]
SMITTY K%cNa9:
HACMP for AIX- :/dC- :/J4- T>:/J4- 4ZcT>J4E"- !qZc{- tucana
|n4,
|n:OK stdout:yes stderr:no
Z|njI.0,I\T>gB=S8>E"#
[TOP]
J4i{F tucanasipZcX5 cascadingNkZc{ tucana perseus~q IP j) tucanaD~53 /am510fs1D~53;BTli fsckD~53V4=( sequential*<vDD~53/?< /am510fs1*20 NFS DD~53NFS 20Dxgmi am510vg""miEL
2mExJ4AIX ,S~qAIX l,S~q&CLr~qw PDMGR_IC(E47Sn}]T/<kmi false;n/DS\ false^XK6* false9333 EL@$ falseSSA EL@$ falsedC IP .020DD~53 false
AIX:208C policy server
Z 25 B AIX:208C policy server 363
J4i{F perseusipZcX5 cascadingNkZc{ perseus tucana~q IP j) perseusD~53D~53;BTli fsckD~53V4=( sequential*<vDD~53/?<*20 NFS DD~53NFS 20Dxgmi""miEL
2mExJ4AIX ,S~qAIX l,S~q&CLr~qw_IC(E47Sn}]T/<kmi false;n/DS\ false^XK6* false9333 EL@$ falseSSA EL@$ falsedC IP .020DD~53 false
KP1N}:
Zc{ tucanawT6p highwz9C NIS r{F~qw false
[BOTTOM]
SMITTY K%cNa9:
HACMP for AIX- :/dC- :/J4- T>:/J4- 4J4iT>J4E"
- !qJ4i{- perseusip
|n4,
|n:OK stdout:yes stderr:no
Z|njI.0,I\T>gB=S8>E"#
J4i{F perseusipZcX5 cascadingNkZc{ perseus tucana~q IP j) perseusD~53D~53;BTli fsckD~53V4=( sequential*<vDD~53/?<*20 NFS DD~53
AIX:208C policy server
364 IBM Tivoli Access Manager for e-business: Web Security 208O
NFS 20Dxgmi""miEL
2mExJ4AIX ,S~qAIX l,S~q&CLr~qw_IC(E47Sn}]T/<kmi false;n/DS\ false^XK6* false9333 EL@$ falseSSA EL@$ falsedC IP .020DD~53 false
KP1N}:
Zc{ perseuswT6p highwz9C NIS r{F~qw false
Zc{ tucanawT6p highwz9C NIS r{F~qw false
SMITTY K%cNa9:
HACMP for AIX- :/dC- :/J4- T>:/J4- 4J4iT>J4E"
- !qJ4i{- tucanasip
|n4,
|n:OK stdout:yes stderr:no
Z|njI.0,I\T>gB=S8>E"#
J4i{F tucanasipZcX5 cascadingNkZc{ tucana perseus~q IP j) tucanaD~53 /am510fs1D~53;BTli fsckD~53V4=( sequential*<vDD~53/?< /am510fs1*20 NFS DD~53NFS 20Dxgmi am510vg""miEL
2mExJ4AIX ,S~qAIX l,S~q&CLr~qw PDMGR
AIX:208C policy server
Z 25 B AIX:208C policy server 365
_IC(E47Sn}]T/<kmi false;n/DS\ false^XK6* false9333 EL@$ falseSSA EL@$ falsedC IP .020DD~53 false
KP1N}:
Zc{ tucanawT6p highwz9C NIS r{F~qw false
Zc{ perseuswT6p highwz9C NIS r{F~qw false
Z 3 ?V:HACMP XKPD&CLr~qw(e
SMITTY K%cNa9:
HACMP for AIX- :/dC- :/J4- (e&CLr~qw- |D/T>&CLr~qw
|D&CLr~qw
ZdkVNdkr!q5#ZxPKyP#{D|D.s4 Enter |#
[dkVN]~qw{F PDMGRBD~qw{F [PDMGR]t/E> [/usr/bin/pd_start start]#9E> [/usr/bin/pd_start stop]
4(8C policy server 73
*4(8C policy server 73,kq-TBb)=h:
1. Zw policy server M8C policy server 53O,<4( ivmgr C'j6"ivmgrij6"tivoli C'j6M tivoli ij6#
Z4(b)j6.0,k7#?v53OD /etc/security/limits D~_P`,D
1!hC(dPf0=C'j6Mij6D4()#PX*7#Z=v53O,C
'j6Mij6Tj+`,DXw4(# *4(b)j6,k4PTBYw.;:
v 9C SMITTY 5CLrT7#=v AIX 53*?vj6y9C`,D}V#}
g,=v53TZ ivmgr C'j6Xk_P`,Dj6E#mb,b 4 vj6
P?;vDj6EXk;,#
v 4(`FZZ 371 3D:E>:*w53M8C53hC UID;Py>y>DE
>#KPKE>* ivmgr M tivoli C'MihC UID#}g,g{KE>{*
AIX:208C policy server
366 IBM Tivoli Access Manager for e-business: Web Security 208O
setivug,rTB|n+4(j6* 250 D ivmgr i"j6* 251 D ivmgr C
'"j6* 260 D tivoli iT0j6* 261 D tivoli C'#
./setivug 250 251 260 261
":Z"T4(b 4 v UID 5.0k7#=v53Oy4Z9C|G#
2. Z=v53OdC"t/ HACMP :/.s,Zb=v53OI20D2mD~5
3P4(;v?<(}g /share)#}g,ZyZ SSA D2mb?f"w~O4(
/share ?<#*jIbnYw,kq-TBb)=h:
a. 9C+#1w policy server D53,Z2mD~53P4( /share ?<#K2
m?<;ZyZ SSA Db?f"w~,|+|,XkZwM8C policy server
.d2mDX|E"#
b. 4({* PolicyDirector D /share S?<(/share/PolicyDirector)#9k
7# ivmgr GyP_,x ivmgr Gkb=v?<`X*Di#
c. 9C SMITTY HACMP K%T#b IP S\&C!O#*4PKYw,I9C
%xDJO*FXU==#9w policy server zwOD:/~q#
1Zw policy server OjI:/XU.s,8C policy server +S\w policy
s e r v e r D ~ q I P X 7 , " \ C J 2 m D ~ 5 3 P D / s h a r e M
/share/PolicyDirector ?<#
d. S8C policy server 53"v ls –l |nTi$b=v?<yk ivmgr C'M
ivmgr i`X*#
e. Zw policy server OXBt/:/#XBt/jI.s,~q IP X7+4-=
w policy server 53,R2mD~53+20Zw policy server 53O#
3. Zw policy server O,4PTBYw:
a. 9C install_ammgr r<r>z20=(,20"dCXhD Tivoli Access
Manager i~#`X8>E",kNDZ 97 3DZ 5 B, :20 policy
server;#
Z 368 3D< 45wK20"dCw policy server .s\?D~D;C#
AIX:208C policy server
Z 25 B AIX:208C policy server 367
b. #9w policy server#
c. `- /opt/PolicyDirector/ivmgrd.conf D~"4PTBYw:
1) Z [ssl] ZZ,+ ssl-io-inactivity-timeout u?D5|D* 300#
2) Z [configuration-database] ZZ,|B file= u?T8>2mb?D~
5 3 P D i v m g r d . c o n f . o b f D ~ D + ^ ( ; C # } g :
file=/share/PolicyDirector/ivmgrd.conf.obf
d. `- /opt/PolicyDirector/pd.conf D~"|Dw policy server Dwz{T%
d~q IP SZDwz{,Cwz{GZK53D HACMP dCPdCD#ZZ
357 3D:HACMP 73&C!O;PhvD>}P,Kwz{D5* tucana#
e. Z+|D#f=dCD~.s,4(`FZZ 373 3D:E>:4Sw53O
DD~M?<;Py>y>DE>#Zw policy server OKPKE>,T+Xh
DD~M?<4S=2mD~53(/share)#
Z 369 3D< 55wKZ\?D~QFA2mD~53.s|GD;C#k"b
K1P4dC8C policy server#
< 4. u<dC.sDw policy server
AIX:208C policy server
368 IBM Tivoli Access Manager for e-business: Web Security 208O
f. XBt/w policy server#
g. gZ 374 3y>i$?<a9"D~;C"m4SMD~mI(#
4. Z8C policy server O,4PTBYw:
a. 9C>z205CLr(}g installp)20(;dC)XhD Tivoli Access
Manager i~#`X8>E",kNDZ 98 3D:AIX:20 policy server;#
b . 7 # H A C M P : / } K P Z K 5 3 O , " i $ 2 m b ? D ~ 5 3
(/share/PolicyDirector)ICJ#bGX*D,bydC}LM\CJf"
ZD~53PD .conf D~#
*98C policy server \CJK2mb?D~53,XkXUw policy server#
*4PKYw,I(}Zw policy server 53O8(%xDJO*FXU==9
C SMITTY HACMP K%4#9:/~q#:/ZK53O#9.s,;)
HACMP JO*FYwjI(&1;,} 1 VS),i$8C policy server 5
3QS\w policy server D~q IP X7,"i$2mD~53Q20Z8C
policy server 53O#
c. 9C pdconfig 5CLrdC8C policy server#`X8>E",kNDZ 98
3D:AIX:20 policy server;#
":w policy server ^hKPM\dC8C policy server#+G,Iw policy
server 9CD"am~qwXkIC,"}KPZkw policy server 53;
,D53O#
dCZd,pdconfig 5CLrlb= policy server dCQfZ#TTBa>l
& y(G):
A policy server is already configured to this LDAP server. A secondpolicy server may be configured for migration or standby purposes ONLY!Would you like to configure a second policy server to this LDAP server(y/n) [No]? yUse this policy server for standby (y/n) [No]: y
C=a>1,dk ivmgrd.conf D~(VP policy server dCD~)D0+^
(1;C#}g,g{2m?<* /share,rdkTB;C:
< 5. O"2mD~53D9C.sDw policy server
AIX:208C policy server
Z 25 B AIX:208C policy server 369
/share/PolicyDirector/ivmgrd.conf
pdconfig 5CLr+KD~D;v4SEC= /opt/PolicyDirector/etc ?<
P,"^D ivmgrd.conf D~TtC8CYw#
":ZI&dC8C policy server .s,8C policy server ;at/#;PZ
KPZ8C policy server OD HACMP m~lb=JO*Fu~.s,|
EaT/t/#qr,g{wM8Cb=v policy server "TT""==K
P,rI\"zOXDmsMe;#
d. 4(`FZZ 376 3D:E>:S AIX 53D~4S=8C53OD2m?<;
Py>y>DE>#KPKE>TS AIX 53D~4S=2m?<#
e. gZ 377 3y>i$?<a9"D~;C"m4SMD~mI(#
":IZ=v532m,;v?<,yT8C~qwOD /share/PolicyDirector
DZ]Xkkw~qwyT>DZ]j+;y#
VZMjIKwM8C policy server DdC#K1,HACMP :/Zw policy server 5
3OXU,xZ8C policy server 53Or*#
ZbT policy server JO*F\&.0,Xk4Pi$T7# HACMP dCQ+ policy
server I4PLr8(*&CLr~qw#*9C SMITTY 5CLrjIKYw,k
S0HACMP :/J41fe!qT>:/J4TT>:/J4#*(e&CLr~q
w,kS HACMP0(e&CLr~qw1fe!qmS&CLr~qw!n#!qK
Kfe.s,M8(K policy server I4PLrDt/E>(/usr/bin/pd_start
start)M#9E>(/usr/bin/pd_start stop)#
< 6 5wKZ9C>z20=(dC8C policy server .s\?D~D;C#94(
K=2m53PDb)\?D~D`&4S#
< 6. jIDw/8C policy server 73
AIX:208C policy server
370 IBM Tivoli Access Manager for e-business: Web Security 208O
Zi$K&CLr~qwdC.s,VZMITj+$n HACMP w/8C policy
server dCK#*$nKdC,XkXBt/w policy server 53OD HACMP :/#
KYw+t/w policy server,"+8C policy server CZ8C==#
E>:*w53M8C53hC UID9C`FBfDE>ZwM8C policy server 53O* ivmgr M tivoli C'Mih
C UID#
AIX:208C policy server
Z 25 B AIX:208C policy server 371
#!/bin/ksh## This script sets the uid values for the ivmgr user and the ivmgr group# to values that are specified on the command line when this script is# executed. In addition, this script defines the tivoli group uid and the# tivoli user uid.## The first parameter ($1) is the uid for the ivmgr group. The second parameter# ($2) is the uid for the ivmgr user. The third parameter ($3) is the uid# for the tivoli group. The fourth parameter ($4) is for the tivoli user uid.# Before executing this script, insure that the four uid values ARE NOT already# being used on either system.## Due to the importance of these values, it is ABSOLUTELY necessary on the# system which will run as the Standby Policy Server to set the ivmgr group# uid and the ivmgr user uid to MATCH the corresponding settings for these# entities on the system which is serving as the Primary Policy Server. Also,# since the definition of the ivmgr user has membership in the tivoli group,# then it is also necessary to create the tivoli group as well. Finally, since# the tivoli group contains the tivoli user, then then tivoli user, with the# appropriate uid, must be defined as well. These user/group settings insure# consistency across the two policy servers allowing for each system to take# over the role of the Primary Policy Server when it is appropriate.# Otherwise, the Standby Policy Server will not run or will not even configure# correctly if these values are not the same on BOTH systems.## Note that this script, setivug, MUST be run BEFORE the Standby Policy Server# is installed. As a matter of fact, it is recommended that this script be run# BEFORE any Access Manager software is installed on either the Primary OR the# Standby Policy server. In this way, all four of these ID’s will be consistent# across BOTH systems.#set -eset -x## Create the ivmgr and tivoli groups with the appropriate uids#mkgroup -’A’ id="$1" ivmgrmkgroup -’A’ id="$3" tivolix() {LIST=SET_A=for i in "$@"doif [ "$i" = "admin=true" ]thenSET_A="-a"continuefiLIST="$LIST \"$i\""doneeval mkuser $SET_A $LIST}## Now define the ivmgr user uid to be a part of the staff, tivoli, and ivmgr groups.# (Enter the following command on one continuous line.)#x id="$2" pgrp=’staff’ groups=’staff,tivoli,ivmgr’ home=’/opt/PolicyDirector’
shell=’/usr/bin/ksh’ gecos=’Policy Director Manager’ ivmgr## Now define the tivoli user uid to be a part of the staff and tivoli groups.# (Enter the following command on one continuous line.)#x id="$4" pgrp=’staff’ groups=’staff,tivoli’ home=’/home/tivoli’ shell=’/usr/bin/ksh’
gecos=’Owner of Tivoli Common Files’ tivoli#
AIX:208C policy server
372 IBM Tivoli Access Manager for e-business: Web Security 208O
E>:4Sw53ODD~M?<
9C`FBfDE>4Sw policy server 53OXhDD~M?<#
#!/bin/ksh#
# Save a copy of the 3 files below under the .bkp extensioncp -p /opt/PolicyDirector/etc/pd.conf /opt/PolicyDirector/etc/pd.conf.bkpcp -p /opt/PolicyDirector/etc/ivmgrd.conf /opt/PolicyDirector/etc/ivmgrd.conf.bkpcp -p /opt/PolicyDirector/etc/ivmgrd.conf.obf /opt/PolicyDirector/etc/ivmgrd.conf.obf.bkp
# Move configuration files to shared directory on the external file systemmv /opt/PolicyDirector/etc/pd.conf /share/PolicyDirectormv /opt/PolicyDirector/etc/ivmgrd.conf /share/PolicyDirector/ivmgrd.confmv /opt/PolicyDirector/etc/ivmgrd.conf.obf /share/PolicyDirector/ivmgrd.conf.obf
# Link the configuration files back to the original installation directory# and change the ownership and group of these links to ivmgr.ln -s /share/PolicyDirector/pd.conf /opt/PolicyDirector/etcln -s /share/PolicyDirector/ivmgrd.conf /opt/PolicyDirector/etcln -s /share/PolicyDirector/ivmgrd.conf.obf /opt/PolicyDirector/etcchown -h ivmgr /opt/PolicyDirector/etc/ivmgrd.confchown -h ivmgr /opt/PolicyDirector/etc/ivmgrd.conf.obfchown -h ivmgr /opt/PolicyDirector/etc/pd.confchgrp -h ivmgr /opt/PolicyDirector/etc/ivmgrd.confchgrp -h ivmgr /opt/PolicyDirector/etc/ivmgrd.conf.obfchgrp -h ivmgr /opt/PolicyDirector/etc/pd.conf
# For the keytab, db and lock subdirectories, create a backup of these directories,# move their contents to the shared external file system, and link the files in# these directories back to the original installation directory.
cp -R -p /var/PolicyDirector/keytab /var/PolicyDirector/keytab_bkpmv /var/PolicyDirector/keytab /share/PolicyDirectorln -s /share/PolicyDirector/keytab /var/PolicyDirector
cp -R -p /var/PolicyDirector/db /var/PolicyDirector/db_bkpmv /var/PolicyDirector/db /share/PolicyDirectorln -s /share/PolicyDirector/db /var/PolicyDirector
cp -R -p /var/PolicyDirector/lock /var/PolicyDirector/lock_bkpmv /var/PolicyDirector/lock /share/PolicyDirectorln -s /share/PolicyDirector/lock /var/PolicyDirector
# Change the ownership and group of these links to ivmgr.chown -h ivmgr /var/PolicyDirector/dbchown -h ivmgr /var/PolicyDirector/keytabchown -h ivmgr /var/PolicyDirector/lockchgrp -h ivmgr /var/PolicyDirector/dbchgrp -h ivmgr /var/PolicyDirector/keytabchgrp -h ivmgr /var/PolicyDirector/lock
AIX:208C policy server
Z 25 B AIX:208C policy server 373
>}:i$w~qwD?<"m4SMmI(
Z /opt/PolicyDirector/etc ?<P:
==> ls -ltotal 3714-rw-r----- 1 ivmgr ivmgr 1682440 Oct 10 11:48 AccessManagerBaseAutoTraceDatabaseFile.obfuscated-rw-r--r-- 1 ivmgr ivmgr 2703 Oct 14 13:16 activedir_ldap.conf-rw-r----- 1 ivmgr ivmgr 2703 Jul 14 14:21 activedir_ldap.conf.template-rw-r----- 1 ivmgr ivmgr 18195 Jul 7 10:46 additional_licenses.txtdrw-rw---- 2 ivmgr ivmgr 512 Dec 31 1969 blades-rw-r----- 1 ivmgr ivmgr 5890 Jan 24 2003 config-rw-r----- 1 ivmgr ivmgr 718 May 13 11:40 domino.conf.template-rw-r----- 1 ivmgr ivmgr 114 Oct 10 11:48 ffdclrwxrwxrwx 1 ivmgr ivmgr 36 Oct 15 13:45 ivmgrd.conf -> /am510fs1/PolicyDirector/ivmgrd.conf-rw-r----- 1 ivmgr ivmgr 16949 Oct 14 13:19 ivmgrd.conf.bkplrwxrwxrwx 1 ivmgr ivmgr 40 Oct 15 13:45 ivmgrd.conf.obf -> /am510fs1/PolicyDirector/ivmgrd.conf.obf-rw-r----- 1 ivmgr ivmgr 64 Oct 14 13:19 ivmgrd.conf.obf.bkp-rw-r----- 1 ivmgr ivmgr 16731 Oct 10 11:29 ivmgrd.conf.template-rw-r--r-- 1 ivmgr ivmgr 2319 Oct 14 13:18 ldap.conf-rw-r----- 1 ivmgr ivmgr 2187 Oct 10 11:21 ldap.conf.template-rw-r--r-- 1 ivmgr ivmgr 36544 Sep 29 12:45 novschema.def-rw-r--r-- 1 ivmgr ivmgr 26260 Sep 29 12:45 nsschema.deflrwxrwxrwx 1 ivmgr ivmgr 32 Oct 15 13:45 pd.conf -> /am510fs1/PolicyDirector/pd.conf-rw-r--r-- 1 ivmgr ivmgr 3736 Oct 14 13:20 pd.conf.bkp-rw-r----- 1 ivmgr ivmgr 3645 Oct 10 11:29 pd.conf.template-rw-r----- 1 ivmgr ivmgr 5576 Oct 10 10:05 pdbackup.lst-rw-r----- 1 ivmgr ivmgr 7448 Oct 10 10:05 pdinfo.lst-rw-r--r-- 1 ivmgr ivmgr 5354 Oct 14 13:19 pdmgrd_routing-rw-r--r-- 1 ivmgr ivmgr 5255 Oct 10 11:36 pdmgrd_routing.template-rw-r--r-- 1 ivmgr ivmgr 1492 Oct 14 12:49 pdversion.dat-rw-r--r-- 1 ivmgr ivmgr 1492 Aug 18 11:37 pdversion.dat.template-rw-r----- 1 ivmgr ivmgr 1466 Jan 24 2003 product-rw-r--r-- 1 ivmgr ivmgr 5827 Oct 14 13:16 routing-rw-r--r-- 1 ivmgr ivmgr 5674 Oct 10 11:36 routing.template-rw-r--r-- 1 ivmgr ivmgr 14035 Sep 29 12:45 secschema.def-rw-r--r-- 1 ivmgr ivmgr 11236 Jan 24 2003 secschema390.def-rw-r--r-- 1 ivmgr ivmgr 1 Oct 14 12:49 startup-rw-r--r-- 1 ivmgr ivmgr 1 Jun 24 10:48 startup.template-rw-r--r-- 1 ivmgr ivmgr 1233 Jan 24 2003 upgrade3.7_ibm_schema.def-rw-r--r-- 1 ivmgr ivmgr 1938 Jan 24 2003 upgrade3.7_ibm_schema390.def-rw-r--r-- 1 ivmgr ivmgr 1744 Jan 24 2003 upgrade3.7_netscape_schema.def
AIX:208C policy server
374 IBM Tivoli Access Manager for e-business: Web Security 208O
Z /var/PolicyDirector ?<P:
==> ls -Rltotal 7drwxrwxr-x 2 ivmgr ivmgr 512 Dec 31 1969 auditlrwxrwxrwx 1 ivmgr ivmgr 27 Oct 15 13:45 db -> /am510fs1/PolicyDirector/dbdrwxrwxr-x 2 ivmgr ivmgr 512 Oct 14 13:19 db_bkplrwxrwxrwx 1 ivmgr ivmgr 31 Oct 16 15:48 keytab -> /am510fs1/PolicyDirector/keytabdrwxr-xr-x 2 ivmgr ivmgr 512 Oct 16 15:42 keytab_bkplrwxrwxrwx 1 ivmgr ivmgr 29 Oct 15 13:45 lock -> /am510fs1/PolicyDirector/lockdrwxr-x--- 2 ivmgr ivmgr 512 Dec 31 1969 lock_bkpdrwxrwxrwx 3 ivmgr ivmgr 512 Oct 16 13:40 logdrwxrwxr-x 2 ivmgr ivmgr 512 Dec 31 1969 pdbackupdrwxr-x--- 2 ivmgr ivmgr 512 Oct 14 12:49 pdmgrd./audit:total 0
./db_bkp:total 1056-rw------- 1 ivmgr ivmgr 540672 Oct 15 13:45 master_authzn.db
./keytab_bkp:total 35-rw------- 1 ivmgr ivmgr 10080 Oct 14 13:19 ivmgrd.kdb-rw------- 1 ivmgr ivmgr 129 Oct 14 13:18 ivmgrd.sth-rw-rw-rw- 1 root system 5080 Oct 14 13:19 pd.kdb-rw-rw-rw- 1 root system 129 Oct 14 13:19 pd.sth-rw------- 1 root system 1070 Oct 14 13:18 pdcacert.b64
./lock_bkp:total 0
Zb?D~53OD2m?< /share/PolicyDirector P:
==> ls -Rltotal 80drwxrwxr-x 2 ivmgr ivmgr 512 Oct 14 13:19 db-rw-r----- 1 ivmgr ivmgr 16950 Oct 16 13:32 ivmgrd.conf-rw-r----- 1 ivmgr ivmgr 64 Oct 16 13:32 ivmgrd.conf.obfdrwxr-xr-x 2 ivmgr ivmgr 512 Oct 16 15:42 keytabdrwxr-x--- 2 ivmgr ivmgr 512 Dec 31 1969 lock-rw-r--r-- 1 ivmgr ivmgr 3736 Oct 14 13:20 pd.conf
./db:total 1056-rw------- 1 ivmgr ivmgr 540672 Oct 16 16:18 master_authzn.db
./keytab:total 64-rw------- 1 ivmgr ivmgr 10080 Oct 14 13:19 ivmgrd.kdb-rw------- 1 ivmgr ivmgr 129 Oct 14 13:18 ivmgrd.sth-rw-rw-rw- 1 root system 5080 Oct 14 13:19 pd.kdb-rw-rw-rw- 1 root system 129 Oct 14 13:19 pd.sth-rw------- 1 root system 1070 Oct 14 13:18 pdcacert.b64
./lock:total 0
AIX:208C policy server
Z 25 B AIX:208C policy server 375
E>:S AIX 53D~4S=8C53OD2m?<
9C`FBfDE>S AIX 53D~4S=8C policy server 53OD2m?<#
#!/bin/ksh#
# The Standby Policy Server must use the same configuration files as the# Primary Policy Server. For this reason, the following links must be created# in order for the Standby Policy Server to function correctly.## Note the Access Manager configuration software will automatically create# a link to the ivmgrd.conf file that is stored in the shared external file system.
# Backup pd.conf to pd.bkp and link to pd.conf in the shared external file systemmv /opt/PolicyDirector/etc/pd.conf /opt/PolicyDirector/etc/pd.conf.bkpln -s /share/PolicyDirector/pd.conf /opt/PolicyDirector/etc
# Backup keytab, db and lock directories and link the keytab, db, and lock# directories to their corresponding files in the shared external file system.
mv /var/PolicyDirector/keytab /var/PolicyDirector/keytab_bkpln -s /share/PolicyDirector/keytab /var/PolicyDirector
mv /var/PolicyDirector/db /var/PolicyDirector/db_bkpln -s /share/PolicyDirector/db /var/PolicyDirector
mv /var/PolicyDirector/lock /var/PolicyDirector/lock_bkpln -s /share/PolicyDirector/lock /var/PolicyDirector
# Change the group and ownership of the five links above to ivmgr.chown -h ivmgr /opt/PolicyDirector/etc/pd.confchown -h ivmgr /var/PolicyDirector/dbchown -h ivmgr /var/PolicyDirector/keytabchown -h ivmgr /var/PolicyDirector/lockchgrp -h ivmgr /opt/PolicyDirector/etc/pd.confchgrp -h ivmgr /var/PolicyDirector/dbchgrp -h ivmgr /var/PolicyDirector/keytabchgrp -h ivmgr /var/PolicyDirector/lock
AIX:208C policy server
376 IBM Tivoli Access Manager for e-business: Web Security 208O
>}:i$8C~qwD?<"m4SMmI(
Z /opt/PolicyDirector/etc ?<P:
==> ls -ltotal 3668-rw-r----- 1 ivmgr ivmgr 1682440 Oct 10 11:48 AccessManagerBaseAutoTraceDatabaseFile.obfuscated-rw-r--r-- 1 ivmgr ivmgr 2703 Oct 16 13:26 activedir_ldap.conf-rw-r----- 1 ivmgr ivmgr 2703 Jul 14 14:21 activedir_ldap.conf.template-rw-r----- 1 ivmgr ivmgr 18195 Jul 07 10:46 additional_licenses.txtdrw-rw---- 2 ivmgr ivmgr 512 Dec 31 1969 blades-rw-r----- 1 ivmgr ivmgr 5890 Jan 24 2003 config-rw-r----- 1 ivmgr ivmgr 718 May 13 11:40 domino.conf.template-rw-r----- 1 ivmgr ivmgr 114 Oct 10 11:48 ffdclrwxrwxrwx 1 root system 36 Oct 16 13:32 ivmgrd.conf -> /am510fs1/PolicyDirector/ivmgrd.conflrwxrwxrwx 1 root system 40 Oct 16 13:32 ivmgrd.conf.obf -> /am510fs1/PolicyDirector/ivmgrd.conf.obf-rw-r----- 1 ivmgr ivmgr 16731 Oct 10 11:29 ivmgrd.conf.template-rw-r--r-- 1 ivmgr ivmgr 2319 Oct 16 13:31 ldap.conf-rw-r----- 1 ivmgr ivmgr 2187 Oct 10 11:21 ldap.conf.template-rw-r--r-- 1 ivmgr ivmgr 36544 Sep 29 12:45 novschema.def-rw-r--r-- 1 ivmgr ivmgr 26260 Sep 29 12:45 nsschema.deflrwxrwxrwx 1 ivmgr ivmgr 32 Oct 16 13:36 pd.conf -> /am510fs1/PolicyDirector/pd.conf-rw-r--r-- 1 ivmgr ivmgr 3741 Oct 16 13:32 pd.conf.bkp-rw-r----- 1 ivmgr ivmgr 3645 Oct 10 11:29 pd.conf.template-rw-r----- 1 ivmgr ivmgr 5576 Oct 10 10:05 pdbackup.lst-rw-r----- 1 ivmgr ivmgr 7448 Oct 10 10:05 pdinfo.lst-rw-r--r-- 1 ivmgr ivmgr 5255 Oct 10 11:36 pdmgrd_routing.template-rw-r--r-- 1 ivmgr ivmgr 1492 Oct 16 13:27 pdversion.dat-rw-r--r-- 1 ivmgr ivmgr 1492 Aug 18 11:37 pdversion.dat.template-rw-r----- 1 ivmgr ivmgr 1466 Jan 24 2003 product-rw-r--r-- 1 ivmgr ivmgr 5810 Oct 16 13:27 routing-rw-r--r-- 1 ivmgr ivmgr 5674 Oct 10 11:36 routing.template-rw-r--r-- 1 ivmgr ivmgr 14035 Sep 29 12:45 secschema.def-rw-r--r-- 1 ivmgr ivmgr 11236 Jan 24 2003 secschema390.def-rw-r--r-- 1 ivmgr ivmgr 1 Oct 16 13:27 startup-rw-r--r-- 1 ivmgr ivmgr 1 Jun 24 10:48 startup.template-rw-r--r-- 1 ivmgr ivmgr 1233 Jan 24 2003 upgrade3.7_ibm_schema.def-rw-r--r-- 1 ivmgr ivmgr 1938 Jan 24 2003 upgrade3.7_ibm_schema390.def-rw-r--r-- 1 ivmgr ivmgr 1744 Jan 24 2003 upgrade3.7_netscape_schema.def
AIX:208C policy server
Z 25 B AIX:208C policy server 377
Z /var/PolicyDirector ?<P:
==> ls -Rltotal 7drwxrwxr-x 2 ivmgr ivmgr 512 Dec 31 1969 auditlrwxrwxrwx 1 ivmgr ivmgr 27 Oct 16 13:36 db -> /am510fs1/PolicyDirector/dbdrwxrwxr-x 2 ivmgr ivmgr 512 Dec 31 1969 db_bkplrwxrwxrwx 1 ivmgr ivmgr 31 Oct 16 13:36 keytab -> /am510fs1/PolicyDirector/keytabdrwxrwxrwx 2 ivmgr ivmgr 512 Dec 31 1969 keytab_bkplrwxrwxrwx 1 ivmgr ivmgr 29 Oct 16 13:36 lock -> /am510fs1/PolicyDirector/lockdrwxr-x--- 2 ivmgr ivmgr 512 Dec 31 1969 lock_bkpdrwxrwxrwx 2 ivmgr ivmgr 512 Dec 31 1969 logdrwxrwxr-x 2 ivmgr ivmgr 512 Dec 31 1969 pdbackupdrwxr-x--- 2 ivmgr ivmgr 512 Oct 16 13:24 pdmgrd./audit:total 0
./db_bkp:total 0
./keytab_bkp:total 0
./lock_bkp:total 0
378 IBM Tivoli Access Manager for e-business: Web Security 208O
Z 26 B Tivoli Access Manager 5CLr
}K pdadmin |n5CLrTb,Tivoli Access Manager 9a)TB5CLr)z9
C#
m 45. Tivoli Access Manager 5CLr
5CLr hv
amwebcfg dC"!{dCrq! WebSEAL Server OD4,#
AMWLSConfigure –action config dC Tivoli Access Manager for WebLogic Server#
AMWLSConfigure –act ion
unconfig
!{dC Tivoli Access Manager for WebLogic Server#
AMWLSConfigure –act ion
create_realm
Z WebLogic Server P4(2+r#
AMWLSConfigure –act ion
delete_realm
S WebLogic Server >}2+r#
amwpmcfg dC Web Portal Manager SZ#
ivrgy_tool Z8(D LDAP ~qwO|B Tivoli Access Manager #=#
migrateEAR4 +2+_TE"S?phv{(s5i5D~)(F= Tivoli
Access Manager for WebSphere Application Server V4.0.6#
migrateEAR5 +2+_TE"S?phv{(s5i5D~)(F= Tivoli
Access Manager for WebSphere Application Server V5.0.2#
pdbackup 8]"4-Mi! Tivoli Access Manager }]#
pdconfig dCM!{dC} Tivoli Access Manager Java Runtime i~
.bD Tivoli Access Manager i~#
pdjrtecfg dC Tivoli Access Manager Java Runtime i~#
pd_start Z UNIX 53O#9"t/MXBt/~qw#9T>~qw
4,#
pdwascfg dCr!{dC Tivoli Access Manager for WebSphere
Application Server#
pdweb t/"#9rXBt/ WebSEAL Server,rT>~qw4,#
pdwebpi a) Tivoli Access Manager Plug-in for Web Servers f>E"#
,1,97(G+ Plug-in for Web Servers w*X$xLKP,
9G0(KP#
pdwebpi_start Z UNIX 20Ot/"XBt/M#9 Tivoli Access Manager
Plug-in for Web Servers xL#,19T>yP Web ~qwD
4,#
pdwpi-version Pv Tivoli Access Manager Plug-in for Web Servers 20Df
>Mf(E"#
pdwpicfg –action config dC Tivoli Access Manager Plug-in for Web Servers#
pdwpicfg –action unconfig !{dC Tivoli Access Manager Plug-in for Web Servers#
wesosm 4(M,$ Edge Server e~D Tivoli Access Manager Ts
Ud#
© Copyright IBM Corp. 2001, 2003 379
m 45. Tivoli Access Manager 5CLr (x)
wslstartwte V/t/ Edge Server _Y:fzm"Z UNIX O0k plug-in
for Edge Server#
wslstopwte #9 UNIX 53OD Edge Server _Y:fzm#
380 IBM Tivoli Access Manager for e-business: Web Security 208O
amwebcfgdC"!{dCrq! WebSEAL Server OD4,#
o(
amwebcfg –action config –host host_name –listening_port am_listening_port
–inst_name instance_name –nw_interface_yn {yes|no} –ip_address ip_address
–ssl_yn {yes|no} –key_file key_file –key_file_pwd key_file_pwd –cert_label cert_label
–ssl_port ssl_port –http_yn {yes|no} –http_port http_port –https_yn {yes|no}–https_port https_port–doc_root doc_root
amwebcfg –action config –rspfile response_file
amwebcfg –action config –interactive
amwebcfg –action unconfig –inst_name instance_name
amwebcfg –action unconfig –rspfile response_file
amwebcfg –action unconfig –interactive
amwebcfg –operations
amwebcfg –help [options]
amwebcfg –usage
amwebcfg –?
N}
–action {config | name | status | unconfig}K!n!TBN}.;:
config dC WebSEAL Server 5}#
name lw Tivoli Access Manager WebSEAL m~|{F"+ name 55
Xx pdconfig 5CLr#K!n;\I pdconfig 9C#kpS|
nP9CK!n#
status + status 55Xx pdconfig 5CLr#K!n;\I pdconfig 9
C#kpS|nP9CK!n#
unconfig!{dC WebSEAL Server 5}#
–cert_label cert_label
8( LDAP M'z$ij)#K!n;Z WebSEAL M LDAP ~qw.dt
CK SSL (E(–ssl_yn yes)19C#
k"b1Z WebSEAL M LDAP ~qw.dtCK SSL (E1,SSL ;*
s LDAP M'z$ij)#by,Kj)D~GI!D,49T –ssl_yn yes
wC amwebcfg 2GgK#g{48(M'zj),r SSL 9C|,Z\?D
~PD1!$i#
Z 26 B Tivoli Access Manager 5CLr 381
k –action config ;p9C#
–doc_root doc_root
8( Web D5y?<#C?<XkQ-fZ#k –action config ;p9C
g{4Z|nPOa)K!n,r amwebcfg 4(;v1!?<#1!?<7
6|,5}{F,xP0: www-#}g,15}{F* web1 R4Z|nPO
8( doc_root 1,a4(TB?<:
UNIX:opt/pdweb/www-web1/docsWindows:installation_directory\pdweb\www-web1\docs
g{dCKZ;v WebSEAL Server 5},RS\K1!~qw5}{F
default,R4T doc-root a)NN5,r amwebcfg 4(TB Web D5
y?<:
UNIX:opt/pdweb/www-default/docsWindows:installation_directory\pdweb\www-default\docs
–help [options]1;xN}8(1,Pv?v!nT0!nD%Phv#18(;vr`vN
}1,WebSEAL Pv?v8(D!nT0!nD%Phv#
–host host_name
8(I Tivoli Access Manager policy server C4*5 WebSEAL Server Dw
z{#K!nTZ –action config GXhD#
g{4Z|nPO8(K!n,r amwebcfg a>C'a)5#
host_name DP'5|(NNP'D IP wz{#}g:
libra.dallas.ibm.com
–http_yn {yes|no}8(GqJm= WebSEAL Server 5}D HTTP CJ#K!nTZ –actionconfig GXhD#
P'D<{8>{* yes r no#;P1!5#g{4Z|nPO8(K!n,
r amwebcfg a>C'a)5#
–http_port http_port
8(G2+ HTTP CJDKZE#1!KZ* 80#
1 http_yn hC* yes 1,K!nTZ –action config GXhD#1 http_yn
hC* yes,x4Z|nPO8(K!n1,amwebcfg a>C'a)5#
–https_yn {yes|no}8(GqJm= WebSEAL Server 5}D HTTPS CJ#K!nTZ –actionconfig GXhD
P'D<{8>{* yes r no#;P1!5#g{4Z|nPO8(K!n,
r amwebcfg a>C'a)5#
–https_port https_port
8(2+ HTTP CJDKZE#1!KZ* 443#
1 https_yn hC* yes 1,K!nTZ –action config GXhD#
382 IBM Tivoli Access Manager for e-business: Web Security 208O
1 https_yn hC* yes,x4Z|nPO8(K!n1,amwebcfg a>C
'a)5#
–inst_name instance_name
TV{.8( WebSEAL Server 5}D{F#}g web1#KV{.;|,wz
{#K!nTZ –action config GXhD#
5}{FDns$H* 20 vV{#JmTBV{:
v NN ASCII V{(A-Z r a-z)
v dc(.)v L._(–)
v B._(_)
19C GUI dCZ;v WebSEAL Server 5}1,amwebcfg a)1!5}
{F default#K5}{FIT|D*d|{F(}g webseal1)#
–interactive8(dC*I\m1T;%==jI# WebSEAL T>;vyZD>DK%,
"a);5Pa>TS\m1&q!X*DdCE"#
":;%==;Z UNIX O\'V#1Z Windows 53O9C!n
–interactive 1,aPms{"ywK!n;\'V#
–ip_address ip_address
8(_-xgSZ,CSZG WebSEAL Server D IP X7#
;PZ –nw_interface_yn hC* yes 1,K!nTZ –action config E
GXhD#
1 –nw_interface_yn hC* yes,x48( –ip_address 1,amwebcfga>C'a) IP X7#
–key_file key_file
8( LDAP SSL \?D~#
;PZ WebSEAL Server M LDAP ~qw.dtCK SSL (E1,K!nT
Z –action config EGXhD#
–key_file_pwd key_file_pwd
8( LDAP SSL \?D~\k#
;PZ WebSEAL Server M LDAP ~qw.dtCK SSL (E1,K!nT
Z –action config EGXhD#
–listening_port am_listening_port
8( Tivoli Access Manager policy server Dl}KZE#Kl}KZG
WebSEAL Server M policy server xP(EDKZ#CKZXksZ 1024,
RXkIC#
K!nTZ –action config GXhD#g{4Z|nPOa)K!n,r
amwebcfg a>C'a)5#
–nw_interface_yn {yes|no}8(Gq9C_-xgSZ#P'D<{8>{* yes r no#
1mS=S WebSEAL Server 5}1,KN}TZ –action config GXhD#
;P1!5#g{4Z|nPOa)K!n,r amwebcfg a>C'a)5#
Z 26 B Tivoli Access Manager 5CLr 383
–operationsr!vyPP'D|nP!n#
–rspfile response_file
a)*Z2,dCZd9CD WebSEAL Server l&D~D+^(76MD~
{#l&D~ITCZdCr!{dC#;P1!Dl&D~{#l&D~|
,ZM option=value TDZu?#*9Cl&D~,kND66IBM Tivoli
Access Manager for e-business Web Security 208O77PD}L#
–ssl_port ssl_port
"z WebSEAL Server M LDAP ~qw.dD SSL (EDKZE#1!KZ
* 636#
K!nv1 ssl_yn hC* yes(w* –action config D;?V)1EGX
hD#1 ssl_yn hC* yes,x4Z|nPOa)K!n1,amwebcfg a
>C'a)5#
–ssl_yn {yes|no}8(GqtC WebSEAL Server M LDAP ~qw.dD SSL (E#P'D<
{8>{* yes r no#
K!nTZ –action config GXhD#;P1!5#g{4Z|nPOa)K
!n,r amwebcfg a>C'a)5#
–usageT>K|nD9Co(#9T>;v>}#
–? T>K|nD9Co(#9T>;v>}#
"M
9C amwebcfg S|nPdC WebSEAL Server 5}#C5CLrIT;%=="|
nP==rl&D~==KP#Z;%==B,aa>C'a)X*D5#Z|nP
==B,IS|nP8(yP!n#C5CLrarza>yPXhDxV;P8(
D!n,+$ij)MD5y}b#s=v!nZ;P8(1aSU1!5#Zl&
D~==B,C5CLrSl&D~q!X*D!n#g{l&D~4|,X*D!
n,aa>C'a)C!n#l&D~XkV/4(#
384 IBM Tivoli Access Manager for e-business: Web Security 208O
>}
v TB>}w*;u,x;OD|ndk,|+ WebSeal 5}dC*tCk LDAP ~
qwD SSL (E:
amwebcfg –action config –inst_name default –host diamond.subnet2.ibm.com–listening_port 7234 –admin_id sec_master –admin_pwd mypassw0rd –ssl_yn yes–key_file /tmp/client.kdb –keyfile_pwd mypassw0rd –cert_label ibm_cert–ssl_port 636 –http_yn yes –http_port 80 –https_yn yes –https_port 443–doc_root /usr/docs
v TB>}w*;u,x;OD|ndk,|+ WebSEAL 5}dC*9C_-xgS
Z,R;tCk LDAP ~qwD SSL (E:
amwebcfg –action config –host emerald.subnet2.ibm.com –listening_port 7235–inst_name web1 –nw_interface_yn yes –ip_address 111.222.333.222–admin_id sec_master –admin_pwd mypassw0rd –http_yn yes –http_port 81–https_yn yes –https_port 444
v TB>}!{dC1! WebSEAL 5}:
amwebcfg -action unconfig -admin_id sec_master -admin_pwd mypassw0rd
v TB>}Z;POdk,|!{dC{* web1 D WebSeal 5}:
amwebcfg -action unconfig -inst_name web1 -admin_id sec_master-admin_pwd mypassw0rd
ICT
K|n;ZTB1!20?<:
v UNIX 53:
/opt/pdweb/bin/amwebcfg
v Z Windows 53O:
c:\Program Files\Tivoli\pdweb\bin\
1!qK;,Z1!?<D20?<1,K5CLr;Z20?<BD bin ?<(}
g,install_dir\bin\)#
5Xk
I\5XTBKv4,k:
0 |nI&jI#
1 |n'\#
1|n'\1,aa)TmsDhv,T0.yxFq=Dms4,k(}g
0x15c3a00c)#kND IBM Tivoli Access Manager Error Message Reference#KN
<T.xFr.yxFzka)K Tivoli Access Manager ms{"DPm#
Z 26 B Tivoli Access Manager 5CLr 385
AMWLSConfigure –action configdC Tivoli Access Manager for WebLogic Server#
o(
AMWLSConf igure –act ion conf ig –domain_admin d o m a i n _ a d m i n
–domain_admin_pwd domain_admin_password –remote_acl_user remote_acl_user
–sec_master_pwd sec_master_pwd –pdmgrd_host pdmgrd_host –pdacld_hostpdacld_host [–deploy_extension {true|false}] [–wls_server_url wls_server_url][–am_domain am_domain] [–pdmgrd_port pdmgrd_port] [–pdacld_port pdacld_port][–amwls_home amwls_home] [–verbose {true|false}]
N}
–am_domain am_domain
8( Tivoli Access Manager rD{F#1!r* Default#
–amwls_home amwls_home
8( Tivoli Access Manager for WebLogic Server 20?<D76#
–deploy_extension {true|false}1hC* true 1,?p Tivoli Access Manager Web Logic Server V5.1 Console
Extension#1!5* true#
–domain_admin domain_admin
8( WebLogic r\m1#
–domain_admin_pwd domain_admin_password
8( WebLogic r\m1\k#
–pdacld_host pdacld_host
8( Tivoli Access Manager authorization server wz{#
–pdacld_port pdacld_port
8( Tivoli Access Manager authorization server KZE#1!KZE* 7136#
–pdmgrd_host pdmgrd_host
8( Tivoli Access Manager policy server wz{#
–pdmgrd_port pdmgrd_port
8( Tivoli Access Manager policy server KZE#1!KZE* 7135#
–remote_acl_user remote_acl_user
8(* authorization server 4(D Tivoli Access Manager we#
–sec_master_pwd sec_master_pwd
8( Tivoli Access Manager \mC'((#* sec_master)D\k#
–verbose {true|false}hC* true 1,tCj8dv#1!5* false#
–wls_server_url wls_server_url
8(>X WebLogic Server D URL#1!5* t3://localhost:7001
386 IBM Tivoli Access Manager for e-business: Web Security 208O
ICT
K|n;ZTB1!20?<:
v UNIX 53:
/opt/pdwls/sbin/
v Z Windows 53O:
C:\Program Files\Tivoli\pdwls\sbin\
1!qK;,Z1!?<D20?<1,K5CLr;Z20?<BD sbin ?<(}
g,install_dir\sbin\)#
5Xk
I\5XTBKv4,k:
0 |nI&jI#
1 |n'\#
1|n'\1,+T>ms{"#XZJbD|j8hv,kND IBM Tivoli Access
Manager Error Message Reference#
Z 26 B Tivoli Access Manager 5CLr 387
AMWLSConfigure –action unconfig!{dC Tivoli Access Manager for WebLogic Server#
o(
AMWLSConfigure –action unconfig –domain_admin_pwd domain_admin_pwd
–sec_master_pwd sec_master_pwd [–verbose {true|false}]
N}
–domain_admin_pwd domain_admin_pwd
8( Tivoli Access Manager for WebLogic Server r\m1\k#
–sec_master_pwd sec_master_pwd
8( Tivoli Access Manager \mC'((#* sec_master)D\k#
–verbose {true|false}hC* true 1,tCj8dv#1!5* false#
ICT
K|n;ZTB1!20?<:
v UNIX 53:
/opt/pdwls/sbin/
v Z Windows 53O:
C:\Program Files\Tivoli\pdwls\sbin\
1!qK;,Z1!?<D20?<1,K5CLr;Z20?<BD sbin ?<(}
g,install_dir\sbin\)#
5Xk
I\5XTBKv4,k:
0 |nI&jI#
1 |n'\#
1|n'\1,+T>ms{"#XZJbD|j8hv,kND IBM Tivoli Access
Manager Error Message Reference#
388 IBM Tivoli Access Manager for e-business: Web Security 208O
AMWLSConfigure –action create_realmZ WebLogic Server P4(2+r#
o(
AMWLSConfigure –action create_realm –realm_name realm_name
–domain_admin_pwd domain_admin_pwd –user_dn_suffix user_dn_suffix
–group_dn_suffix group_dn_suffix –admin_group admin_group [–user_dn_prefixuser_dn_prefix] [–group_dn_prefix group_dn_prefix] [–sso_enabled {true|false}][–sso_user sso_user] [–sso_pwd sso_pwd] [–verbose {true|false}]
N}
–admin_group admin_group
8(CZZ?dC?DD Tivoli Access Manager i#
–domain_admin_pwd domain_admin_pwd
8( WebLogic r\m1\k#
–group_dn_prefix group_dn_prefix
8(4(i19CD(P{F(DN)0:#
–group_dn_suffix group_dn_suffix
8(4(i19CD(P{F(DN)s:#
–realm_name realm_name
8(};4(D WLS rD{F#
–sso_enabled {true|false}hC* true 1,tC%;"a'V#1!5* false#
–sso_pwd sso_pwd
8(%;"aC'(sso_user)D\k#
–sso_user sso_user
8(4(k Tivoli Access Manager D%;"aENX*DC'#
–user_dn_prefix user_dn_prefix
8(4(C'19CD(P{F(DN)0:#
–user_dn_suffix user_dn_suffix
8(4(C'19CD(P{F(DN)s:#
–verbose {true|false}hC* true 1,tCj8dv#1!5* false#
ICT
K|n;ZTB1!20?<:
v UNIX 53:
/opt/pdwls/sbin/
v Z Windows 53O:
C:\Program Files\Tivoli\pdwls\sbin\
Z 26 B Tivoli Access Manager 5CLr 389
1!qK;,Z1!?<D20?<1,K5CLr;Z20?<BD sbin ?<(}
g,install_dir\sbin\)#
5Xk
I\5XTBKv4,k:
0 |nI&jI#
1 |n'\#
1|n'\1,+T>ms{"#XZJbD|j8hv,kND IBM Tivoli Access
Manager Error Message Reference#
390 IBM Tivoli Access Manager for e-business: Web Security 208O
AMWLSConfigure –action delete_realmS WebLogic Server >}2+r#
o(
AMWLSConfigure –action delete_realm –domain_admin_pwd domain_admin_pwd
[–registry_clean {true|false}] [–verbose {true|false}]
N}
–domain_admin_pwd domain_admin_pwd
8( WebLogic r\m1\k#
–registry_clean {true|false}}%ZdCZd4(DC'Mi#1!5* false#
–verbose {true|false}hC* true 1,tCj8dv#1!5* false#
ICT
K|n;ZTB1!20?<:
v UNIX 53:
/opt/pdwls/sbin/
v Z Windows 53O:
C:\Program Files\Tivoli\pdwls\sbin\
1!qK;,Z1!?<D20?<1,K5CLr;Z20?<BD sbin ?<(}
g,install_dir\sbin\)#
5Xk
I\5XTBKv4,k:
0 |nI&jI#
1 |n'\#
1|n'\1,+T>ms{"#XZJbD|j8hv,kND IBM Tivoli Access
Manager Error Message Reference#
Z 26 B Tivoli Access Manager 5CLr 391
amwpmcfg* Web Portal Manager dC"!{dCMlwm~|{F,r*da)4,#
o(
amwpmcfg –action config –host policy_server_host [–port policy_server_port]–waspath websphere_installation_path [–admin_id admin_id –admin_pwdadmin_password]
amwpmcfg –action config –interactive
amwebcfg –action config –rspfile response_file
amwebcfg –action unconfig –rspfile response_file
amwpmcfg –action unconfig [–admin_id admin_id –admin_pwd admin_password]–host policy_server_host [–port policy_server_port] –waspath websphere_installation_path
amwpmcfg –action unconfig –interactive [–admin_id admin_id –admin_pwdadmin_password
amwpmcfg –action status [–admin_id admin_id –admin_pwd admin_password]
amwpmcfg –operations
amwpmcfg –help [options]
amwpmcfg usage
amwpmcfg –?
N}
–action {config|name|status|unconfig}8(*4PDYw#Yw|(:
config C4dC Tivoli Access Manager Web Portal Manager#
name lw Tivoli Access Manager Web Portal Manager m~|{F"+ name55Xx pdconfig 5CLr#K!n;\I pdconfig 9C#kp
S|nP9CK!n#
status C47( Tivoli Access Manager Web Portal Manager DdC4,,"
+4,5Xx pdconfig 5CLr#K!n;\I pdconfig 9C#
kpS|nP9CK!n#
unconfigC4!{dC Tivoli Access Manager Web Portal Manager#
–a admin_id
9zw*C' admin_id G<#g{;8(K!n,z+aU=a>#
–p password
8(C' admin_id D\k#g{;8(K!n,+aa>za)\k#}G9
CK –action config r –action unconfig !n,qr;\9CK!n#
392 IBM Tivoli Access Manager for e-business: Web Security 208O
–host policy_server_host
8( Tivoli Access Manager policy server wz{#
host_name DP'5|(NNP'D IP wz{#
>}:host = libra.dallas.ibm.com
–help [option](}T>P'|nP!nDhv,a);vr`v|n!nD*zoz#
–interactive8(;%==,;%==*9C<NgfdC Tivoli Access Manager Web Portal
Manager#g{;8(,rdCLr+TG;%(2,)==KP#
–operationsr!vyPP'D|nP!n#
–port policy_server_port
8( Tivoli Access Manager policy server KZE#1!5* 7135
–rspfile response_file
a)*Z2,dCZd9CD Web Portal Manager l&D~D+^(76MD
~{#l&D~ITCZdCr!{dC#;P1!Dl&D~{#l&D~
|,ZM option=value TDZu?#PX|`E",kNDZ 435 3DZ 27 B,
:9Cl&D~;#
–usageT>K|nD9Co(#9T>;v>}#
–waspath websphere_installation_path
8( IBM WebSphere Application Server ?<D76#+(}li /bin/wsadmin
E > D ~ M / j a v a / j r e / l i b / e x t / P D . j a r D ~ D f Z T 4 i $
websphere_installation_path#g{420XhD WebSphere Application Server
f>,rdC^(Lx#
–? T>K|nD9Co(#9T>;v>}#
ICT
K|n;ZTB1!20?<:
v Z UNIX 53O:
/opt/PolicyDirector/sbin/
v Z Windows 53O:
c:\Program Files\Tivoli\Policy Director\sbin\
1!qK;,Z1!?<D20?<1,K5CLr;Z20?<BD sbin ?<(}
g,install_dir\sbin\)#
Z 26 B Tivoli Access Manager 5CLr 393
5Xk
I\5XTBKv4,k:
0 |nI&jI#
1 |n'\#
1|n'\1,aa)TmsDhv,T0.yxFq=Dms4,k(}g
0x15c3a00c)#kND IBM Tivoli Access Manager Error Message Reference#KN
<T.xFr.yxFzka)K Tivoli Access Manager ms{"DPm#
394 IBM Tivoli Access Manager for e-business: Web Security 208O
ivrgy_toolZ8(D LDAP ~qwO|B Tivoli Access Manager #=#(#,1dC Tivoli Access
Manager policy server(pdmgrd)1aT/|B#=#1(F Tivoli Access Manager D
VP201,Xk9CK5CLr+ LDAP ~qwOD#=}6* Tivoli Access
Manager D10f>#
o(
ivrgy_tool –h host_name –p port –D ldap_admin_dn –w ldap_admin_pwd –d [ –Z –Kldap-ssl-key-filename –P ldap-ssl-keyfile-password [ –N ldap-ssl-keyfile-label]] schema
N}
–d 8>j8==#
–D ldap_admin_dn
8( LDAP \m1D(P{F#(P{FDq=`FZ:
cn=root
–h host_name
8( LDAP ~qwD IP X7rwz{#
host_name DP'5|(NNP'D IP wz{#
>}:
host = libra
host = libra.dallas.ibm.com
–K ldap-ssl-key-filename
8( SSL \?}]bD+^(76MD~{#;PZ8(K –Z DivBKN
}EGXhD#9C SSL \?D~&mZ LDAP (EP9CD$i#D~`
MITNb,+)9{(#* .kdb#
Windows >}:C:\pd\keytab\ivmgrd.kdb
UNIX >}:/opt/PolicyDirector/keytab/ivmgrd.kdb
–N ldap-ssl-keyfile-label
g{ LDAP ~qwdC*Z SSL ("Zd,14P~qwMM'zO$,r
8( SSL \?}]bP*"M= LDAP ~qwDM'z$iDj){F#
KN}GI!D#KN};PZ}Z9C SSL((}9C –Z j>8>)RQ
+ LDAP ~qwdC*h*M'zO$DivBEP'#
g{}Z9C1!D Tivoli Access Manager \?}]b,r1!DM'z$i
j)* PDLDAP#
–p port
8( LDAP ~qwDKZE#
TZ port,9C LDAP ~qwdCDKZE#1!KZEZ9CK2+WSV
c(SSL)DivB* 636,Z49C SSL DivB* 389#
–P ldap-ssl-keyfile-password
8( SSL \?}]bD\k#;PZ8(K –Z !nDivBKN}EGXh
D#
Z 26 B Tivoli Access Manager 5CLr 395
":k1! SSL \?D~`X*D\k* key4ssl#
–w ldap_admin_pwd
8( LDAP \m1D\k#
–Z 8>Q9C SSL#
schema8>&CC Tivoli Access Manager #=|B IBM Directory Server#;PZ(
F V5.2 .0D IBM Directory Server f>1E9CKN}#
"M
Tivoli Access Manager #=(eZ;iD~P#b)D~k};9CD LDAP ~qw
D`M`X#b)D~|, Tivoli Access Manager LDAP #=:
v secschema.def - CZ IBM Directory Server
v nsschema.def - CZ Sun ONE Directory Server
v novschema.def - CZ Novell eDirectory Server
1zdC Tivoli Access Manager policy server 1,b)D~w* Tivoli Access Manager
runtime D;?V20,"w*T/#=|B}LDdk9C#
":\m19IT(}+b)D~Cw IBM Directory ldapmodify |nD LDAP }
];;q=(LDIF)dk4&CM|B#=#
5Xk
I\5XTBKv4,k:
0 |nI&jI#
1 |n'\#
1|n'\1,aa);umsT0TmsDhv#
396 IBM Tivoli Access Manager for e-business: Web Security 208O
migrateEAR4+2+_TE"S?phv{(s5i5D~)(F= Tivoli Access Manager for
WebSphere Application Server V4.0.6#
o(
migrateEAR4 –j absolute_pathname_to_application_EAR_file –c URI –a admin_ID –padmin_pwd –w Websphere_admin_ID –d user_registry_domain_suff ix [–rroot_objectspace_name] [–t ssl_timeout] [–eenterprise_application_name]
N}
–a admin_ID
8( Tivoli Access Manager \mC'#K\m1Xk_P4(C'"TsM ACL
yhDX(#}g -a sec_master#
KN}GI!D#g{48(CN},+ZKP1a>C'a)\mC'{#
–c URI
8(I pdwascfg 5CLrdCD PdPerm.properties D~D3;J48>w
(URI);C#1 WebSphere Application Server 20Z1!;C1,C URI gB:
v Z AIX 53O:
file:/usr/WebSphere/AppServer/java/jre/PdPerm.properties
v Z HP-UX"Linux M Solaris 53O:
file:/opt/WebSphere/AppServer/java/jre/PdPerm.properties
v Z Windows 53O:
file:/c:\WebSphere\AppServer\java\jre\PdPerm.properties
–d user_registry_domain_suffix
8(C'"am*9CDrs:#}g,TZ LDAP C'"am,Grs:,}
g:
"o=ibm,c=us"
":
1. Windows *srs:(Z}EZ#
2. IT9C pdadmin user show |nT>C'D DN#
–e enterprise_application_name
8(&CLr{F,Tc}7(FdT>{Fkd20{F;,DQ20&CL
r#g{;8(K!n,r5CLr+"T(}9C .ear D~r .xml D~4R
v&CLr{F#
ITZ&CLr?p1|D&CLr{F,2ITZTs(} WebSphere XF(x
P|D#K|D;a43Z EAR D~P#g{;P^D EAR D~T43B{F,
+4(msD\#$Ts#9C –e !n8(&CLrD{F,C{FkZ
WebSphere Application Server XF(OT>D`,#
–j path
8( Java 2 Enterprise Edition &CLri5D~#K!n2ITG EAR ?<#
g{ WebSphere Application Server 20Z1!;C,r*(FD admin.ear D
~D76gB:
Z 26 B Tivoli Access Manager 5CLr 397
v Z AIX 53O:
/usr/WebSphere/AppServer/config/admin.ear
v Z HP-UX"Linux M Solaris 53O:
/opt/WebSphere/AppServer/config/admin.ear
v Z Windows 53O:
C:\WebSphere\AppServer\config\admin.ear
–p admin_pwd
8( Tivoli Access Manager \mC'D\k#\mC'Xk_P4(C'"Ts
M ACL yhDX(#}g,zIT+ -a sec_master \mC'D\k8(* -p
myPassword#
KN}GI!D#g{;P8(CN},+a>C'a)\mC'{D\k#
–r root_objectspace_name
8(yTsUd{F,|G+* WebSphere Application Server 4(D\#$Ts
{ F U d c N a 9 D y { F # K N } G I ! D # y T s U d D 1 ! 5 *
WebAppServer#
g{9C1!{FTbD{F,r+h*|D PDWAS.properties D~TCJ}7
DTsUd#
Ywi{kyTsUd{F%d#by,18(yTsUd{F1aT/hCYw
i{#
–t ssl_timeout
8( SSL ,1DVS}#KN}CZZ1!,S,1.0O*,S"XB,S
Tivoli Access Manager authorization server k policy server .dD SSL OBD#
1!5G 60 VS#n!5G 10 VS#ns5;&1,} Tivoli Access Manager
ssl-v3-timeout 5#ssl-v3-timeout D1!5G 120 VS#
KN}GI!D#g{z;l$K5D\m,IT2+X9C1!5#
–w WebSphere_admin_ID
8(Z WebSphere Application Server 2+TC'"amVNPdCD\mC'{
w*\m1#b&CkzZZ 207 3D:* WebSphere 4( Tivoli Access Manager
\mC';P4(r<kDJ'%d#4(r|B Tivoli Access Manager \#$
TsUd*sw*KC'_PCJ(#
1\#$TsUdPP4fZ WebSphere \mC'1,+4(r<k\mC'#Z
KivB,a*CC'zIfz\k,R+J'hC*^'#h*+K\k|D*
Q*\k,R+J'hC*P'#
4(K\#$TsM ACL#\mC'mS=i pdwas-admin,"xPTB ACL t
T:
v T - izmI(
v i - wCmI(
v WebAppServer - Ywi{F#WebAppServer G1!{F#
k"b,1x –r !nKP(F5CLr1,I\2GKYwi{(M%dDy
TsUd)#
g{}Z(F admin.ear D~,h*+i pdwas-admin mS= admin G+#
398 IBM Tivoli Access Manager for e-business: Web Security 208O
"M
K5CLr+2+_TE"S?phv{(s5i5D~)(F= Tivoli Access Manager
for WebSphere#K5CLrZ UNIX 53Ow* shell E>5V,Z Windows 53
Ow*z&mD~5V#CE>wC Java ` com.tivoli.pdas.migrate.Migrate#
CE>@5ZTX8m~;CR=}7D73d?#CE>CTB!nwC Java:
v –Dpdwas.lang.home
|,f Tivoli Access Manager for WebSphere a)D>zoT'VbD?<#b)
b;Z Tivoli Access Manager for WebSphere 20?<BD3vS?<P#}g:
-Dpdwas.lang.home=%PDWAS_HOME%\java\nls
v –cp %CLASSPATH% com.tivoli.pdwas.migrate.Migrate
Xk* Java 20}7XhC CLASSPATH#
Kb,Z Windows O,–j !nM –c !n<IT}Cd? %WAS_HOME% T7(ZN&
20 WebSphere Application Server#KE"C4:
v 9(s5i5D~D+76{#
v 9( PdPerm.properties D~;Cj{D URI 76{#
ICT
K|n;ZTB1!20?<:
v UNIX 53:
/opt/amwas/bin/
v Z Windows 53O:
C:\Program Files\Tivoli\amwas\bin\
1!qK;,Z1!?<D20?<1,K5CLr;Z20?<BD bin ?<(}
g,install_dir\bin\)#
5Xk
I\5XTBKv4,k:
0 |nI&jI#
1 |n'\#
1|n'\1,+T>ms{"#XZJbD|j8hv,kND IBM Tivoli Access
Manager Error Message Reference#
Z 26 B Tivoli Access Manager 5CLr 399
migrateEAR5+2+_TE"S?phv{(s5i5D~)(F= Tivoli Access Manager for
WebSphere Application Server V5.0.2#
o(
migrateEAR5 –j path –c URI –a admin_ID –p admin_pwd –w Websphere_admin_user
–d user_registry_domain_suffix [–r root_objectspace_name] [–t ssl_timeout] [–eenterprise_application_name]
N}
–a admin_ID
8(\mC'j6#\mC'Xk_P4(C'"TsM ACL yhDX(#}g
-a sec_master#
KN}GI!D#g{48(CN},+ZKP1a>C'a)\mC'{#
–c URI
8(I pdwascfg 5CLrdCD PdPerm.properties D~D3;J48>w
(URI);C#1 WebSphere Application Server 20Z1!;C1,C URI gB:
v Z AIX 53O:
file:/usr/WebSphere/AppServer/java/jre/PdPerm.properties
v Z HP-UX"Linux M Solaris 53O:
file:/opt/WebSphere/AppServer/java/jre/PdPerm.properties
v Z Windows 53O:
file:/c:\WebSphere\AppServer\java\jre\PdPerm.properties
–d user_registry_domain_suffix
8(C'"am*9CDrs:#}g,TZ LDAP C'"am,Grs:,}
g:
"o=ibm,c=us"
":
1. Windows *srs:(Z}EZ#
2. IT9C pdadmin user show |nT>C'D DN#
–e enterprise_application_name
8(&CLr{F,Tc}7(FdT>{Fkd20{F;,DQ20&CL
r#g{;8(K!n,r5CLr+"T(}9C .ear D~r .xml D~4R
v&CLr{F#
ITZ&CLr?p1|D&CLr{F,2ITZTs(} WebSphere XF(x
P|D#K|D;a43Z EAR D~P#g{;P^D EAR D~T43B{F,
+4(msD\#$Ts#9C –e !n8(&CLrD{F,C{FkZ
WebSphere Application Server XF(OT>D`,#
–j path
8( Java 2 Enterprise Edition &CLri5D~D+^(76MD~{#K76
2ITG)9s5&CLrD?<#1 WebSphere Application Server 20Z1!
;C1,*(FD}]D~76gB:
400 IBM Tivoli Access Manager for e-business: Web Security 208O
v Z AIX 53O:
/usr/WebSphere/AppServer/installedApps/cellname/adminconsole.ear/usr/WebSphere/AppServer/config/cells/cellname/admin-authz.xml/usr/WebSphere/AppServer/config/cells/cellname/naming-authz.xml
v Z HP-UX"Linux M Solaris 53O:
/opt/WebSphere/AppServer/installedApps/cellname/adminconsole.ear/opt/WebSphere/AppServer/config/cells/cellname/admin-authz.xml/opt/WebSphere/AppServer/config/cells/cellname/naming-authz.xml
v Z Windows 53O:
C:\Program Files\WebSphere\AppServer\installedApps\cellname\adminconsole.earC:\Program Files\WebSphere\AppServer\config\cells\cellname\admin-authz.xmlC:\Program Files\WebSphere\AppServer\config\cells\cellname\naming-authz.xml
–p admin_pwd
8( Tivoli Access Manager \mC'D\k#\mC'Xk_P4(C'"Ts
M ACL yhDX(#}g,zIT+ -a sec_master \mC'D\k8(* -p
myPassword#
KN}GI!D#g{;P8(CN},+a>C'a)\mC'{D\k#
–r root_objectspace_name
8(yTsUd{F,|G+* WebSphere Application Server 4(D\#$Ts
{FUdcNa9Dy{F#KN}GI!D#
yTsUdD1!5* WebAppServer#g{9C1!{FTbD{F,r+h*|
D PDWAS.properties D~TCJ}7DTsUd#
Ywi{kyTsUd{F%d#by,18(yTsUd{F1aT/hCYw
i{#
–t ssl_timeout
8( SSL ,1DVS}#KN}CZZ1!,S,1.0O*,S"XB,S
Tivoli Access Manager authorization server k policy server .dD SSL OBD#
1!5G 60 VS#n!5G 10 VS#ns5;&1,} Tivoli Access Manager
ssl-v3-timeout 5#ssl-v3-timeout D1!5G 120 VS#
KN}GI!D#g{z;l$K5D\m,IT2+X9C1!5#
–w WebSphere_admin_user
8(Z WebSphere Application Server 2+TC'"amVNPdCDC'{w*
\m1#b&CkzZZ 207 3D:* WebSphere 4( Tivoli Access Manager \
mC';P4(r<kDJ'%d#4(r|B Tivoli Access Manager \#$T
sUd*sKC'_PCJmI(#
1\#$TsUdPP4fZ WebSphere \mC'1,+4(r<k\mC'#Z
KivB,a*CC'zIfz\k,R+J'hC*^'#h*+K\k|D*
Q*\k,R+J'hC*P'#
4(K\#$TsM ACL#\mC'mS=i pdwas-admin,"xPTB ACL t
T:
v T - izmI(
v i - wCmI(
v WebAppServer - Ywi{F#WebAppServer G1!{F#
Z 26 B Tivoli Access Manager 5CLr 401
k"b,1x –r !nKP(F5CLr1,I\2GKYwi{(M%dDy
TsUd)#
"M
K5CLr+2+_TE"S?phv{(s5i5D~)(F= Tivoli Access Manager
for WebSphere#K5CLrZ UNIX 53Ow* shell E>5V,Z Windows 53
Ow*z&mD~5V#CE>wC Java ` com.tivoli.pdas.migrate.Migrate#
CE>@5ZTX8m~;CR=}7D73d?#CE>CTB!nwC Java:
v –Dpdwas.lang.home
|,f Tivoli Access Manager for WebSphere a)D>zoT'VbD?<#b)
b;Z Tivoli Access Manager for WebSphere 20?<BD3vS?<P#}g:
-Dpdwas.lang.home=%PDWAS_HOME%\java\nls
v –cp %CLASSPATH% com.tivoli.pdwas.migrate.Migrate
Xk* Java 20}7XhC CLASSPATH#
Kb,Z Windows O,–j !nM –c !n<IT}Cd? %WAS_HOME% T7(ZN&
20 WebSphere Application Server#KE"C4:
v 9(s5i5D~D+76{#
v 9( PdPerm.properties D~;Cj{D URI 76{#
ICT
K|n;ZTB1!20?<:
v UNIX 53:
/opt/amwas/bin/
v Z Windows 53O:
C:\Program Files\Tivoli\amwas\bin\
1!qK;,Z1!?<D20?<1,K5CLr;Z20?<BD bin ?<(}
g,install_dir\bin\)#
5Xk
I\5XTBKv4,k:
0 |nI&jI#
1 |n'\#
1|n'\1,+T>ms{"#XZJbD|j8hv,kND IBM Tivoli Access
Manager Error Message Reference#
402 IBM Tivoli Access Manager for e-business: Web Security 208O
pdbackup8]"4-Mi! Tivoli Access Manager }]#
o(
pdbackup –action backup –list path_to_list_file [–path path] [–file filename]
pdbackup –action restore –file filename [–path path]
pdbackup –action extract –file filename –path path
pdbackup –usage
pdbackup –?
N}
k"b,zITuL!n{,+u4XkGw7^geD#}g,ITdk –a m>
–action,r_dk –l m> –list#+G,;\uL!nD5#
–action [backup|restore|extract]8(*8]"4-ri!}]#
–file filename
8(TBwn.;:
v g{(} –a backup !n8(,r8(;,Z
list_filename_date.time[.tar|.dar] 1!D~{DD~{#
i5D~D1!{FGy9CDPm{F,"|,UZM1dAG#}g:
– UNIX
/var/PolicyDirector/pdbackup/list_filename_date.time.tar
– Windows
C:\Program Files\Tivoli\PolicyDirector\pdbackup\list_filename_date.time.dar
v g{(} –a restore !n8(,r8(*4-Di5D~D{FM+^(
76#;P1!76#19C –a restore !n1,K!nGXhD#
v g{(} –a extract !n8(,r8(*i!Di5D~D{FM+^(7
6#;P1!76#19C –a extract !n1,K!nGXhD#
–list path_to_list_file
8(i5D~r~qPmD~(|,wv;,DZD ASCII D~)D+^(7
6#19C –a backup !n1,K!nGXhD#76MPmD~{y@5
Zi~#?vi~yITZdT:D?<PPT:DPm#
v Z UNIX 53O,}#76gB:
/opt/PolicyDirector/etc/pdbackup.lst
v Z Windows 53O,}#76gB:
C:\Program Files\Tivoli\PolicyDirector\etc\pdbackup.lst
–path path
8(C4ECPmD~D8C?<,}g:
Z 26 B Tivoli Access Manager 5CLr 403
v g{(} –a backup !n8(,r8(k*C4f"8]D~D76#g
{Z9C –a backup !n148(76,r1!76*TB76.;:
– Z UNIX 53O,1!76gB:
/var/PolicyDirector/pdbackup/
– Z Windows 53O,1!76gB:
amrte_install_dir\pdbackup\
dP amrte_install_dir 8(20K Tivoli Access Manager runtime D?<#
v g{;Z UNIX 53O(} –a restore !n8(,r8>Z8(D path P
4-Qi5D~#1!ivB,4-76;Z8]}]1yCD?<#Z
Windows 53O,4-}L;'V –p !n#
v g{(} –a extract !n8(,r8(k*C4f"Qi!D~D?<{#
;P1!76#19C –a extract !n1,–p !nGXhD#
–usageT>K|nD9Co(#9T>;v>}#
–? T>K|nD9Co(#9T>;v>}#
"M
9C pdbackup |n8]M4- Tivoli Access Manager }]#w*4-YwD8C
Yw,zIT+yPQi5D~i!=%v?<P#
K|nn#CZTB}V&C!O:
v Tivoli Access Manager Base i~D~D8]"4-Mi!#
v Tivoli Access Manager WebSeal i~D~D8]"4-Mi!#
v Tivoli Access Manager Web Server i~D~D8]"4-Mi!#
k"b,;V[}V&C!O#+GzIT8]"4-Mi!NN Tivoli Access Manager
Base i~D~T0NN Tivoli Access Manager ~qwD~#
Tivoli Access Manager D~D8]
8]YwS –file !nDN}Pq!*i5D8]PmD~{#date M time 43D~
D4(1d#g{48(~qPmD~D{F,rT/9C1!~qPmD~{#T
Zb)&C!O,X(Zi~D8]PmD~T>Zm 46 P#
8]PmD~;Z Tivoli Access Manager 20?<BD pdbackup ?<P#IT9C
–path !n8(C4EC8]PmD~D8C?<#
BmT>1 Tivoli Access Manager 20Zi~D1!20?<P18]PmD~D;
C#
m 46. 8]PmD~
Tivoli Access Manager Base
UNIX /var/PolicyDirector/pdbackup/pdbackup.lst_ddmmmyyyy.hh_mm.tar
Windows amrte_install_dir\pdbackup\pdbackup.lst_ddmmmyyyy.hh_mm.dar
Tivoli Access Manager WebSEAL
UNIX /var/pdweb/pdbackup/amwebbackup.lst_ddmmmyyyy.hh_mm.tar
404 IBM Tivoli Access Manager for e-business: Web Security 208O
m 46. 8]PmD~ (x)
Windows amrte_install_dir\PDweb\pdbackup\amwebbackup.lst_ddmmmyyyy.hh_mm.dar
Tivoli Access Manager Plug-in for Web Servers
UNIX /var/pdwebpi/pdbackup/pdwebpi.lst_ddmmmyyyy.hh_mm.tar
Windows amrte_install_dir\PDwebpi\pdbackup\pdwebpi.lst_ddmmmyyyy.hh_mm.dar
}g,TZ UNIX,_PzmTD Tivoli Access Manager Base i~8]PmD~{+
G backup.lst_14Oct2003.11_22.tar#
Tivoli Access Manager ~qE"D~D8]
8]Yw94(;v~qPmD~{#
8]YwS –file !nDN}Pq!*i5D~qPmD~{#date M time 43~q
PmD~D4(1d#g{48(~qPmD~D{F,rT/9C1!~qPmD
~{#TZb)&C!O,X(Zi~D8]PmD~T>Zm 47 P#
IT9C –path !n8(~qPmD~D;C#g{;P8(;C,r9C1!;C#
~qPmD~9;Z Tivoli Access Manager i~D20?<BD etc ?<P#
BmT>1 Tivoli Access Manager 20Zi~D1!20?<P1~qPmD~D;
C#
m 47. ~qD~Pm(pdinfo)
~qD~Pm
Tivoli Access Manager Base
UNIX /opt/PolicyDirector/etc/pdinfo.lst_ddmmmyyyy.hh_mm.tar
Windows C:\Program Files\Tivoli\PolicyDirector\etc\pdinfo.lst_ddmmmyyyy.hh_mm.dar
Tivoli Access Manager WebSEAL
UNIX /opt/pdweb/etc/pdinfo-amwebbackup.lst_ddmmmyyyy.hh_mm.tar
Windows C : \ P r o g r a m
Files\Tivoli\PolicyDirector\etc\pdinfo-amwebbackup.lst_ddmmmyyyy.hh_mm.dar
Tivoli Access Manager Plug-in for Web Servers
UNIX /opt/pdweb/etc/opt/pdwebpi/etc/pdinfo-pdwebpi.lst_ddmmmyyyy.hh_mm.tar
Windows C : \ P r o g r a m
Files\Tivoli\PDWebpi\etc\pdinfo-pdwebpi.lst_ddmmmyyyy.hh_mm.dar
}g,TZ UNIX,_PzmTD Tivoli Access Manager Base i~~qPmD~{+
G pdinfo.lst_14Oct2003.11_22.tar#
Tivoli Access Manager D~D4-
4-D~1,+D~EC=?<cNa9P#cNa9D;CgB:
v UNIX
Qi5D~Z1!ivB4-=y?<P#IT9C –path 8(8C?<#Z UNIX
53O,}G8(C!n,qr4-=y?<,xC!n9z\;+D~4-=X
(D?<wP#
Z 26 B Tivoli Access Manager 5CLr 405
v Windows
Qi5D~4-=|GnuD?<P# –path !n;IC#
Tivoli Access Manager D~Di!
9C pdbackup S8]i5Pi!D~#D~EC=%v?<P#x;GEC=?<
wa9P#
9C –file !n8(*i!Di5D~D{FM+^(76#
9C –path !n8(ECQi!D~D?<#
":9C –a extract !n;a|B Windows "am|#
ICT
K|n;ZTB1!20?<:
v Z UNIX 53O:
/opt/PolicyDirector/bin/
v Z Windows 53O:
c:\Program Files\Tivoli\Policy Director\bin\
1!qK;,Z1!?<D20?<1,K5CLr;Z20?<BD bin ?<(}
g,install_dir\bin\)#
>}
Tivoli Access Manager Base D8]
v TB>}(}9Ci5D~D1!5xP8]:
UNIXpdbackup -a backup -list /opt/PolicyDirector/etc/pdbackup.1st
Windowspdbackup -a backup -list installation_dir\etc\pdbackup.1st
":pdbackup -a backup -l Du4N=`IS\#
K|n4(D>}i5D~:
UNIX:/var/PolicyDirector/pdbackup/pdbackup.lst_15dec2003.10_41.tar
Windows\installation_dir\pdbackup\pdbackup.lst_15dec2003.10_41.dar
v K>}(}8(i5D~D8C;C4xP8]:TB>}4P8],Z /var/backup
?<(UNIX)r C:\pdback(Windows)?<P4(1!i5D~:
UNIXpdbackup -a backup -list /opt/PolicyDirector/etc/pdbackup.1st -p /var/backup
Windowspdbackup -a backup -list installation_dir\etc\pdbackup.1st -path c:\pdback
406 IBM Tivoli Access Manager for e-business: Web Security 208O
v K>}(}8(i5D~D8C{F4xP8]:TB>}4P8],4({*
pdarchive.tar(UNIX)r pdarchive.dar(Windows)DD~#TOD~;Z1!
i5?<P#
UNIXpdbackup -a backup -list /opt/PolicyDirector/etc/pdbackup.1st -f pdarchive
Windowspdbackup -a backup -list base_dir\etc\pdbackup.1st -f pdarchive
1!i5)9{(T UNIX * .tar,T Windows * .dar)a7S= pdarchive D
~{#KD~f"Z1!i5?< /var/PolicyDirector/pdbackup(UNIX)r
installation_dir\pdbackup(Windows)P#
Tivoli Access Manager WebSEAL D8]
v TB>}(}9Ci5D~D1!5xP8]:
UNIXpdbackup -a backup -list /opt/pdweb/etc/amwebbackup.1st
Windowspdbackup -a backup -list installation_dir\etc\amwebbackup.1st
K|n4(D>}i5D~:
UNIX:/var/PolicyDirector/pdbackup/amwebbackup.lst_15dec2003.10_41.tar
Windows\installation_dir\pdbackup\amwebbackup.lst_15dec2003.10_41.dar
v K>}(}8(i5D~D8C;C4xP8]:TB>}4P8],Z /var/backup
?<(UNIX)r C:\pdback(Windows)?<P4(1!i5D~:
UNIXpdbackup -a backup -list /opt/pdweb/etc/amwebbackup.1st -p /var/backup
Windowspdbackup -a backup -list installation_dir\etc\amwebbackup.1st -path c:\pdback
v K>}(}8(i5D~D8C{F4xP8]:TB>}4P8],4({*
amwebarchive.tar(UNIX)r amwebarchive.dar(Windows)DD~#TOD~;
Z1!i5?<P#
UNIXpdbackup -a backup -list /opt/pdweb/etc/amwebbackup.1st -f amwebarchive
Windowspdbackup -a backup -list base_dir\etc\amwebbackup.1st -f amwebarchive
1!i5)9{(T UNIX * .tar,T Windows * .dar)a7S= pdarchive D
~{#KD~f"Z1!i5?< /var/PolicyDirector/pdbackup(UNIX)r
installation_dir\pdbackup(Windows)P#
Tivoli Access Manager Plug-in for Web Servers D8]
v TB>}(}9Ci5D~D1!5xP8]:
UNIXpdbackup -a backup -list /opt/pdwebpi/etc/pdwebpi.lst
Windowspdbackup -a backup -list install-dir\etc\pdwebpi.lst
Z 26 B Tivoli Access Manager 5CLr 407
K|n4(D>}i5D~:
UNIX:/var/PolicyDirector/pdbackup/pdinfo-pdwebpi_15dec2003.10_41.tar
Windows\installation_dir\pdbackup\pdinfo-pdwebpi_15dec2003.10_41.dar
v K>}(}8(i5D~D8C;C4xP8]:TB>}4P8],Z /var/backup
?<(UNIX)r C:\pdback(Windows)?<P4(1!i5D~:
UNIXpdbackup -a backup -list /opt/pdweb/etc/pdwebpi.lst -p /var/backup
Windowspdbackup -a backup -list installation_dir\etc\pdwebpi.lst -path c:\pdback
v K>}(}8(i5D~D8C{F4xP8]:TB>}4P8],4({*
amwebarchive.tar(UNIX)r amwebarchive.dar(Windows)DD~#TOD~;
Z1!i5?<P#
UNIXpdbackup -a backup -list /opt/pdweb/etc/pdwebpi.lst -f amwebarchive
Windowspdbackup -a backup -list base_dir\etc\pdwebpi.lst -f amwebarchive
1!i5)9{(T UNIX * .tar,T Windows * .dar)a7S= pdarchive D
~{#KD~f"Z1!i5?< /var/PolicyDirector/pdbackup(UNIX)r
installation_dir\pdbackup(Windows)P#
Tivoli Access Manager Base D4-
v TB>}Zi5D~f"Z1!;CDivB4-i5D~DZ]:
UNIXpdbackup -a restore -f /var/PolicyDirector/pdbackup/pdbackup.1st_15dec2003.07_24.tar
Windowspdbackup -a restore -f base_dir\pdbackup\pdbackup.1st_15dec2003.07_24.dar
v TB>}Zi5D~f"ZG1!;C(}gTZ UNIX G /var/pdback,rTZ
Windows G \pdbackup)DivB4-i5D~DZ]:
UNIXpdbackup -a restore -f /var/pdback/pdbackup.1st_15dec2003.07_25.tar
Windowspdbackup -a restore -f h:\pdbackup\pdbackup.1st_15dec2003.07_25.dar
v (vT UNIX)TB>}Zi5D~f"ZG1!;C /var/pdback DivB4-i
5D~DZ]#4-sD?<cNa9ECZ?< /pdtest B:
pdbackup -a restore -p pdtest -f /var/pdback/pdbackup.1st_15dec2003.07_25.tar
Tivoli Access Manager WebSEAL D4-
v TB>}Zi5D~f"Z1!;CDivB4-i5D~DZ]:
408 IBM Tivoli Access Manager for e-business: Web Security 208O
UNIXpdbackup -a restore -f /var/PolicyDirector/pdbackup/amwebbackup.1st_15dec2003.07_24.tar
Windowspdbackup -a restore -f base_dir\pdbackup\amwebbackup.1st_15dec2003.07_24.dar
v (vT UNIX)TB>}Zi5D~f"ZG1!;C /var/pdback DivB4-i
5D~DZ]#4-sD?<cNa9ECZ?< /amwebtest B:
pdbackup -a restore -p amwebtest -f /var/pdback/amwebbackup.1st_15dec2003.07_25.tar
Tivoli Access Manager Plug-in for Web Servers D4-
v TB>}Zi5D~f"Z1!;CDivB4-i5D~DZ]:
UNIXpdbackup -a restore -f /var/PolicyDirector/pdbackup/pdinfo-pdwebpi.lst_15dec2003.07_24.tar
Windowspdbackup -a restore -f install_directory\pdbackup\pdinfo-pdwebpi.lst_15dec2003.07_24.dar
v (vT UNIX)TB>}Zi5D~f"ZG1!;C /var/pdback DivB4-i
5D~DZ]#4-sD?<cNa9ECZ?< /amwebtest B:
pdbackup -a restore -p amwebtest -f /var/pdback/pdinfo-pdwebpi.lst_15dec2003.07_25.tar
Tivoli Access Manager Base Di!
TB>}+i5D~DZ]S /var/pdbackup(UNIX)r C:\pdback(Windows)i!
={* pdextract D?<P#
UNIXpdbackup -a extract -p pdextract -f /var/pdbackup/pdbackup.1st_15dec2003.07_25.tar
Windowspdbackup -a extract -p e:\pdextract -f c:\pdback\pdbackup.1st_15dec2003.07_25.dar
g{ pdextract ?<;fZ,aT/4(C?<#
Tivoli Access Manager WebSEAL Di!
TB>}+i5D~DZ]S /var/pdbackup(UNIX)r C:\pdback(Windows)i!
={* amwebextract D?<P#
UNIXpdbackup -a extract -p amwebextract -f /var/pdbackup/pdbackup.1st_15dec2003.07_25.tar
Windowspdbackup -a extract -p e:\amwebextract -f c:\pdback\pdbackup.1st_15dec2003.07_25.dar
g{ amwebextract ?<;fZ,aT/4(C?<#
Tivoli Access Manager Plug-in for Web Servers Di!
Z 26 B Tivoli Access Manager 5CLr 409
TB>}+i5D~DZ]S /var/pdbackup(UNIX)r C:\pdback(Windows)i!
={* amwebextract D?<P#
UNIXpdbackup -a extract -p amwebextract -f /var/pdbackup/pdinfo-pdwebpi.lst_15dec2003.07_25.tar
Windowspdbackup -a extract -p e:\amwebextract -f c:\pdback\pdinfo-pdwebpi.lst_15dec2003.07_25.dar
g{ amwebextract ?<;fZ,aT/4(C?<#
5Xk
I\5XTBKv4,k:
0 |nI&jI#
1 |n'\#
1|n'\1,aa)TmsDhv,T0.yxFq=Dms4,k(}g
0x15c3a00c)#kND IBM Tivoli Access Manager Error Message Reference#KN
<T.xFr.yxFzka)K Tivoli Access Manager ms{"DPm#
410 IBM Tivoli Access Manager for e-business: Web Security 208O
pdconfiga);v;%=K%TdCM!{dC Tivoli Access Manager i~#
o(
pdconfig
N}
^#
ICT
K|n;ZTB1!20?<:
v Z UNIX 53O:
/opt/PolicyDirector/bin/
v Z Windows 53O:
c:\Program Files\Tivoli\Policy Director\bin\
1!qK;,Z1!?<D20?<1,K5CLr;Z20?<BD bin ?<(}
g,install_dir\bin\)#
5Xk
I\5XTBKv4,k:
0 |nI&jI#
1 |n'\#
1|n'\1,aa)TmsDhv,T0.yxFq=Dms4,k(}g
0x15c3a00c)#kND IBM Tivoli Access Manager Error Message Reference#KN
<T.xFr.yxFzka)K Tivoli Access Manager ms{"DPm#
Z 26 B Tivoli Access Manager 5CLr 411
pdjrtecfgdC Tivoli Access Manager Java Runtime i~#Tivoli Access Manager Java Runtime
i~9C Java &CLrIT\mM9C Tivoli Access Manager 2+T#
o(
pdjrtecfg –action config –host policy_server_host [–port policy_server_port][–java_home jre_home] [–domain domain_name] [–config_type full] [–enable_tcd[–tcd path]]
pdjrtecfg –action config [–config_type standalone]
pdjrtecfg –action config –interactive
pdjrtecfg –action config –rspfile response_file
pdjrtecfg –action unconfig –rspfile response_file
pdjrtecfg –action unconfig [–java_home {jre_home| all}] [–remove_common_jars]
pdjrtecfg –action unconfig –interactive
pdjrtecfg –action status [–java_home jre_home]
pdjrtecfg –action name
pdjrtecfg –operations
pdjrtecfg –help [options]
pdjrtecfg –usage
pdjrtecfg –?
N}
–action {config|name|status|unconfig}8(*4PDYw#Yw|(:
config C4dC Tivoli Access Manager Java Runtime i~#
name + Tivoli Access Manager Java Runtime i~D{F55Xx pdconfig5CLr#K!n;\I pdconfig 9C#kpS|nP9CK!n#
status 7O Tivoli Access Manager Java Runtime i~dC4,E","+C
E"5Xx pdconfig 5CLr#K!n;\I pdconfig 9C#k
pS|nP9CK!n#
unconfigC4!{dC Tivoli Access Manager Java Runtime i~#
–config_type {full|standalone}8(dC==#P'5*:
412 IBM Tivoli Access Manager for e-business: Web Security 208O
full 8( Tivoli Access Manager Java Runtime i~dCLrh* Tivoli
Access Manager policy server E"E\KPDdC==#K1!5*
full#
standalone8( Tivoli Access Manager Java Runtime i~dCLr;h* Tivoli
Access Manager policy server E"M\KPDdC==#K==;h*
Tivoli Access Manager policy server MJmz9C Tivoli Access Manager
Java API#
–domain domain_name
8(}ZdCD Java Runtime i~D>Xr#>XrG1;P8(NNw7D
r1Lry9CD Tivoli Access Manager 2+r#g{;8(K!n,>Xr
+1!*\mr#
–enable_tcd [–tcd path]g{P4tC,rtC Tivoli +2?<(TCD)U>G<,"8(CZ+2U
>G<D+^(76;C#tCK TCD DivB,yP Tivoli Access Manager
{"U>D~y+ECZK+2?<;C#
–help [options](}T>P'|nP!nDhv,a);vr`v|n!nD*zoz#m
b,9ITa)XZX(|nP!nD*zoz#
–host policy_server_host
8( Tivoli Access Manager policy server wz{#
host_name DP'5|(NNP'D IP wz{#
>}:
host = libra
host = libra.dallas.ibm.com
–interactive8(;%==,ZC==Paa>C'a)dCE"TdC Tivoli Access
Manager Java Runtime i~#g{;8(,rdCLr+TG;%(2,)=
=KP#
":g{9C pdjrtecfg –interactive(;%==)rg{9C pdconfig 5
CLr,r Sun JRE V1.4 DdC+'\#Xk9C pdjrtecfg 5CLr
TG;%==xPdC#k"b,9C pdjrtecfg –interactive(;%=
=)r pdconfig 5CLr1,Tivoli Access Manager Java Runtime V1.4
I}#KP#
–java_home jre_path
8( Java Runtime i~D+^(76(}gT JRE a2D?<)#g{48(
–java_home,+9C10 JRE#}g:
c:\Program Files\IBM\JAVA13\JRE
Z!{dC(–action unconfig)Zd,zIT8( all !n,b+!{dC
yPQdCD JRE#
–operationsr!vyPP'D|nP!n#
Z 26 B Tivoli Access Manager 5CLr 413
–port policy_server_port
8( Tivoli Access Manager policy server KZE#1!5* 7135#
–remove_common_jarsv}%Z Tivoli Access Manager Java Runtime i~dCZdmS= JRE Dk
IBM `XD JAR D~#yPZ Tivoli Access Manager Java Runtime i~d
C . 0 Q f Z Z J R E P D J A R y ; a > } , ; \ G q 8 (
–remove_common_jars !n#
vT!{dCZd,8(T>}d|k IBM `XD JAR D~,}gU>G<
M2+T JAR D~#
–rspfile response_file
a)*Z2,20Zd9CD Java Runtime i~l&D~D+^(76MD~
{#l&D~ITCZdCr!{dC#;P1!Dl&D~{#l&D~|
,ZM option=value TDZu?#PX|`E",kNDZ 435 3DZ 27 B,
:9Cl&D~;#
–usageT>K|nD9Co(#9T>;v>}#
–? T>K|nD9Co(#9T>;v>}#
"M
K|n+ Tivoli Access Manager Java b4F=;vb)9?<,C?<G*CZQZ
53O20D Java Runtime xfZ#
9CK|n;a2GQfZZ jre_home\lib\ext ?<PD JAR D~,+ PD.jar D
~}b,g{CD~fZ,a;2G#
ITZx(DzwO20`v Java Runtime# pdjrtecfg |nIC4@"Z?v JRE
xdC Tivoli Access Manager Java Runtime#
":k7#9C pdjrtecfg 5CLr,x;G1S9C PdJrteCfg Java `#
>}
1. TB>}dC Tivoli Access Manager Java Runtime i~:
pdjrtecfg -action config -host sys123.acme.com -port 7135-java_home E:\apps\IBM\Java131\jre
2. TB>}!{dC Tivoli Access Manager Java Runtime i~:
pdjrtecfg -action unconfig -java_home E:\apps\IBM\Java131\jre-remove_common_jars
ICT
K|n;ZTB1!20?<:
v Z UNIX 53O:
/opt/PolicyDirector/sbin/
v Z Windows 53O:
c:\Program Files\Tivoli\Policy Director\sbin\
414 IBM Tivoli Access Manager for e-business: Web Security 208O
1!qK;,Z1!?<D20?<1,K5CLr;Z20?<BD sbin ?<(}
g,install_dir\sbin\)#
5Xk
I\5XTBKv4,k:
0 |nI&jI#
1 |n'\#
1|n'\1,aa)TmsDhv,T0.yxFq=Dms4,k(}g
0x15c3a00c)#kND IBM Tivoli Access Manager Error Message Reference#KN
<T.xFr.yxFzka)K Tivoli Access Manager ms{"DPm#
Z 26 B Tivoli Access Manager 5CLr 415
pd_startZ UNIX 53O#9"t/MXBt/~qw#9T>~qw4,#
":Z Windows 53O,9C Services D~P#
o(
pd_start start [server_name ]
pd_start stop [server_name ]
pd_start restart [server_name ]
pd_start status [server_name ]
N}
restart XBt/yPQdCD Tivoli Access Manager ~qw#
start t/yP10;Z>X53OKPD Tivoli Access Manager ~qw#
status T>yPQdCD Tivoli Access Manager ~qwD4,(}ZKPr
Q#9)#
stop #9yP10;Z>X53OKPD Tivoli Access Manager ~qw#
"M
(#(}Z53t/MXU1KPDT//E>4tCM{C~qwxL#Z UNIX 7
3P,z9IT9C pd_start I4PD~V/t/M#9~qwxL#1zh*(F
20rh*4PJOoONq1,K<u\PC#
Z>XzwO;\9C pd_start 4t/M#9~qw#
ICT
Z UNIX 53O,K|n;ZTB1!20?<:
/opt/PolicyDirector/bin/
1!qK;,Z1!?<D20?<1,K5CLr;Z20?<BD bin ?<(}
g,install_dir/bin/)#
5Xk
I\5XTBKv4,k:
0 |nI&jI#
1 |n'\#
1|n'\1,aa)TmsDhv,T0.yxFq=Dms4,k(}g
0x15c3a00c)#kND IBM Tivoli Access Manager Error Message Reference#KN
<T.xFr.yxFzka)K Tivoli Access Manager ms{"DPm#
416 IBM Tivoli Access Manager for e-business: Web Security 208O
pdwascfgdCr!{dC Tivoli Access Manager for WebSphere Application Server#k"bK
5CLrv'V\mC'4(* sec_master Dr#
o(
pdwascfg –action {configWAS4|configWAS5} –remote_acl_user user
–sec_master_pwd password –was_home was_home_dir –pdmgrd_hostpolicy_server_hostname –pdacld_host authorization_server_hostname[–amwas_homeamwas_install_path] [–pdmgrd_port policy_server_port] [–pdacld_portauthorization_server_port] [–embedded {true|false}] [–action_type {all|local|remote}][–am_domain was_domain] [–cfg_url pdjrte_config_file_URL] [–key_urlpdjrte_keystore_URL ] [–verbose {true|false}]
pdwascfg –action {unconfigWAS4|unconfigWAS5} –remote_acl_user user
–sec_master_pwd password –was_home was_install path –pdmgrd_hostpolicy_server_hostname –pdacld_host authorization_server_hostname
pdwascfg –help [ options]
N}
–action {configWAS4|configWAS5}8(K|n*4PDYw#dC Tivoli Access Manager for WebSphere Application
Server#
–action {unconfigWAS4|unconfigWAS5}8(K|n*4PDYw#!{dC Tivoli Access Manager for WebSphere
Application Server#
–action_type {all|local|remote}8(yhDdC6p#I\D5P:all"local r remote#local !nv4P>
XzwOyhDdC|D(b6E;P SvrSslCfg)#remote !nv4P6LzwO
yhDdC|D(b6E SvrSslCfg)#C|n1!* all#
–am_domain was_domain
8( Tivoli Access Manager for WebSphere D Tivoli Access Manager r#Tivoli
Access Manager O$~qw(pdacld)XkZCrP,"RCrXkfZZ Tivoli
Access Manager \#$TsUdP#
–amwas_home amwas_install_path
1 Tivoli Access Manager for WebSphere ;Z1!;C201,8( Tivoli Access
Manager for WebSphere 20D;C#T –action {configWAS4|configWAS5} r
–action {unconfigWAS4|unconfigWAS5} !n9CKN}#
":1 Tivoli Access Manager for WebSphere 20Z1!;C1,–amwas_home!n^h;8(* pdwascfg |nD;?V#
–cfg_url pdjrte_config_file_url
8( PDJrte tTD~D;C#g{28(K!n -action_type remote r
-action_type all,rKD~+ZdCZd;4("Z!{dCZd;}%#
Z 26 B Tivoli Access Manager 5CLr 417
–embedded {true|false}1hC* true 1,8(Kz7k WebSphere b0Z;p#1!5* false#
–help [options]Pv|n!n{FMrLhv#g{8(K;vr`v!n,r|+Pv?v!n
MrLhv#
–key_url pdjrte_keystore_url
8( PDJrte \?bD~D;C#g{28(K!n -action_type remote r
-action_type all,rKD~+ZdCZd;4("Z!{dCZd;}%#
–pdacld_host authorization_server_hostname
|, Tivoli Access Manager authorization server Dwz{#T –action{configWAS4|configWAS5} r –action {unconfigWAS4|unconfigWAS5} !n
9CKN}#
–pdacld_port authorization_server_port
v1 Tivoli Access Manager authorization server DKZEQ-dC*;,Zj<K
Z1,E8(CKZE#T –action {configWAS4|configWAS5} r –action{unconfigWAS4|unconfigWAS5} !n9CKN}#k"bg{9CKK!n,9
Xk8( pdmgrd_port#
–pdmgrd_host policy_server_hostname
|, T i v o l i A c c e s s M a n a g e r p o l i c y s e r v e r Dwz{#T –act ion{configWAS4|configWAS5} r –action {unconfigWAS4|unconfigWAS5} !n
9CKN}#
–pdmgrd_port policy_server_port
v1 Tivoli Access Manager policy server DKZEQ-dC*;,Zj<KZ1,
E8(CKZE#T –action {configWAS4|configWAS5} r –action{unconfigWAS4|unconfigWAS5} !n9CKN}#
–remote_acl_user user
8(*k authorization server (Ex4(Dwe#KN}CZk Tivoli Access
Manager authorization server xP SSL ,S#CC';CfZZ"amP#T
–action {configWAS4|configWAS5} r –action {unconfigWAS4|unconfigWAS5}!n9CKN}#
}g:-remote_acl_user pdpermadmin
–sec_master_pwd password
8(\mC'((#* sec_master)D\k#T –action{configWAS4|configWAS5} r –action {unconfigWAS4|unconfigWAS5} !n
9CKN}#
–verbose {true|false}1hC* true 1,tCj8dv;qr,{Cj8dv#1!5* false#
–was_home was_home_dir
8( WebSphere Application Server 20Dw?<D+^(76#T –action{configWAS4|configWAS5} r –action {unconfigWAS4|unconfigWAS5} !n
9CKN}#
}g:
v Z AIX(WAS4 M WAS5)O:
418 IBM Tivoli Access Manager for e-business: Web Security 208O
/usr/WebSphere/AppServer
v Z HP-UX"Linux r Solaris(WAS4 M WAS5)O:
/opt/WebSphere/AppServer
v Z Windows O:
WAS 4 → c:\WebSphere\AppServerWAS 5 → "c:\Program Files\WebSphere\AppServer"
"M
pdwascfg 5CLrZ UNIX 53Ow* shell E>5V,Z Windows 53Ow*z
&mD~5V#1TYw config xPwC1,C5CLrjITBNq:
v dC WebSphere 9C Tivoli Access Manager for WebSphere#
v wC Java ` com.tivoli.mts.SvrSslCfg 4dC Tivoli Access Manager for WebSphere
Z(i~k policy server M authorization server =_.dD SSL (E#
v Zwz53O* Tivoli Access Manager for WebSphere `4(C'm]#
CE>@5ZTX8m~;CR=}7D73d?#+73d? %WAS_HOME% hC
* WebSphere Application Server 20?<#+ %PDWAS_HOME% hC* Tivoli Access
Manager for WebSphere 20?<D?<;C#pdwascfg |nD~CTB!nwC
Java:
v –Dpdwas.lang.home
|,f Tivoli Access Manager for WebSphere a)D>zoT'VbD?<#b)
b;Z Tivoli Access Manager for WebSphere 20?<BD3vS?<P#}g:
-Dpdwas.lang.home=%PDWAS_HOME%\java\nls
v –Dpdwas.home
Tivoli Access Manager for WebSphere Dw(20)?<#}g:
-Dpdwas.home=%PDWAS_HOME%
":;PZ20 Tivoli Access Manager for WebSphere sr*KBD|n0Z1E
hCK73d?#
v –Dwas.home
WebSphere Application Server Dw(20)?<#}g:
-Dwas.home=%WAS_HOME%
y> Java |n,g pdwascfg y4(:
java -Dpdwas.lang.home=%PDWAS_HOME%\java\nls-Dpdwas.home=%PDWAS_HOME%-Dwas.home=%WAS_HOME%PDWAScfg -action configWAS5-remote_acl_user pdpermadmin-sec_master_pwd myPassword-was_home c:\WebSphere\AppServer-pdmgrd_host pdmgrserver.mysubnet.ibm.com-pdacld_host pdacldserver.mysubnet.ibm.com
ICT
K|n;ZTB1!20?<:
v UNIX 53:
/opt/amwas/sbin/
Z 26 B Tivoli Access Manager 5CLr 419
v Z Windows 53O:
C:\Program Files\Tivoli\amwas\sbin\
1!qK;,Z1!?<D20?<1,K5CLr;Z20?<BD sbin ?<(}
g,install_dir\sbin\)#
5Xk
I\5XTBKv4,k:
0 |nI&jI#
1 |n'\#
1|n'\1,+T>ms{"#XZJbD|j8hv,kND IBM Tivoli Access
Manager Error Message Reference#
420 IBM Tivoli Access Manager for e-business: Web Security 208O
pdwebZ UNIX 53Ot/"#9rXBt/ WebSEAL Server,rT>~qw4,#
o(
pdweb start [WebSEAL_server_instance_name ]
pdweb stop [WebSEAL_server_instance_name ]
pdweb restart [WebSEAL_server_instance_name ]
pdweb status [WebSEAL_server_instance_name ]
N}
start 8(*t/D WebSEAL Server#5}{FN}GI!
D#g{4a)5}{F,rt/yP5}#
stop 8(*#9D WebSEAL Server#5}{FN}GI!
D#g{4a)5}{F,r#9yP5}#
restart 8(*XBt/D WebSEAL Server#5}{FN}G
I!D#g{4a)5}{F,rXBt/yP5
}#
status T>yP WebSEAL Server D4,#
WebSEAL_server_instance_name T server_name–host_name Dq=8( WebSEAL
Server 5}D{F#
}g,TZ%v WebSEAL Server,server_name *
default-webseald#TZ,;zwOD`v WebSEAL
5},server_name GsfzP -webseald D
WebSEAL Server 5}DQdC{F#}g,g{
W e b S e a l 5}DQdC{F* webseal2,r
server_name gB:webseal2-webseald#
5}{FDns$H* 20 vV{#JmTBV{:
v NN ASCII V{(A-Z r a-z)
v dc(.)v L._(–)
v B._(_)
"M
pdweb |n;Z UNIX 53O\'V#
ITC pdweb_start |nf; pdweb |n#
":Z Windows 53O,IT9C net |ntCM#9 WebSEAL Server#
>}
v TB>}t/u< WebSEAL Server MyPQdC~qw5}:
# /usr/bin/pdweb start
Z 26 B Tivoli Access Manager 5CLr 421
v TB>};t/X(D~qw5}:
# /usr/bin/pdweb start webseal3
v TB>}XBt/yPQdCD WebSEAL Server 5}:
# /usr/bin/pdweb restart
v TB>}#9yPQdCD WebSEAL Server 5}:
# /usr/bin/pdweb stop
v TB>};#9X(D~qw5}:
# /usr/bin/pdweb stop webseal3
v TB>}T>yPQdC~qwD4,:
# /opt/PolicyDirector/bin/pdweb status
Access Manager ServersServer Enabled Running------------------------------------------webseald yes yeswebseald-webseal2 yes yeswebseald-webseal3 yes yes
ICT
K|n;ZTB1!?<:
v Z UNIX 53O:
/opt/pdweb/bin/pdweb_start
1!qK;,Z1!?<D20?<1,K5CLr;Z20?<BD bin ?<(}
g,install_dir/bin/)#
5Xk
I\5XTBKv4,k:
0 |nI&jI#
1 |n'\#
1|n'\1,aa)TmsDhv,T0.yxFq=Dms4,k(}g
0x15c3a00c)#kND IBM Tivoli Access Manager Error Message Reference#KN
<T.xFr.yxFzka)K Tivoli Access Manager ms{"DPm#
422 IBM Tivoli Access Manager for e-business: Web Security 208O
pdwebpia) Tivoli Access Manager Plug-in for Web Servers f>E"#,1,97(G+
Plug-in for Web Servers w*X$xLKP,9G0(KP#
o(
pdwebpi [–foreground] [–version]
N}
–foregroundZ0(KP Plug-in for Web Servers ~xFD~,bkw*X$xLKP`T#
–versiona) Plug-in for Web Servers 20Df>E"#
ICT
K|n;ZTB1!20?<:
v UNIX 53:
/opt/pdwebpi/bin/
v Z Windows 53O:
C:\Program Files\Tivoli\pdwebpi\bin\
1!qK;,Z1!?<D20?<1,K5CLr;Z20?<BD bin ?<(}
g,install_dir\bin\)#
5Xk
I\5XTBKv4,k:
0 |nI&jI#
1 |n'\#
1|n'\1,aa)TmsDhv,T0.yxFq=Dms4,k(}g
0x14c012f2)#kND IBM Tivoli Access Manager Error Message Reference#KN
<T.xFr.yxFzka)K Tivoli Access Manager ms{"DPm#
Z 26 B Tivoli Access Manager 5CLr 423
pdwebpi_startZ UNIX 20Ot/"XBt/M#9 Tivoli Access Manager Plug-in for Web Servers
xL#k"b,1 Tivoli Access Manager Base z7t/r#91,Plug-in for Web
Servers 2aT/t/M#9#,19T>yP Web ~qwD4,#
":g{h*,IT9C pdwebpi_start |n@"Z Tivoli Access Manager Base z
7XF Plug-in for Web Servers#
o(
pdwebpi_start start
pdwebpi_start stop
pdwebpi_start restart
pdwebpi_start status
N}
pdwebpi_start {start|stop|restart|status},dP:
startZ UNIX 20Ot/ Plug-in for Web Servers xL#
stopZ UNIX 20O#9 Plug-in for Web Servers xL
restartZ UNIX 20O#9;sXBt/ Plug-in for Web Servers xL
statusZ UNIX 20Oa) Plug-in for Web Servers D4,E"#
"M
*t/M#9 Windows 20De~,kZ0~q1XFfePj6 Plug-in for Web
Servers xL,"9CJ1DXF4%#
ICT
K|n;ZTB1!20?<:
v UNIX 53:
/opt/pdwebpi/sbin/
v Z Windows 53O:
C:\Program Files\Tivoli\pdwebpi\sbin\
1!qK;,Z1!?<D20?<1,K5CLr;Z20?<BD sbin ?<(}
g,install_dir\sbin\)#
5Xk
I\5XTBKv4,k:
424 IBM Tivoli Access Manager for e-business: Web Security 208O
0 |nI&jI#
1 "zKms#
Z 26 B Tivoli Access Manager 5CLr 425
pdwpi-versionPv Tivoli Access Manager Plug-in for Web Servers 20Df>Mf(E"#
o(
pdwpi-version [–h] [–V] [–l | binary [binary ... ]]
N}
–h T>ozrC({"#
–l 8($Pm,CPmPvyP~xFD~Df>,x;G;Pvm~|f>#
–VT> pdwpi-version ~xFD~Df>E"#
binary [binary]T>8(~xFD~Df>E",r_g{48(NN~xFD~,rT>yPD
~Df>E"#
ICT
K|n;ZTB1!20?<:
v UNIX 53:
/opt/pdwebpi/bin/
v Z Windows 53O:
C:\Program Files\Tivoli\pdwebpi\bin\
1!qK;,Z1!?<D20?<1,K5CLr;Z20?<BD bin ?<(}
g,install_dir\bin\)#
5Xk
I\5XTBKv4,k:
0 |nI&jI#
1 "zKms#
426 IBM Tivoli Access Manager for e-business: Web Security 208O
pdwpicfg –action config
dC Tivoli Access Manager Plug-in for Web Servers#
o(
pdwpicfg –action config –admin_id admin_id –admin_pwd admin_pwd –auth_portauthorization_port_number –web_server {iis|iplanet|ihs|apache} –iis_filter {yes|no}–web_directory server_install_directory –vhosts virtual_host_id –ssl_enable {yes|no}–keyfile keyfile –key_pwd key_password –key_label key_label –ssl_port ssl_port_number
pdwpicfg –action config –interactive {yes|no}
pdwpicfg –action config –rspfile response_file
pdwpicfg –operations
pdwpicfg –help [ options]
pdwpicfg –usage
pdwpicfg –?
N}
–admin_id admin_id
8(\mC'j6((#* sec_master)#
–admin_pwd admin_pwd
8(\mC' admin_id D\k#
–auth_port authorization_port_number
8( authorization server DKZE#1!KZE5* 7237#
–help [options]Pv!n{FMrLhv#g{8(K;vr`v!n,r|+Pv?v!nMr
Lhv#
–interactive {yes|no}g{* yes,rtC|nD;%==;qr,{C|nD;%==#1!5*
yes#
–iis_filter {yes|no}g{* yes,rtCrXxE"~q Web ~qw}K;qr,{C IIS }K#
–keyfile keyfile
8( LDAP SSL \?D~#;P1!5#14T;%==KP|n1T01QZ
Plug-in for Web Servers M LDAP .dtC SSL 18(K!n#
–key_label key_label
8( LDAP SSL \?j)#;P1!5#14T;%==KP|n1T01QZ
Plug-in for Web Servers M LDAP .dtC SSL 18(K!n#
–key_pwd key_password
8( LDAP SSL \?D~\k#
Z 26 B Tivoli Access Manager 5CLr 427
–operations;xhvX$vPv?v!n{F#
–rspfile response_file
a)*Z2,20Zd9CD Plug-in for Web Servers l&D~D+^(76MD
~{#l&D~ITCZdCr!{dC#;P1!Dl&D~{#l&D~|,
ZM option=value TDZu?#PX|`E",kNDZ 435 3DZ 27 B, :9
Cl&D~;#
–ssl_enable {yes|no}g{* yes,rtCk LDAP D SSL (E;qr,{Ck LDAP D SSL (E#
1!5* yes#
–ssl_port ssl_port_number
8( LDAP SSL KZ#1!KZE5* 636#
–usageT>K|nD9Co(#9T>;v>}#
–vhosts virtual_host_id
8(*\=#$Dibwz#C5&IC;PT:EVtDibwzj6Dq=#
Zibwzj6.d;&tPUq#
–web_directory server_install_directory
8( Web ~qw20?<#
–web_server {iis|iplanet|ihs|apache}8(*ZdO20 Plug-in for Web Servers D Web ~qw`M#!n*:iis m
>rXxE"~q,iplanet m> Sun ONE Server,ihs m> IBM HTTP Server,
r_ apache m> Apache Server#K!n1!*QdCD Web ~qwD`MM;
C#
–? T>K|nD9Co(#9T>;v>}#
ICT
K|n;ZTB1!20?<:
v UNIX 53:
/opt/pdwebpi/bin/
v Z Windows 53O:
C:\Program Files\Tivoli\pdwebpi\bin\
1!qK;,Z1!?<D20?<1,K5CLr;Z20?<BD bin ?<(}
g,install_dir\bin\)#
5Xk
I\5XTBKv4,k:
0 |nI&jI#
1 |n'\#
1|n'\1,aa)TmsDhv,T0.yxFq=Dms4,k(}g
0x14c012f2)#kND IBM Tivoli Access Manager Error Message Reference#KN
<T.xFr.yxFzka)K Tivoli Access Manager ms{"DPm#
428 IBM Tivoli Access Manager for e-business: Web Security 208O
pdwpicfg –action unconfig
!{dC Tivoli Access Manager Plug-in for Web Servers#
o(
pdwpicfg –action unconfig –admin_id admin_id –admin_pwd admin_pwd –force{yes|no} –remove {none|acls|objspace|all} –vhosts virtual_host_id
pdwpicfg –action unconfig –interactive {yes|no}
pdwpicfg –action unconfig –rspfile response_file
pdwpicfg –operations
pdwpicfg –help [ options]
pdwpicfg –usage
pdwpicfg –?
N}
–admin_id admin_id
8(\mC'j6((#* sec_master)#
–admin_pwd admin_pwd
8(\mC' admin_id D\k#
–force {yes|no}49^(*5 policy server 2?FLxxP!{dC}L#1!5* no#
–help [options]Pv!n{FMrLhv#g{8(K;vr`v!n,r|+Pv?v!nMr
Lhv#
–interactive {yes|no}g{* yes,rtC|nD;%==;qr,{C|nD;%==#1!5*
yes#
–operations;xhvX$vPv?v!n{F#
–remove {none|acls|objspace|all}8(Gqw*!{dC}LD;?Vx}%TsUdM/r ACL#1!5*
none#
–rspfile response_file
a)*Z2,20Zd9CD Plug-in for Web Servers l&D~D+^(76MD
~{#l&D~ITCZdCr!{dC#;P1!Dl&D~{#l&D~|,
ZM option=value TDZu?#PX|`E",kNDZ 435 3DZ 27 B, :9
Cl&D~;#
–usageT>K|nD9Co(#9T>;v>}#
Z 26 B Tivoli Access Manager 5CLr 429
–vhosts virtual_host_id
8(*!{dCDibwzDj6#C5ITIC;PT:EVtDibwzj6
Dq=#Zibwzj6.d;&tPUq#
–? T>K|nD9Co(#9T>;v>}#
ICT
K|n;ZTB1!20?<:
v UNIX 53:
/opt/pdwebpi/bin/
v Z Windows 53O:
C:\Program Files\Tivoli\pdwebpi\bin\
1!qK;,Z1!?<D20?<1,K5CLr;Z20?<BD bin ?<(}
g,install_dir\bin\)#
5Xk
I\5XTBKv4,k:
0 |nI&jI#
1 |n'\#
1|n'\1,aa)TmsDhv,T0.yxFq=Dms4,k(}g
0x14c012f2)#kND IBM Tivoli Access Manager Error Message Reference#KN
<T.xFr.yxFzka)K Tivoli Access Manager ms{"DPm#
430 IBM Tivoli Access Manager for e-business: Web Security 208O
wesosm4(M,$ Edge Server e~D Tivoli Access Manager TsUd#
o(
wesosm –start [–infile input_file] [–logging [log_file] [–clean][–force [ branch]][–fast]
wesosm –stop [–infile input_file] [–logging [log_file] [–clean][–force [ branch]][–fast]
wesosm –run [–infile input_file] [–logging [log_file] [–clean][–force [ branch]] [–fast]
wesosm –file [–infile input_file] [–logging [log_file] [–clean][–force [ branch]] [–fast]
wesosm –skiperrors
wesosm –verbose
N}
–clean +yPu?S /ESproxy BDTsUd}%,b)u?ZdCD~
osdef.conf PR;=#9CK!n1k!D,r*1>}TsUdu?
1,NN=SD ACL ya*'#
–fast Zli Tivoli Access Manager TsUdM Web ~qwDD~53.
dDxp1,vHOTs{Fx;HO`M# Tivoli Access Manager T
s`M8>TsUdu?GD~9G?<#}g,g{ Web ~qwO
3vVPD~|D*?<,+{F#V`,,18(KN}1C5C
Lrlb;=Kiv#
–file [output_file]t/TsUd\mw|BTsUd;N,;sU95CLr#+Ts
UdE"4=8(D~,x;G|B Tivoli Access Manager TsUd#
–force [branch]1+TsUd\mww*X$xLt/1,?F5CLrZH}B;
v|BD1ddt.0,ZnuM|BTsUd#g{8(,r;|
BZTsUdP8>DV'#I9C(d{8(V'#
–infile input_file
8>dCD~ osdef.conf D;C,CdCD~CZ|BTsUd#
–logging [log_file]8>TsUd\mwGq&+TsUd|BG<=U>D~#g{4
8(U>D~,r9C1!U>D~ wesosm.log#
–run t/TsUd\mw|BTsUd;N,;sU95CLr#
–skiperrors Z|B Tivoli Access Manager TsUd1v=msDivB;U9#
g{TsUdP|,^'u?,ba\PC#
–start +TsUd\mww*X$xLt/#X$xL+T:20ZZfP
T(Z|BTsUd,gZ osdef.conf dCD~PydCDGy#b
7#KTsUd#Vk`&D Web ~qwODZ],=#
Z 26 B Tivoli Access Manager 5CLr 431
–stop #9TsUd\mwX$xL#X$xL+T:SZfP}%,"#
94PTTsUdx;=D|B#
–verbose |BTsUd1,T>XZZTsUdP4(">}M^DD7Pu
?DE"#
ICT
K|n;ZTB1!20?<:
v UNIX 53:
/opt/pdweb-lite/bin/
v Z Windows 53O:
C:\Program Files\Tivoli\pdweb-lite\bin\
1!qK;,Z1!?<D20?<1,K5CLr;Z20?<BD bin ?<(}
g,install_dir\bin\)#
5Xk
I\5XTBKv4,k:
0 |nI&jI#
1 |n'\#
1|n'\1,+T>ms{"#XZJbD|j8hv,kND IBM Tivoli Access
Manager Error Message Reference#
432 IBM Tivoli Access Manager for e-business: Web Security 208O
wslstartwteZ UNIX OV/t/ Edge Server _Y:fzm"0k plug-in for Edge Server#
o(
wslstartwte
N}
^#
"M
*Z Windows Ot/ plug-in for Edge Server,I9C IBM _Y:fzm~q#
ICT
K|n;ZTB1!20?<:
v UNIX 53:
/opt/pdweb-lite/bin/
v Z Windows 53O:
C:\Program Files\Tivoli\pdweb-lite\bin\
1!qK;,Z1!?<D20?<1,K5CLr;Z20?<BD bin ?<(}
g,install_dir\bin\)#
5Xk
I\5XTBKv4,k:
0 |nI&jI#
1 |n'\#
1|n'\1,+T>ms{"#XZJbD|j8hv,kND IBM Tivoli Access
Manager Error Message Reference#
Z 26 B Tivoli Access Manager 5CLr 433
wslstopwte#9 UNIX 53OD Edge Server _Y:fzm#
o(
wslstopwte
N}
^#
"M
*Z Windows O#9 plug-in for Edge Server,I9C IBM _Y:fzm~q#
ICT
K|n;ZTB1!20?<:
v UNIX 53:
/opt/pdweb-lite/bin/
v Z Windows 53O:
C:\Program Files\Tivoli\pdweb-lite\bin\
1!qK;,Z1!?<D20?<1,K5CLr;Z20?<BD bin ?<(}
g,install_dir\bin\)#
5Xk
I\5XTBKv4,k:
0 |nI&jI#
1 |n'\#
1|n'\1,+T>ms{"#XZJbD|j8hv,kND IBM Tivoli Access
Manager Error Message Reference#
434 IBM Tivoli Access Manager for e-business: Web Security 208O
Z 27 B 9Cl&D~
IT4(l&D~Tr/ Tivoli Access Manager i~D20MdC#l&D~G;v
D>D~,||,20MdCi~yh*Dz7M53E"#|TZ4P^K4\
(2,)20\PC#20}LSl&D~A!E",x;Ga>zn4UW#(}
9CD>`-wmSi~r(F!n,z9ITZ+4D20PXB9Cl&D~#
`-l&D~#ePD5,;sgBKPE>:
install_amrte -options filename
dP filename G#eD~D{F#}g:
install_amrte -options d:\temp\response
m 48 PvK9C20r<=(20 Tivoli Access Manager Base 53Dl&D~#e#
b)#e;ZCZ\'V=(D IBM Tivoli Access Manager Base CD OD \rspfile
?<P#
m 48. 20r<l&D~#e
20"dCTB Tivoli Access ManagerBase 53:
#e
Authorization Server install_amacld.options.template
Development(ADK) install_amadk.options.template
Java runtime environment install_amjrte.options.template
Policy server install_ammgr.options.template
Policy proxy server install_amproxy.options.template
Runtime install_amrte.options.template
Web Portal Manager install_amwpm.options.template
IBM Tivoli Directory Server,xP IBM DB2 install_ldap_server.options.template
install_db2.options.template
m 49 PvK9C20r<=(20 Tivoli Access Manager Web Security 53Dl&
D~#e#b)#e;Z IBM Tivoli Access Manager Web Security CD OD \rspfile
?<P,+ Attribute Retrieval Service #e}b,|;ZCZ\'V=(D IBM Tivoli
Access Manager Attribute Retrieval Service CD O#
m 49. 20r<l&D~#e
20"dCTB Tivoli Access ManagerWeb Security 53:
#e
Tivoli Access Manager for WebSphere install_amwas.options.template
WebSEAL Server install_amweb.options.template
WebSEAL development(ADK) install_amwebadk.options.template
Attribute retrieval service install_amwebars.options.template
Tivoli Access Manager for WebLogic install_amwls.options.template
© Copyright IBM Corp. 2001, 2003 435
l&D~9ITCZ9C>z205CLrTTB Tivoli Access Manager i~xPd
C:
m 50. 20r<l&D~#e
Tivoli Access Manager i~ #e
Access Manager WebSEAL Server(dC) amweb_config.rsp.template
Access Manager WebSEAL Server(!{dC) amweb_unconfig.rsp.template
Access Manager Web Portal Manager(dC) amwpmcfg.rsp.template
Access Manager Java Runtime Environment(d
C)
pdjrtecfg.rsp.template
Access Manager Policy Proxy Server(dC) pdproxycfg.rsp.template
l&D~#e
TBGC44(l&D~T20"dC policy server 53D#eD>}#PXjI#e
yhDdC!nDhv,kNDZ 287 3DZ 22 B, :20r<!n;#
################################################################################## InstallShield Options File Template## Wizard name: Setup# Wizard source: install_ammgr_setup.jar# Created on: Thu Oct 02 17:06:17 CDT 2003# Created by: InstallShield Options File Generator# Recorded for IBM Tivoli Access Manager 5.1## This file can be used to create an options file (i.e. response file) for the# wizard "Setup". Options files are used with "-options" on the command line to# modify wizard settings.## The settings that can be specified for the wizard are listed below. To use# this template, follow these steps:## 1. Enable a setting below by removing leading ’###’ characters from the# line (search for ’###’ to find settings you can change).## 2. Specify a value for a setting by replacing the characters ’<value>’.# Read each settings documentation for information on how to specify its# value.## 3. Save the changes to the file.## 4. To use the options file with the wizard, specify -options <file-name># as a command line argument to the wizard, where <file-name> is the name# of this options file.#################################################################################
################################################################################## User Input Field - regType## Enter the registry type. The valid options are: LDAP, Active Directory, or# Domino.#
### -W AMRTE_RegistryTypeUIPanel.regType="<value>"
9Cl&D~
436 IBM Tivoli Access Manager for e-business: Web Security 208O
################################################################################## Directory name## Specify the product’s installation directory.#
### -W GSKIT_DestinationPanel.productInstallLocation=<value>
################################################################################## Directory name## Specify the product’s installation directory.#
### -W LDAPC_DestinationPanel.productInstallLocation=<value>
################################################################################## Directory name## Specify the product’s installation directory.#
### -W AMRTE_DestinationPanel.productInstallLocation=<value>
################################################################################## User Input Field - useTcd## Enable Tivoli Common Logging (yes or no)#
### -W AM_TCDPanel.useTcd="<value>"
################################################################################## User Input Field - tcdDir## Tivoli Common Directory - full path#
### -W AM_TCDPanel.tcdDir="<value>"
################################################################################## User Input Field - hostName## Host name of the Policy Server in the secure domain.#
### -W AMRTE_ServerOptionsUIPanel.hostName="<value>"
#################################################################################
9Cl&D~
Z 27 B 9Cl&D~ 437
# User Input Field - listeningPort## Port on which the policy server listens.#
### -W AMRTE_ServerOptionsUIPanel.listeningPort="<value>"
################################################################################## User Input Field - certFile## If the policy server allows the automatic download of the cerfificate file,# leave this option blank. Otherwise you must specify the file name here.#
### -W AMRTE_ServerOptionsUIPanel.certFile="<value>"
################################################################################## User Input Field - localDomain## Enter the local domain name. Use Default if you do not need to specify one.#
### -W AMRTE_ServerOptionsUIPanel.localDomain="<value>"
################################################################################## User Input Field - localHostName## Local host name with domain extension#
### -W AMRTE_ServerOptionsUIPanel.localHostName="<value>"
################################################################################## User Input Field - ldapHost## Host name of the IBM Directory server (LDAP)#
### -W AMRTE_LDAPOptionsUIPanel.ldapHost="<value>"
################################################################################## User Input Field - ldapPort## LDAP Listening Port#
### -W AMRTE_LDAPOptionsUIPanel.ldapPort="<value>"
################################################################################## User Input Field - enableSSL## Enable SSL communication with the LDAP server - yes or no#
9Cl&D~
438 IBM Tivoli Access Manager for e-business: Web Security 208O
### -W AMRTE_LDAPOptionsUIPanel.enableSSL="<value>"
################################################################################## User Input Field - multipleDomains## Use multiple domains for Active Directory configuration: 1=Yes or 0=No#
### -W AMRTE_ADServerInfoUIPanel.multipleDomains="<value>"
################################################################################## User Input Field - hostName## Active Directory host name#
### -W AMRTE_ADServerInfoUIPanel.hostName="<value>"
################################################################################## User Input Field - domainName##
### -W AMRTE_ADServerInfoUIPanel.domainName="<value>"
################################################################################## User Input Field - encryptedConnection## Enable encrypted connections with the Active Directory server: 1=Yes, 0=No#
### -W AMRTE_ADServerInfoUIPanel.encryptedConnection="<value>"
################################################################################## User Input Field - multipleDomains## Use multiple domains for Active Directory configuration: 1=Yes or 0=No#
### -W AMRTE_ADServerInfoDifDomUIPanel.multipleDomains="<value>"
################################################################################## User Input Field - hostName## Active Directory host name#
### -W AMRTE_ADServerInfoDifDomUIPanel.hostName="<value>"
################################################################################## User Input Field - domainName#
9Cl&D~
Z 27 B 9Cl&D~ 439
# Active Directory domain name#
### -W AMRTE_ADServerInfoDifDomUIPanel.domainName="<value>"
################################################################################## User Input Field - enableSSL##
### -W AMRTE_ADServerInfoDifDomUIPanel.enableSSL="<value>"
################################################################################## User Input Field - adminId## Active Directory administrator id#
### -W AMRTE_ADAdminInfoUIPanel.adminId="<value>"
################################################################################## User Input Field - adminPwd## Active Directory administrator password#
### -W AMRTE_ADAdminInfoUIPanel.adminPwd="<value>"
################################################################################## User Input Field - sslKeyfile## Full path to the LDAP SSL client keyfile#
### -W AMRTE_SSLOptionsUIPanel.sslKeyfile="<value>"
################################################################################## User Input Field - sslKeyfilePassword## Password of the LDAP SSL client keyfile#
### -W AMRTE_SSLOptionsUIPanel.sslKeyfilePassword="<value>"
################################################################################## User Input Field - sslKeyfileLabel## LDAP SSL client keyfile label (DN) - only if required#
9Cl&D~
440 IBM Tivoli Access Manager for e-business: Web Security 208O
### -W AMRTE_SSLOptionsUIPanel.sslKeyfileLabel="<value>"
################################################################################## User Input Field - sslPort## LDAP SSL port number#
### -W AMRTE_SSLOptionsUIPanel.sslPort="<value>"
################################################################################## User Input Field - distName## Access Manager data location: distinguished name#
### -W AMRTE_ADDataInfoUIPanel.distName="<value>"
################################################################################## Directory name## Specify the product’s installation directory.#
### -W LDAPC_DestinationPanel_AD.productInstallLocation=<value>
################################################################################## User Input Field - dominoServer## Domino server name#
### -W AMRTE_DominoUIPanel.dominoServer="<value>"
################################################################################## User Input Field - notesClientPwd## Notes client password#
### -W AMRTE_DominoUIPanel.notesClientPwd="<value>"
################################################################################## User Input Field - nabDbName## NAB database name#
9Cl&D~
Z 27 B 9Cl&D~ 441
### -W AMRTE_DominoUIPanel.nabDbName="<value>"
################################################################################## User Input Field - amDbName## Access Manager database name#
### -W AMRTE_DominoUIPanel.amDbName="<value>"
################################################################################## Directory name## Specify the product’s installation directory.#
### -W AMMGR_DestinationPanel.productInstallLocation=<value>
################################################################################## User Input Field - secmasterPwd##
### -W AMMGR_ConfigOptions.secmasterPwd="<value>"
################################################################################## User Input Field - secmasterPwdConfirm## Re-enter the password for confirmation.#
### -W AMMGR_ConfigOptions.secmasterPwdConfirm="<value>"
################################################################################## User Input Field - secmasterPort##
### -W AMMGR_ConfigOptions.secmasterPort="<value>"
################################################################################## User Input Field - SSLcertlife##
### -W AMMGR_ConfigOptions.SSLcertlife="<value>"
9Cl&D~
442 IBM Tivoli Access Manager for e-business: Web Security 208O
################################################################################## User Input Field - SSLtimeout##
### -W AMMGR_ConfigOptions.SSLtimeout="<value>"
################################################################################## User Input Field - ldapadminid##
### -W AMMGR_ConfigOptions.ldapadminid="<value>"
################################################################################## User Input Field - ldapadminpwd##
### -W AMMGR_ConfigOptions.ldapadminpwd="<value>"
################################################################################## User Input Field - enableSSL## Enable SSL - 1=Yes, 0=No#
### -W AMMGR_EnableSSLUIPanel.enableSSL="<value>"
################################################################################## User Input Field - sslKeyfile## Full path to the SSL client keyfile#
### -W AMMGR_SSLOptionsUIPanel.sslKeyfile="<value>"
################################################################################## User Input Field - sslKeyfilePassword## Password for the SSL client keyfile#
### -W AMMGR_SSLOptionsUIPanel.sslKeyfilePassword="<value>"
################################################################################## User Input Field - sslKeyfileLabel#
9Cl&D~
Z 27 B 9Cl&D~ 443
# SSL client keyfile label#
### -W AMMGR_SSLOptionsUIPanel.sslKeyfileLabel="<value>"
################################################################################## User Input Field - sslPort## SSL port number#
### -W AMMGR_SSLOptionsUIPanel.sslPort="<value>"
9Cl&D~
444 IBM Tivoli Access Manager for e-business: Web Security 208O
yw
>E"G*Z@za)Dz7M~q`4D#IBM I\Zd|zRrXx;a)>D5
PV[Dz7"~qr&\XT#PXz10yZxrDz7M~qDE",krz
1XD IBM zmI/#NNT IBM z7"Lrr~qD}C"GbZw>r5>;
\9C IBM Dz7"Lrr~q#;*;V8 IBM D*6z(,NN,H&\Dz
7"Lrr~q,<ITzf IBM z7"Lrr~q#+G,@@Mi$NNG IBM
z7"Lrr~q,rIC'TP:p#
IBM +>I\Q5Pr}Zjkk>D5hvZ]PXDwn({#a)>D5"4Z
hC'9Cb)({DNNmI$#zITCif==+mI$i/Dy:
IBM Director of LicensingIBM CorporationNorth Castle DriveArmonk, NY 10504-1785 U.S.A.
PX+VZ(DBCS)E"DmI$i/,kkzyZzRrXxD IBM *6z(?E
*5,rCif==+i/Dy:
IBM World Trade Asia CorporationLicensing2-31 Roppongi 3-chome, Minato-kuTokyo 106, Japan
> u n ; J C " z r N N b y D u n k 1 X ( I ; ; B D z R r X x :
INTERNATIONAL BUSINESS MACHINES CORPORATION T04V41Dy!a)
>vfo,;=PNNN=D(^[Gw>D,9G,>D)#$,|((+;^
Z)TGV(T"JzTMJCZ3X(C>D,>#$#3)zRrXxZ3);
WP;Jmb}w>r,>D#$#rK>unI\;JCZz#
>E"PI\|,<u=f;;<7DX=r!"ms#K&DE"+(Z|D;b
)|D+`k>JODBf>P#IBM ITf1T>JOPhvDz7M/rLrxP
DxM/r|D,x;mP(*#
>E"PTG IBM Web >cDNN}C<;G*K=cp{Ea)D,;TNN==
d1TG) Web >cD#$#C Web >cPDJO;G IBM z7JOD;?V,
9CG) Web >cx4DgU+IzTPP##
IBM IT4|O*J1DNN==9CrV"zya)DNNE"x^kTzP#NN
pN#
>LrD;mI=g{*KbPXLrDE"To=gB?D:(i)JmZ@"4(
DLrMd|Lr(|(>Lr).dxPE";;,T0(ii)JmTQ-;;DE
"xP`%9C,kkBPX7*5:
IBM Corporation2Z4A/10111400 Burnet RoadAustin, TX 78758 U.S.A.
© Copyright IBM Corp. 2001, 2003 445
;*qXJ1Du~Mun,|(3)iNBD;(}?D6Q,<IqCb=fD
E"#
>JOPhvDmILr0dyPICDmIJOyP IBM @] IBM M'-i"IBM
zJLrmI$-irNN,H-iPDuna)#
f0G IBM z7DE"ISb)z7D)&L"dvf5wrd|I+*qCDJO
Pq!#IBM ;PTb)z7xPbT,2^(7OdT\D+7T"f]TrNNd
|XZG IBM z7Dyw#PXG IBM z7T\DJb&1rb)z7D)&La
v#
yPXZ IBM 44=rrbrDyw<If1|DrUX,x;mP(*,|Gvv
m>K?jMb8xQ#
>JO|,U#LqYwP9CD}]M(mD>}#*K!I\j+D5w|G,
b)>}|,vK"+>"7FMz7D{F#yPb){F<Gi9D,NNT5
JLqs5y9CD{FMX7DW,?tIO#
f(mI$:
>JO|,4oTN=Dy>&CLr,|G]>KwVYw53OD`L<u#g
{?DG*K*""9C"-zrV"byD&CLr,4{O*d`4>y>Lr
DYw=(D&CLr`LSZD&CLr,rITNNN=4F"^D"V"b)
y>Lr,x^kr IBM 6Q#b)>};PZyPu~BxP9WDbT#yT
IBM ^(#$r5>b)LrDI?T"JCTr&\#g{?DG*K*""9C"
-zrV"byD&CLr,4{O IBM D&CLr`LSZD&CLr,rITN
NN=4F"^D"V"b)y>Lr,x^kr IBM 6Q#
2b)y>LrD?]=4rdNN?VrNN\zz7,<Xk|,gBf(y
w:
©(s+>D{F)(j]). ?V>zkIzT IBM Corp. y>Lr. © Copyright
IBM Corp. _dkj]_. All rights reserved.
g{(}m=4i4KE",I\;avVU,MJ+5w#
;)fz7V"Dzk4TZ}=,|G_PIf;DmI$un#b)un*Xg
B#
OpenSSLTHIRD PARTY LICENSE TERMS AND CONDITIONS, NOTICES AND INFORMATION
The license agreement for this product refers you to this file for details concerning terms
and conditions applicable to third party software code included in this product, and for
certain notices and other information IBM must provide to you under its license to certain
software code. The relevant terms and conditions, notices and other information are provided
or referenced below. Please note that any non-English version of the licenses below is
unofficial and is provided to you for your convenience only. The English version of the
licenses below, provided as part of the English version of this file, is the official version.
446 IBM Tivoli Access Manager for e-business: Web Security 208O
Notwithstanding the terms and conditions of any other agreement you may have with IBM
or any of its related or affiliated entities (collectively ″IBM″), the third party software
code identified below are ″Excluded Components″ and are subject to the following terms
and conditions:
v The Excluded Components are provided on an ″AS IS″ basis;
v IBM DISCLAIMS ANY AND ALL EXPRESS AND IMPLIED WARRANTIES AND
CONDITIONS WITH RESPECT TO THE EXCLUDED COMPONENTS, INCLUDING,
BUT NOT LIMITED TO, THE WARRANTY OF NON-INFRINGEMENT OR
INTERFERENCE AND THE IMPLIED WARRANTIES AND CONDITIONS OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE;
– IBM will not be liable to you or indemnify you for any claims related to the Excluded
Components; and
– IBM will not be liable for any direct, indirect, incidental, special, exemplary, punitive
or consequential damages with respect to the Excluded Components.
OpenSSL: The Program is accompanied by software currently developed by The OpenSSL
Project (http://www.openssl.org/). IBM obtained the majority of the OpenSSL software under
the terms and conditions of the following licenses:
LICENSE ISSUES==============
The OpenSSL toolkit stays under a dual license, i.e. both the conditions ofthe OpenSSL License and the original SSLeay license apply to the toolkit.See below for the actual license texts. Actually both licenses are BSD-styleOpen Source licenses. In case of any license issues related to OpenSSLplease contact [email protected].
OpenSSL License---------------
/* ====================================================================* Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.** Redistribution and use in source and binary forms, with or without* modification, are permitted provided that the following conditions* are met:** 1. Redistributions of source code must retain the above copyright* notice, this list of conditions and the following disclaimer.** 2. Redistributions in binary form must reproduce the above copyright* notice, this list of conditions and the following disclaimer in* the documentation and/or other materials provided with the* distribution.** 3. All advertising materials mentioning features or use of this* software must display the following acknowledgment:* "This product includes software developed by the OpenSSL Project* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"** 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to* endorse or promote products derived from this software without* prior written permission. For written permission, please contact* [email protected].** 5. Products derived from this software may not be called "OpenSSL"* nor may "OpenSSL" appear in their names without prior written* permission of the OpenSSL Project.*
yw 447
* 6. Redistributions of any form whatsoever must retain the following* acknowledgment:* "This product includes software developed by the OpenSSL Project* for use in the OpenSSL Toolkit (http://www.openssl.org/)"** THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS’’ AND ANY* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED* OF THE POSSIBILITY OF SUCH DAMAGE.* ====================================================================** This product includes cryptographic software written by Eric Young* ([email protected]). This product includes software written by Tim* Hudson ([email protected]).**/
Original SSLeay License
/* Copyright (C) 1995-1998 Eric Young ([email protected])* All rights reserved.** This package is an SSL implementation written* by Eric Young ([email protected]).* The implementation was written so as to conform with Netscapes SSL.** This library is free for commercial and non-commercial use as long as* the following conditions are aheared to. The following conditions* apply to all code found in this distribution, be it the RC4, RSA,* lhash, DES, etc., code; not just the SSL code. The SSL documentation* included with this distribution is covered by the same copyright terms* except that the holder is Tim Hudson ([email protected]).** Copyright remains Eric Young’s, and as such any Copyright notices in* the code are not to be removed.* If this package is used in a product, Eric Young should be given attribution* as the author of the parts of the library used.* This can be in the form of a textual message at program startup or* in documentation (online or textual) provided with the package.** Redistribution and use in source and binary forms, with or without* modification, are permitted provided that the following conditions* are met:* 1. Redistributions of source code must retain the copyright* notice, this list of conditions and the following disclaimer.* 2. Redistributions in binary form must reproduce the above copyright* notice, this list of conditions and the following disclaimer in the* documentation and/or other materials provided with the distribution.* 3. All advertising materials mentioning features or use of this software* must display the following acknowledgement:* "This product includes cryptographic software written by* Eric Young ([email protected])"* The word ’cryptographic’ can be left out if the rouines from the library* being used are not cryptographic related :-).* 4. If you include any Windows specific code (or a derivative thereof) from* the apps directory (application code) you must include an acknowledgement:* "This product includes software written by Tim Hudson ([email protected])"*
448 IBM Tivoli Access Manager for e-business: Web Security 208O
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS’’ AND* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF* SUCH DAMAGE.** The licence and distribution terms for any publically available version or* derivative of this code cannot be changed. i.e. this code cannot simply be* copied and put under another distribution licence* [including the GNU Public Licence.]*/
XML Parser Toolkit LicenseCopyright © 1998, 1999, 2000 Thai Open Source Software Center Ltd
Permission is hereby granted, free of charge, to any person obtaining a copy of this software
and associated documentation files (the ″Software″), to deal in the Software without
restriction, including without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom
the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or
substantial portions of the Software.
THE SOFTWARE IS PROVIDED ″AS IS″, WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT.
IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR
ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF
CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
Pluggable Authentication Module LicenseCopyright © 1995 by Red Hat Software, Marc Ewing Copyright (c) 1996-8, Andrew G.
Morgan <[email protected]>
All rights reserved
Redistribution and use in source and binary forms, with or without modification, are
permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, and the entire
permission notice in its entirety, including the disclaimer of warranties.
yw 449
2. Redistributions in binary form must reproduce the above copyright notice, this list of
conditions and the following disclaimer in the documentation and/or other materials
provided with the distribution.
3. The name of the author may not be used to endorse or promote products derived
from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED ″AS IS″’ AND ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Apache Axis ServletCopyright ©2002 The Apache Software Foundation. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are
permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, this list of
conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of
conditions and the following disclaimer in the documentation and/or other materials
provided with the distribution.
3. The end-user documentation included with the redistribution, if any, must include the
following acknowledgment: ″This product includes software developed by the Apache
Software Foundation (http://www.apache.org/).″ Alternately, this acknowledgment may
appear in the software itself, if and wherever such third-party acknowledgments normally
appear.
4. The names ″Apache Forrest″ and ″Apache Software Foundation″ must not be used
to endorse or promote products derived from this software without prior written
permission. For written permission, please contact [email protected].
5. Products derived from this software may not be called ″Apache″, nor may ″Apache″appear in their name, without prior written permission of theApache Software Foundation.
THIS SOFTWARE IS PROVIDED ``AS IS’’ AND ANY EXPRESSED OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
450 IBM Tivoli Access Manager for e-business: Web Security 208O
AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
This software consists of voluntary contributions made by many individuals on behalf of
the Apache Software Foundation. For more information on the Apache Software Foundation,
please see http://www.apache.org/.
JArgs command line option parsing suite for JavaCopyright ©2001, Stephen Purcell All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are
permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, this list of
conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of
conditions and the following disclaimer in the documentation and/or other materials
provided with the distribution.
3. Neither the name of the copyright holder nor the names of its contributors may be
used to endorse or promote products derived from this software without specific prior
written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
CONTRIBUTORS ″AS IS″ AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
DAMAGE.
Java DOM implementationCopyright © 2000-2002 Brett McLaughlin & Jason Hunter. All rights reserved.Redistribution
and use in source and binary forms, with or without modification, are permitted provided
that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, this list of
conditions, and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of
conditions, and the disclaimer that follows these conditions in the documentation and/or
other materials provided with the distribution.
yw 451
3. The name ″JDOM″ must not be used to endorse or promote products derived from
this software without prior written permission. For written permission, please contact
4. Products derived from this software may not be called ″JDOM″, nor may ″JDOM″appear in their name, without prior written permission from the JDOM Project
Management ([email protected]).
5. In addition, we request (but do not require) that you include in the end-user
documentation provided with the redistribution and/or in the software itself an
acknowledgement equivalent to the following: ″This product includes software developed
by the JDOM Project (http://www.jdom.org/).″
6. In addition, we request (but do not require) that you include in the end-user
documentation provided with the redistribution and/or in the software itself an
acknowledgement equivalent to the following: ″This product includes software developed
by the JDOM Project (http://www.jdom.org/).″ Alternatively, the acknowledgment may
be graphical using the logos available at http://www.jdom.org/images/logos.
THIS SOFTWARE IS PROVIDED ``AS IS’’ AND ANY EXPRESSED OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE JDOM AUTHORS OR THE PROJECT
CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
OF SUCH DAMAGE.
This software consists of voluntary contributions made by many individuals on behalf of
the JDOM Project and was originally created by Brett McLaughlin ([email protected]) and
Jason Hunter ([email protected]). For more information on the JDOM Project, please see
http://www.jdom.org/.
Alfalfa SoftwareCopyright for Alfalfa Software Copyright 1990, by Alfalfa Software Incorporated, Cambridge,
Massachusetts.
All Rights Reserved
Permission to use, copy, modify, and distribute this software and its documentation for
any purpose and without fee is hereby granted, provided that the above copyright notice
appear in all copies and that both that copyright notice and this permission notice appear
in supporting documentation, and that Alfalfa’s name not be used in advertising or publicity
pertaining to distribution of the software without specific, written prior permission.
ALFALFA DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS,
452 IBM Tivoli Access Manager for e-business: Web Security 208O
IN NO EVENT SHALL ALFALFA BE LIABLE FOR ANY SPECIAL, INDIRECT OR
CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF
CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
KerberosCopyright for IBM Kerberos
Copyright (C) 1985-2001 by the Massachusetts Institute of Technology.
All rights reserved.
Export of this software from the United States of America may require a specific license
from the United States Government. It is the responsibility of any person or organization
contemplating export to obtain such a license before exporting.
WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute this
software and its documentation for any purpose and without fee is hereby granted, provided
that the above copyright notice appear in all copies and that both that copyright notice
and this permission notice appear in supporting documentation, and that the name of M.I.T.
not be used in advertising or publicity pertaining to distribution of the software without
specific, written prior permission. Furthermore if you modify this software you must label
your software as modified software and not distribute it in such a fashion that it might
be confused with the original MIT software. M.I.T. makes no representations about the
suitability of this software for any purpose. It is provided ″as is″ without express or implied
warranty.
THIS SOFTWARE IS PROVIDED ``AS IS’’ AND WITHOUT ANY EXPRESS OR
IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE.
Individual source code files are copyright MIT, Cygnus Support, OpenVision, Oracle, Sun
Soft, FundsXpress, and others.
Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira, and Zephyr
are trademarks of the Massachusetts Institute of Technology (MIT). No commercial use
of these trademarks may be made without prior written permission of MIT.
″Commercial use″ means use of a name in a product or other for-profit manner. It does
NOT prevent a commercial firm from referring to the MIT trademarks in order to convey
information (although in doing so, recognition of their trademark status should be given).
InfoZipCopyright for InfoZip
Copyright (c) 1990-2002 Info-ZIP. All rights reserved.
yw 453
For the purposes of this copyright and license, ″Info-ZIP″ is defined as the following
set of individuals: Mark Adler, John Bush, Karl Davis, Harald Denker, Jean-Michel Dubois,
Jean-loup Gailly, Hunter Goatley, Ian Gorman, Chris Herborth, Dirk Haase, Greg Hartwig,
Robert Heath, Jonathan Hudson, Paul Kienitz, David Kirschbaum, Johnny Lee, Onno van
der Linden, Igor Mandrichenko, Steve P. Miller, Sergio Monesi, Keith Owens, George
Petrov, Greg Roelofs, Kai Uwe Rommel, Steve Salisbury, Dave Smith, Christian Spieler,
Antoine Verheijen, Paul von Behren, Rich Wales, Mike White
This software is provided ″as is,″ without warranty of any kind, express or implied. In
no event shall Info-ZIP or its contributors be held liable for any direct, indirect, incidental,
special or consequential damages arising out of the use of or inability to use this software.
Permission is granted to anyone to use this software for any purpose, including commercial
applications, and to alter it and redistribute it freely, subject to the following restrictions:
1. Redistributions of source code must retain the above copyright notice, definition,
disclaimer, and this list of conditions.
2. Redistributions in binary form (compiled executables) must reproduce the above copyright
notice, definition, disclaimer, and this list of conditions in documentation and/or other
materials provided with the distribution. The sole exception to this condition is
redistribution of a standard UnZipSFX binary as part of a self-extracting archive; that
is permitted without inclusion of this license, as long as the normal UnZipSFX banner
has not been removed from the binary or disabled.
3. Altered versions--including, but not limited to, ports to new operating systems, existing
ports with new graphical interfaces, and dynamic, shared, or static library versions--must
be plainly marked as such and must not be misrepresented as being the original source.
Such altered versions also must not be misrepresented as being Info-ZIP
releases--including, but not limited to, labeling of the altered versions with the names
″Info-ZIP″ (or any variation thereof, including, but not limited to, different capitalizations),
″Pocket UnZip,″ ″WiZ,″ or ″MacZip″ without the explicit permission of Info-ZIP. Such
altered versions are further prohibited from misrepresentative use of the Zip-Bugs or
Info-ZIP e-mail addresses or of the Info-ZIP URL(s).
4. Info-ZIP retains the right to use the names ″Info-ZIP,″ ″Zip,″ ″UnZip,″ ″UnZipSFX,″″WiZ,″ ″Pocket UnZip,″ ″Pocket Zip,″ and ″MacZip″ for its own source and binary
releases.
gSOAPPart of the software embedded in this product is gSOAP software.
Portions created by gSOAP are Copyright (C) 2001-2003 Robert A. van Engelen, Genivia
inc. All Rights Reserved.
THE SOFTWARE IN THIS PRODUCT WAS IN PART PROVIDED BY GSOAP
SOFTWARE AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT
NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
454 IBM Tivoli Access Manager for e-business: Web Security 208O
TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
OF SUCH DAMAGE.
gSOAP source code is available under the terms of the gSOAP Public License and is
available at http://gsoap2.sourceforge.net.
A copy of the license is available at http://www.cs.fsu.edu/~engelen/soaplicense.html
Any terms in the IBM Tivoli Access Manager for e-business license that differ from the
gSOAP license are offered by IBM and not offered by the Initial Developer or any
Contributor originator of the gSOAP source code.
Apache SoftwareApache software License Terms
Certain components include Apache Xalan, Xerces, FOP, and Log4J Library, which are
licensed under the following terms:
The Apache Software License, Version 1.1 Copyright (c) 1999 The Apache Software
Foundation. All rights reserved.Redistribution and use in source and binary forms, with
or without modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, this list of
conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of
conditions and the following disclaimer in the documentation and/or other materials
provided with the distribution.
3. The end-user documentation included with the redistribution, if any, must include the
following acknowledgment: ″This product includes software developed by the Apache
Software Foundation (http://www.apache.org/).″ Alternately, this acknowledgment may
appear in the software itself, if and wherever such third-party acknowledgments normally
appear.
4. The names ″Xerces″ and ″Apache Software Foundation″ must not be used to endorse
or promote products derived from this software without prior written permission. For
written permission, please contact [email protected].
5. Products derived from this software may not be called ″Apache″, nor may ″Apache″appear in their name, without prior written permission of the Apache Software
Foundation.
THIS SOFTWARE IS PROVIDED ″AS IS″ AND ANY EXPRESSED OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
yw 455
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
Lj
BPuoG International Business Machines Corporation Z@zM/rd|zRrXx
DLjr"aLj:
AIX
DB2
IBM
IBM Uj
J2EE
Lotus
Notes
MVS
OS/390
SecureWay
Tivoli
Tivoli Uj
Universal Database
WebSphere
zSeries
z/OS
Java MyPyZ Java DLjMUjG Sun Microsystems, Inc. Z@zMd|zRrX
xDLjr"aLj#
Microsoft"Windows"Windows NT M Windows UjG Microsoft Corporation Z@z
M/rd|zRrXxDLj#Java MyPyZ Java DLjMUjG Sun Microsystems,
Inc. Z@zMd|zRrXxDLjr"aLj#
UNIX G The Open Group Z@zMd|zRrXxD"aLj#
d{+>"z7r~q{FI\Gd{+>DLjr~qjG#
456 IBM Tivoli Access Manager for e-business: Web Security 208O
Jcm
2A3
2+\m(security management): \mfL,EXZ
i/TBXdI\D&CLrM}]xPCJXFD\
&#
2+WSVc(secure sockets layer,SSL): a)(
E~=D2+-i#SSL 9M'z/~qw&CLrIT
4UhFCZ@9T}"[DM1l{"D==xP(
E#SSL I Netscape Communications Corp. M RSA Data
Security, Inc. *"#
2B3
s((bind): +3vj6kLrPDm;vTs`Xp
4;}g,+3vj6k3v5"X7rm;vj6`X
p4,r_+N=N}k5JN}X*p4#
#$6p(quality of protection): }]2+T6p,
|IO$"j{TM~=u~DiO47(#
2C3
Yw(action): CJXFm(ACL)mI(tT#m{
CJXFm(access control list,ACL)#
_T(policy): &CZ\\J4D;ifr#
, D > + d - i ( h y p e r t e x t t r a n s f e rprotocol,HTTP): ZrXx-i/P,CZ+dMT>
,D>D5D-i#
2D3
%;"a(single signon,SSO): C'G<;NM\
CJ`v&CLrx^hVpG<=?v&CLrD\
&#m{+V"a(global signon)#
]}=O$(step-up authentication): ;V\#$T
s_T(POP),|@5Z$dCDO$6pcNa9"
y]TJ4hCD_Tx5)X(O$6p#]}=O$
POP ;?FC'9C`vO$6pxPO$TCJNNx
(DJ4,+*sC'TAYk#$3J4D_Tyh6
p,y_D6pxPO$#
`74CzmLr(multiplexing proxy agent,MPA):
'V`M'zCJDxX#b)xXP1F*^_CJ-
i(WAP)xX,K1M'z9C WAP CJ2+r#x
X("(r4~qwD%vO$(@,"(}K(@+M
yPM'zksMl&#
`rSO$(multi-factor authentication): ;V\#
$Ts_T(POP),|?FC'9C=vr`vO$6
p4O$#}g,T\#$J4DCJXFIT*sC'
,1O$C'{/\kMC'{/nF(Pzk#m{\
#$Ts_T(protected object policy)#
2F3
CJXFm(access control list,ACL): ZFcz2
+TP,k3;TsX*DPm,CPmj6ITCJC
TsDyPwe0dCJ(#}g,CJXFmGk3;
D~X*DPm,CPmj6ITCJCD~DC'"j
6C'TCD~DCJ(#
CJXF(access control): ZFcz2+TP,7#
Fcz53DJ4;\IZ(C'4Z(==CJD}
L#
CJmI((access permission): &CZ{vTsD
CJX(#
~q(service): ~qwy4PD$w#~qITGT"
Mrf"}]Dr%ks(gkTD~~qw"HTTP ~q
w"gSJ~~qwr finger ~qw),|2ITG|4
SD$w(gr!~qwrxL~qwD$w)#
1>(replica): |,m;v~qwD;vr`v?<D
1>D~qw#1>8]~qwG*Ka_T\ruLl
&1d"7#}]j{T#
2G3
+2xXSZ(common gateway interface,CGI): ;
VrXxj<,CZ(e(} HTTP ks+E"S Web
~qw+]A&CLr(4.`;)DE>#CGI E>G
;VCE>oT`4D CGI Lr,g Perl#
+C\?(public key): ZFcz2+TP,T?vK
<ICD\?#k(C\?(private key)`T#
\m~qw(management server): Q}1#kND
policy server#
© Copyright IBM Corp. 2001, 2003 457
\m~q(administration service): ;VZ( API K
P1e~,ITCZZ Tivoli Access Manager J4\mw
&CLrO4P\mks#\m~q+l&4T pdadmin|nD6LksT4PNq,gPv\#$TswPX(
ZcBDTs#M'IT9CZ( ADK 4*"b)~q#
\mr(management domain): 1!r,Tivoli Access
Manager ZdP?F5)O$"Z(MCJXFD2+_
T#1dC p o l i c y s e r v e r 1a4(Cr#m{r
(domain)#
fr(rule): ;ur`u_-od,b)od9B~~
qw\;6pB~(B~`X).dDX5,T0`&X
4PT/l&#
2H3
s:(suffix): j6>X#fD?<cNa9Pn_u?
D(P{F#IZZa?6?<CJ-i(LDAP)P9
CD`T|{#=,Ks:+&CZC?<cNa9PD
yPd|u?#?<~qwITP`vs:,dP?vs
:<j6;v>X#fD?<cNa9#
2J3
y>O$(basic authentication): ;VO$=(,h
*C'Z;ZhT2+Z_J4DCJ(.0dkP'C
'{M\k#
yZxgDO$(network-based authentication): ;
V\#$Ts_T(POP),|y]C'DxJ-i
(IP)X74XFTTsDCJ#m{\#$Ts_T
(protected object policy)#
S\(encryption): ZFcz2+TP,TBP==+
}]*;*QA.DN=D}L:9C^(q!-<}
],r_;\(}9Cb\}LE\q!#
G+$n(role activation): +CJmI(&CZG+
D}L#
G+8((role assignment): *C'8(G+D}L,
Sx9CC'T*CG+(eDTs_P`&CJmI
(#
ac(junction): 0K WebSEAL Server MsK Web
&CLr~qw.dD HTTP r HTTPS ,S#WebSEAL
9Cac4zmsK~qwa)#$~q#
xLd(E(interprocess communication,IPC): (1)
Lrd`%+o}]"9dn/,=yCD}L#Ej"
EEMZ?{"SPGxLd(ED#{=(# (2) ;VY
w53zF,Jm`vxLZ,;FczZr(}xg%
`(E#
2,20(silent installation): ;rXF("M{"x
G+{"Mmsf"ZU>D~PD20#xR,2,2
0 I T 9 C l & D ~ x P } ] d k # m { l & D ~
(response file)#
2K3
IluT(scalability): xg53T;OvSDCJJ
4DC'}wvl&D\&#
IEy(trusted root): 2+WSVc(SSL)PD+C
\?M`X*DO$PD(CA)(P{F#
grO$~q(cross domain authent ica t ionservice,CDAS): ;V WebSEAL ~q,a);VJm
zCr WebSEAL 5X Tivoli Access Manager m]D(
F}L4f;1! WebSEAL O$zFD2mbzF#m
{ WebSEAL#
g r 3 d r \ ( c r o s s d o m a i n m a p p i n gframework,CDMF): ;V`LSZ,Jm*"_Z9
C WebSEAL e-Community SSO &\1(FC'm]D3
dMC'tTD&m#
2L3
,S(connection): (1) Z}](EP,Z&\?~.
d("DCZ+]E"D;VX*# (2) Z TCP/IP P,
Z=v-i&CLr.da)I?}]w+]~qD7
6#ZrXxP,,SS;v53OD TCP &CLrSl
=m;v53OD TCP &CLr# (3) Z53(EP,I
CZZ=v53rZ53Mh8.d+]}]D_7#
nF(token): (1) VrxPD(^{E,|;,xXS
;v}]>+]Am;v}]>T8>C>]1XF+d
iJ#?v}]><Pzaq!M9CnFTXFiJ#
nFGmw+dmI(DX({"r;#=# (2) ZVrx
(LAN)P,X+diJS;vh8+]Am;vh8D
;rP#1nFO7SK}]1,MdIK!#
7ID~(routing file): ;V ASCII D~,CD~|
,CZXF{"dCD|n#
V/(polling): TL(1ddt/J}]bT7(Gq
h*+M}]D;v}L#
2M3
E'x>(portal): ;v/ID Web >c,|y]X(
C'DCJmI(,/,zITX(C'ICD;i(F
Web J4(g4S"Z]r~q)#
458 IBM Tivoli Access Manager for e-business: Web Security 208O
\k(cipher): ;VS\}],Z4C\?+d*;*
wk}](b\).0;IA#
\?T(key pair): ZFcz2+TP,8+C\?M
(C\?#1\?TCZS\1,"M=+9C+C\?
T{"xPS\,xSU=+9C(C\?TC{"xP
b\#1\?TCZ)p1,)p_+9C(C\?T{
"m>N=xPS\,xSU=+9C+C\?T{"m
>N=xPb\Ti$){#
\?7(key ring): ZFcz2+TP,|,+C\
?"(C\?"IEyM$iDD~#
\?}]bD~(key database file): kND\?7
(key ring)#
\?D~(key file): kND\?7(key ring)#
\?(key): ZFcz2+TP,k\kc(;p9CT
S\rb\}]D{ErP#kND(C\?(private
key)M+C\?(public key)#
#=(schema): C}](eoTmoD"CZj{hv
}]ba9Dod/O#ZX5}]bP,#=(em"
wmPDVNT0VNMm.dDX5#
?<#=(directory schema): ITT>Z?<PDP
'tT`MMTs`#tT`MMTs`(etT5Do
("D)tTXkfZT0D)tTITTC?<fZ#
2P3
dC(configuration): (1) i/M%,E"&m53D
2~Mm~yCD==# (2) iI53"S53rxgDz
w"h8MLr#
>$^)~q(credentials modification service): ;
VZ( API KP1e~,ITC4^D Tivoli Access
Manager >$#IM'Zb?*"D>$^)~q;^F*
;\4PS>$tTPmPxPmSM}%DYw,"R
;\TG)O*I^DDtT4P#
>$(credential): ZO$Zdq!Dj8E",|hv
C'"yPiX*Md|k2+T`XDm]tT#>$
IC44Pm`~q,gZ("sFM/I#
2Q3
(F(migration): 20LrDBf>r"Pf4f;O
gDf>r"Pf#
a ? 6 Z } = O $ ( l i g h t w e i g h t t h i r d p a r t yauthentication,LTPA): ;VO$r\,JmgtZ;
vrXxrD;i Web ~qwxP%;"a#
a?6?<CJ-i(lightweight directory accessprotocol,LDAP): ;V*E=-i,(a)9C TCP/IP
a)T'V X.500 #MD?<DCJ,(b);ax4|*
4SD X.500 ?<CJ-i(DAP)DJ4hs#9C
LDAP D&CLr(F*tC?<D&CLr)IT9C?
<w*+2}]f""C4lwXZK1r~qDE",
}ggSJ~X7"+C\?rX(Z~qDdCN}#
LDAP ->Z RFC 1777 P8(#LDAP V3 rZ RFC
2251 P8(,IETF Lx*"=SDj<&\#Z RFC
2256 PIR=;) IETF (eD LDAP j<#=#
+V"a(global signon,GSO): ;VinD%;"
abv=8,9C'\;rsK Web &CLr~qwa)
8CDC'{M\k#+V"aZhC'(}%vG<C
J{GP(9CDFcJ4DCJ(# GSO *Zl9DV
<=Fc73Z|,`v53M&CLrDsMs5xh
F,9C';h*\m`vC'{M\k#m{%;"a
(single signon,SSO)#
2R3
O$PD(certificate authority,CA): )"$iDi
/#O$PDT$iyP_Dm]MyP_q(9CD~
qxPO$,)"B$i,x)VP$i,T07ztZ
;YP(9C$iDC'D$i#
O$(authentication): (1) ZFcz2+TP,TC'
m]rC'CJ3TsDJqDi$# (2) ZFcz2+T
P,T{"4|Dr4Y5Di$# (3) ZFcz2+T
P,CZi$E"53r\#$J4DC'D}L#m{
`rSO$(multi-factor authentication)"yZxgDO$
(network-based authentication)M]}=O$(step-up
authentication)#
]wTs(container object): ;V+TsUdi/*
;,&\xrDa9T8(#
2S3
X$xL(daemon): ;VT^K4\==KPDL
r,CZ4PVxTr\ZTD536'&\,gxgX
F#P)X$xLaT/%"44PdNq;d|X$x
Lr(ZKP#
\#$Ts_T(protected object policy,POP): ;
`2+_T,T ACL _TmIDYw)S=Su~TcC
J\#$Ts#)S POP u~rGJ4\mwDpN#m
{CJXFm(access control list)"\#$Ts(protected
object)M\#$TsUd(protected object space)#
\#$TsUd(protected object space): CZ&C
ACL M POP T0CZZ(C'CJD5J53J4Di
Jcm 459
bTsm>#m{\#$Ts(protected object)M\#$
Ts_T(protected object policy)#
\#$Ts(protected object): CZ&C ACL"POP
T0CZZ(C'CJD5J53J4D_-m>#m{
\#$Ts_T(protected object policy)M\#$TsU
d(protected object space)#
Z(~qe~(authorization service plug-in): ;V
I/,0kDb(DLL r2mb),II Tivoli Access
Manager Z( API KP1M'zZu</10k,Tc4
PCZ)9Z( API P~qSZDYw#10ICD~q
SZ|(0\m1"0b?Z(1"0>$^D1"0Z
(1M0PAC Yw1SZ#M'IT9CZ( ADK 4*
"b)~q#
Z(~q(entitlement service): ;VZ( API KP
1e~,ITC4S3wer3iu~Db?45XZ
(#Z((#GX(Z&CLrD}],+;J4\mw
&CLrT3V==9C,r_;mS=weD>$T)
ZZ(}LPx;=9C#M'IT9CZ( ADK 4*"
b)~q#
Z(fr(authorization rule): kNDfr(rule)#
Z((authorization): (1) ZFcz2+TP,ZhC
'kFcz53(Er9CFcz53D(^# (2) ZhC
'T3vTs"J4r&\Dj{Dr\^DCJ(D}
L#
Z((entitlement): ;V|,b?/2+_TE"D}
]a9#Z(|,TX(&CLrImbD==xPq=
/D_T}]r\&#
tTPm(attribute list): 4SDPm,|,CZwv
Z(v_D)9E"#tTPmI;i{F = 5TiI#
}V){(digital signature): ZgSLqP,7S=
}]%*rw*}]%*\k*;N=D}],9}]%
*SU=ITi$%*D4Mj{T"6pI\D1l}
]#
2T3
X(tT$i~q(privilege attribute certificateservice): ;VZ( API KP1M'ze~,|+$(
q=D PAC *;* Tivoli Access Manager >$,4.`
;#b)~q2IC4+ Tivoli Access Manager >$r|
rxP{mTc+dA2+rDd|I1#M'IT9C
Z( ADK 4*"b)~q#m{X(tT$i(privilege
attribute certificate)#
X(tT$i(privilege attribute certificate): |,
weDO$MZ(tTT0we\&D}VD5#
3;J4j6(uniform resource identifier,URI): C
Zj6rXxOZ]DV{.,|(J4{F(?<MD
~{F)"J4;C(?<MD~{yZDFcz)T0
J4DCJ==(-i,g HTTP)#URI D;v>}MG
3;J4(;wr URL#
3;J4(;w(uniform resource locator,URL):
zmFczOrxg(}grXx)PE"J4DV{r
P#CV{rP|((a)C4CJE"J4D-iDr
4{FM(b)-iC4(;E"J4DE"#}g,Z
rXxOBDP,TBb)GCZCJwVE"J4D3
)-iDr4{F:http"ftp"gopher"telnet M news;x
TBrG IBM w3D URL:http://www.ibm.com#
2W3
b?Z(~q(external authorization service): ;V
Z( API KP1e~,ITC49X(Z&CLrr73
DZ(v_I* Tivoli Access Manager Z(v_4PD;
?V#M'IT9CZ( ADK 4*"b)~q#
xJ-i(Internet protocol,IP): rXx-i/PD
^,S-i,|(}xgr%,xg47I}]"d1|
_-icMomxg.dDPi#
D~+d-i(file transfer protocol,FTP): rXx
-i/PD&Cc-i,|9C+dXF-i(TCP)M
Telnet ~qZzwrwz.d+dIz}]DD~#
2X3
l&D~(response file): |,TLryaJbD;i
$(eXpDD~,9CKD~M^hT;Ndk;vD
==4dkG)5#
ibw\(virtual hosting): Web ~qwD;V\&,
9d\;TrXxmV*`vwz#
mI((permission): CJ\#$Ts(gD~r?
<)D\&#TsmI(D}?M,eGICJXFm
(ACL)(eD#m{CJXFm(access contro l
list,ACL)#
2Y3
5qZ((business entitlement): C'>$D9dt
T,|hvIZJ4ksDZ(P9CD+8u~#
rXx-i/(Internet suite of protocols): *Zr
X x O 9 C x * " D " R ( } r X x $ L N q i /
(IETF)"<Iks@[(RFC)D;i-i#
460 IBM Tivoli Access Manager for e-business: Web Security 208O
C ' " a m ( u s e r r e g i s t r y ) : k N D " a m
(registry)#
C'(user): 9Cd|=ya)~qDNNK1"i
/"}L"h8"Lr"-ir53#
r{(domain name): ZrXx-i/Pwz53D{
F#r{IT(g{VtD;5PS{FiI#}g,g
{ w z 5 3 D + ^ ( r { ( F Q D N ) *
as400.rchland.vnet.ibm.com,rTB?;v<G;vr{:
as400.rchland.vnet.ibm.com"vnet.ibm.com"ibm.com#
r(domain): (1) 2m+2~qR(#p+2wCDC
'"53MJ4D;V_-Vi# (2) }]&mJ4\+2
XFDG?VFczxg#m{r{(domain name)#
*}](metadata): hvQf"}]DXwD}]#
KP1(run time): FczLr4Py-zD1dN#
KP173G4P73#
2Z3
$i(certificate): ZFcz2+TP,CZ++C\?
k$iyP_Dm]s(Z;pSx9$iyP_ITC
=O$D;V}VD5#$iIO$PD)"#
wz(host): ,S=xg(grXxr SNA xg)"
a)TCxgDCJcDFcz#mb,y]73;,,
wzI\aa)TxgD/PXF#wzITGM'z"
~qwr,1GM'zM~qw#
"am(registry): |,C'"53Mm~DCJ0dC
E"D}]f"#
(C\?(private key): ZFcz2+TP,;Pdy
P_E*@D\?#k+C\?(public key)`T#
(P{F(distinguished name,DN): (;j6?<
P3vu?D{F#(P{FItT:5TiI,ddC:
EVt#
J4Ts(resource object): 5JxgJ4(g~q"
D~MLr)Dm>N=#
T"a(self-registration): Z^h\m1NkDiv
B,C'ITdkXh}]"I*"aD Tivoli Access
Manager C'D;v}L#
A
ACL: kNDCJXFm(access control list,ACL)#
B
BA: kNDy>O$(basic authentication)#
blade: ;Vi~,a)X(Z&CLrD~qMi~#
C
CA: kNDO$PD(certificate authority,CA)#
CDAS: kNDgrO$~q(cross domain authentication
service,CDAS)#
CDMF: kNDgr3dr\(cross domain mapping
framework,CDMF)#
C G I : k N D + 2 x X S Z ( c o m m o n g a t e w a y
interface,CGI)#
cookie: ~qwf"ZM'zO"Zs4Da0ZdCJ
DE"#Cookie Jm~qwG!XZM'zDX(E"#
D
DN: kND(P{F(distinguished name,DN)#
E
EAS: kNDb?Z(~q(External Authorization
Service)#
G
GSO: kND+V"a(global signon,GSO)#
H
HTTP: kND,D>+d-i(hypertext transfer
protocol,HTTP)#
I
IP: kNDxJ-i(Internet protocol,IP)#
I P C : k N D x L d ( E ( i n t e r p r o c e s s
communication,IPC)#
L
LDAP: kNDa?6?<CJ-i(lightweight directory
access protocol,LDAP)#
Jcm 461
LTPA: kNDa?6Z}=O$(lightweight third party
authentication,LTPA)#
P
PAC: kNDX(tT$i(pr i v i l ege a t t r i bu t e
certificate)#
policy server: ,$XZ2+rPd|~qwD;CE"
D Tivoli Access Manager ~qw#
POP: kND\#$Ts_T(protected object policy)#
R
RSA S\(RSA encryption): CZS\MO$D+C
\?\ku53#Ron Rivest"Adi Shamir M Leonard
Adleman Z 1977 j"wC53#C53D2+T!vZT
=vsX}DK}xPr=VbDQH#
S
S S L : k N D 2 + W S V c ( S e c u r e S o c k e t s
Layer,SSL)#
SSO: kND%;"a(single signon,SSO)#
U
URI: kND3;J4j6(uniform resource identifier)#
URL: kND3;J4(;w(uni form resource
locator,URL)#
W
Web Portal Manager(WPM): ;VyZ Web D<N
&CLr,CZ\m Tivoli Access Manager Base M2+
rPD WebSEAL 2+_T#w* pdadmin |nPSZ
Dfz=(,K GUI 96L\m1ITxPCJ,"9\
m1IT4(/IC'r"rb)rVd/I\m1#
WebSEAL: Tivoli Access Manager blade#WebSEAL G
_T\"`_LD Web ~qw,|+2+_T&CZ\#
$TsUd#WebSEAL \;a)%;"abv=8,"+
sK Web &CLr~qwJ4iO=2+_TP#
WPM: kNDWeb Portal Manager#
462 IBM Tivoli Access Manager for e-business: Web Security 208O
w}
[A]2+WSVc(SSL)
bT 343, 350, 354
tC 335
Z LDAP ~qwOtCCJ 338
2+r,Ev 5
20 182
>z5CLr 23
=( 22
Ev 3
f. 1
}L 24
X(Z=(D JRE
Z AIX O 241
Z Solaris O 243
Z Windows O 243
oT'V 43, 45
Z AIX O 182
i~ 6
i~hv 6, 9
GSKit
Z AIX O 233
Z Solaris O 235
Z Windows O 235
IBM Tivoli Directory Client
Z AIX O 238
Z Solaris O 239
Z Windows O 240
IBM Tivoli Directory Server
Z Solaris O 61, 64
Z Windows O 66
Java runtime environment
Z Solaris O 120
Z Windows O 121
Tivoli Access Manager m~|
Z Solaris O 102, 109, 127, 132
WebSphere Application Server
Z AIX O 245
20r<
Ev 22
Pm 22
install_ampfs 22
[B]8]}] 403
>z20
Ev 23
X8z7 11
XhDX(Z=(D9! 33
Xhi~ 13
d?
oT73d? 48
LANG
UNIX 48
Windows 49
NLSPATH
9C 50
de,oT73 49
9!,X(Z=(D 33
?p
f. 4
[C]Yw53,\'VD 33
i!}] 403
i!T)p$i 337, 352
}%
kND06X1 264
}%m~|
Z AIX O 263
4(T)p$i 337, 352
ELUdMZfhs 30, 31, 32
[D]zk/
D~?< 51
oT'V 51
%cG<dC#M 165
TC'xPZ( 162
[F]=(,20 22
~qwMM'zO$ 335, 351
~qwdC#M 161
~qwO$ 335
~qw$i 347
4-}] 403
[G]Ev
2+r 5
20 3
20r< 22
ADK 6
AM for WebLogic Server 9
© Copyright IBM Corp. 2001, 2003 463
Ev (x)
AM for WebSphere 9
attribute retrieval service 9
authorization server 6
GSKit 11
IBM JRE 11
IBM Tivoli Directory Client 11
IBM Tivoli Directory Server 11
Java runtime environment 6
plug-in for web server 10
policy proxy server 7
policy server 7
provisioning fast start 8
runtime 7
Web Admin Tool 11
Web Portal Manager 8
web security runtime 10
WebSEAL 10
WebSEAL ADK 10
WebSphere Application Server 12
vK$i 336, 337, 352
\m~qw
6X 264
f.20 1
f.?p 4
}L,20 24
zJ/ 40
zk/ 51
{"`? 50
oT73d? 48
oT73de 49
oT'V 45, 47
'VoT 42
[H]s: 74
[J]/I,Tivoli Identity Manager 8
f]T,rB 39
ac
dC 195
[M]\?}]bD~ 336, 349, 351
hv,i~ 6, 9
[N]ZfMELUdhs 30, 31, 32
[P]dC
E(D 166
Kb 160
IBM Tivoli Directory Server 71
dC!n
authorization server 327, 333
policy server 331
WebSEAL server 334
=(,\'VD 13
[Q])p_$i
$i
)p_ 350, 353
(F5CLr
uN9C 212, 214
U>G< 212, 214
xrhC,TZ Windows 48
!{dCi~
Z AIX O 261
[R]O$
~qw 335
~qwMM'z 335, 351
vK 337
PD 337
[S]5CLr
AMWLSConfigure -action config 386
AMWLSConfigure -action create_realm 389
AMWLSConfigure -action delete realm 391
AMWLSConfigure -action unconfig 388
amwpmcfg 392
ivrgy_tool 395
migrateEAR4 397
migrateEAR5 400
pdbackup 403
pdconfig 411
pdinfo((i;*9C) 403
pdinfo((i;*9C),kND pdbackup 403
pdjrtecfg 412
pdwascfg 417
pdweb 381, 421
pdwebpi 423
pdwebpi_start 424
pdweb_start 421
pdwpicfg -action config 427
pdwpicfg -action unconfig 429
464 IBM Tivoli Access Manager for e-business: Web Security 208O
5CLr (x)
pdwpi-version 426
pd_start 416
wesosm 431
wslstartwte 433
wslstopwte 434
Z( ADK
6X 264
\'VD=( 13
\'VD=(,Xh9! 33
\'VD"am 25
[W]D>`k
kNDzk/ 51
D~
\?}]b 349, 351
\?}]bD~(.kdb) 336
\?}]b(.kdb) 336
gsk7ikm.exe 336, 349, 351, 352
[X]53hs 25
9! 33
ELUdMZf 30, 31, 32
=( 33
\'VD"am 25
rBf]T 39
Active Directory 28
IBM Security Server for OS/390 27
IBM Tivoli Directory Server 25
IBM z/OS Security Server LDAP Server 28
iPlanet Directory 28
Lotus Domino 28
Novell eDirectory 29
Sun ONE Directory 28
Web admin tool 26
53,`M 13
`Xvfo xv
r<,20
kND20r< 22
rBf]T 39
{"`?
zJ/ 50
oT?< 50
6X
oT'V 47
6Xi~
Z Solaris O 265
Z Windows O 266
Tivoli Access Manager 264
hs,53 33
kND53hs 25
[Y]2~SY('V 40
oT73de 49
oT73{F
UNIX 48
Windows 49
oThC,^D 48
oT'V
zk/ 51
Ev 42
{"`? 50
oT73d? 48
oT73de,5V 49
oT73{F
UNIX 48
Windows 49
oT'V,20 43, 45
oT'V,6X 47
r,2+ 5
[Z]$i
~qw 347
vK 336, 352
PD 352
T)p 337, 352
'V,2~SY( 40
PD,O$ 337, 352
"am,\'VD 25
T)p$i 337, 352
i~
20 6
X8m~ 11
XhD 13
base 6
web security 9
AActive Directory,hs 28
ADK
6X
Z Solaris O 265
Z Windows O 266
AIX
20
X(Z=(D JRE 241
GSKit 233
IBM Tivoli Directory Client 238
WebSphere Application Server 245
20Z 182
}%m~| 263
!{dCi~ 261
w} 465
AM for WebLogic Server
Ev 9
AM for WebSphere
Ev 9
AMWLSConfigure -action config 386
AMWLSConfigure -action create_realm 389
AMWLSConfigure -action delete realm 391
AMWLSConfigure -action unconfig 388
amwpmcfg 5CLr 392
ANG d?
C> 48
attribute retrieval service
Xhi~ 18
Ev 9
\'VD=( 18
authorization server
20
Z Solaris O 102, 109, 127, 132
Xhi~ 14
Ev 6
dC!n 327, 333
\'VD=( 14
6X 264
Z Solaris O 265
Z Windows O 266
Bbase,i~ 6
CCLASSPATH
* startWebLogic hC 190
DDevelopment(ADK)53
Xhi~ 14
\'VD=( 14
GGlobal Security Kit
kND GSKit 11
6X 264
gsk7ikm D~ 336, 349, 351, 352
GSKit
20
Z AIX O 233
Z Solaris O 235
Z Windows O 235
Ev 11
6X
Z Solaris O 265
GSKit (x)
6X (x)
Z Windows O 266
HHP-UX
20
GSKit 233
IBM Tivoli Directory Client 238
Tivoli Access Manager m~| 99, 107, 112, 125, 130
IIBM JRE
Ev 11
IBM Security Server for OS/390,hs 27
IBM Tivoli Directory
M'z
6X 264
server
dC 71
IBM Tivoli Directory Client
20
Z AIX O 238
Z Solaris O 239
Z Windows O 240
Ev 11
6X
Z Solaris O 265
Z Windows O 266
IBM Tivoli Directory Server
20
Z Solaris O 61, 64
Z Windows O 66
Xhi~ 15
Ev 11
\'VD=( 15
IBM Tivoli Directory Server,hs 25
IBM z/OS Security Server LDAP Server,hs 28
iKeyman \?\m5CLr
4(\?}]bD~ 349
tC SSL 335, 336
installp 182
install_ampfs 22
iPlanet Directory Server
z7D5 92
iPlanet Directory,hs 28
ivrgy_tool 5CLr 395
JJava Runtime Environment
20
Z AIX O 241
466 IBM Tivoli Access Manager for e-business: Web Security 208O
Java runtime environment
20
Z Solaris O 120
Z Windows O 121
Xhi~ 15
Ev 6
\'VD=( 15
6X
Z Solaris O 265
Z Windows O 266
Java Runtime Environment(JRE)
kND IBM JRE 11
LLANG d?
UNIX 48
Windows 49
LDAP ~qw
tC SSL 338
Lotus Domino,hs 28
MmigrateEAR4 5CLr 397
migrateEAR5 5CLr 400
NNLSPATH d?
9C 50
Novell eDirectory,hs 29
Ppdbackup 5CLr 403
pdconfig 5CLr 411
pdinfo |n((i;*9C) 403
pdinfo 5CLr((i;*9C)
kND pdbackup |n 403
pdjrtecfg
dC Java Runtime i~ 412
pdwascfg 5CLr 417
pdwas_migrate.log 212, 214
pdweb 5CLr 381, 421
pdwebpi 423
pdwebpi_start 424
pdweb_start 5CLr 421
pdwpicfg -action config 427
pdwpicfg -action unconfig 429
pdwpi-version 426
pd_start 5CLr 416
plug-in for Apache Web Server
Xhi~ 20
\'VD=( 20
plug-in for Edge Server
Xhi~ 20
\'VD=( 20
plug-in for IBM HTTP Server
Xhi~ 21
\'VD=( 21
plug-in for IIS
Xhi~ 21
\'VD=( 21
plug-in for Sun ONE Web Server
Xhi~ 21
\'VD=( 21
plug-in for web server
Ev 10
policy proxy server
Xhi~ 16
Ev 7
\'VD=( 16
6X
Z Solaris O 265
Z Solaris O20 102, 127, 132
Z Solaris OxP20 109
policy server
Xhi~ 16
Ev 7
dC!n 331
\'VD=( 16
provisioning fast start,Ev 8
Rruntime
Ev 7
6X
Z Solaris O 265
Z Windows O 266
runtime 53
Xhi~ 16
\'VD=( 16
runtime environment
6X 264
SsecAuthority=Default 74, 94
Solaris
20
GSKit 235
IBM Tivoli Directory Client 239
IBM Tivoli Directory Server 61, 64
Java runtime environment 120
Tivoli Access Manager m~| 102, 108, 109, 114, 126,
127, 132
20X(Z=(D JRE 243
6Xi~ 265
w} 467
startWebLogic,hC CLASSPATH 190
Sun ONE Directory Server
z7D5 92
Sun ONE Directory,hs 28
TTivoli Access Manager 53 13
Tivoli Access Manager 53D`M 13
Tivoli Access Manager ADK
Ev 6
Tivoli Access Manager for WebLogic
Xhi~ 19
\'VD=( 19
Tivoli Access Manager for WebSphere
Xhi~ 20
\'VD=( 20
Tivoli Identity Manager /I 8
UUnicode 51
UNIX
oT'V 48
UTF-8 `k 51
WWAS_HOME
hC 212, 213
Web Admin Tool
Ev 11
Web admin tool,hs 26
Web Portal Manager
Xhi~ 17
Ev 8
9C amwpmcfg 5CLrxPdC 392
\'VD=( 17
web security runtime
Ev 10
web security,i~ 9
WebSEAL
%;"a 195
Ev 10
WebSEAL ac
dC 195
WebSEAL ADK
Ev 10
WebSEAL development(ADK)
Xhi~ 19
\'VD=( 19
WebSEAL Server
Xhi~ 19
\'VD=( 19
WebSEAL server
dC!n 334
WebSphere Application Server
Ev 12
wesosm 5CLr 431
Windows
20
X(Z=(D JRE 243
GSKit 235
IBM Tivoli Directory Client 240
IBM Tivoli Directory Server 66
Java runtime environment 121
6Xi~ 266
oT'V 49
wslstartwte 5CLr 433
wslstopwte 5CLr 434
[XpV{].kdb 336
468 IBM Tivoli Access Manager for e-business: Web Security 208O
���
Pz!"
S152-0808-00