Internet Express for Tru64 UNIX Version 6.10 Administration Guide (5900-1418, March 2011)

ManualsBrandsHP ManualsSoftwareHP-UX Internet Express Software

201

202

203

204

205

206

207

208

209

210

http://h30097.www3.hp.com/unix/cdsa

Note:

CDSA is available only for Tru64 UNIX 5.1 and later. If you are running Tru64 UNIX 5.0A,

you cannot run security-enabled SLP.

2. Enable security in OpenSLP by placing the following entry in the /etc/slp.conf configuration

file:

net.slp.securityEnabled = true

3. In the root account, run the keytool utility to generate pairs of public and private keys. To

do this, you must have an account on the system for user daemon. The keytool utility places

one file for the private key and a corresponding file for the public key in the current working

directory.

You can move the files to any appropriate location on the system. The names of the files take

the form priv_<unique_number> and pub_<unique_number>. Corresponding pairs of

private and public files have the same unique number. The private key file will ultimately be

owned by daemon with read-only-by-owner privileges. The public key file will be owned by

root and will be readable by owner, group, and other users.

4. Configure a Security Parameter Index file, /etc/slp.spi, that will associate each key pair

with an SLP Security Parameter Index (SPI). Use the following format:

<private | public> SPI_string path_of_file_generated_by_keytool

For example, the contents of the /etc/slp.spi file could look as follows:

private spi1 secure_directory/priv_1234567890

public spi1 any_directory/pub_1234567890

public spi2 any_directory/pub_2234567890

public spi3 any_directory/pub_3234567890

Note:

For SLP Version 2, only one private key is supported per system. If there is more than one

private entry in the /etc/slp.spi file, only the first private entry is processed; the other

private entries will be ignored.

The public key file must have a fully readable path; that is, its parent directories must also be

readable. At least one public key is required per system.

Running the Services

To select and run services on the network, you must first run the OpenSLP daemon (slpd), which

enables binding to the SLP port.

From the Internet Express Administration utility, you can start, stop, and restart the OpenSLP:

1. From the Manage Components menu, choose Manage OpenSLP for Tru64 UNIX. The OpenSLP

Administration menu is displayed.

2. From the OpenSLP Administration menu, choose Start/Stop the OpenSLP daemon. The

Start/Stop the OpenSLP Daemon form is displayed, indicating whether the OpenSLP daemon

is running or is stopped.

When the daemon is stopped, Start and Cancel buttons appear on the form. When the daemon

is running, Stop, Restart, and Cancel buttons appear.

3. To start the OpenSLP daemon, click the Start button. This action starts the OpenSLP daemon

(slpd with certain default options: -c /etc/slp.config when no security is enabled,

and -s /etc/slp.spi when security is enabled.

Configuring OpenSLP 209