Internet Express for Tru64 UNIX Version 6.8 Administration Guide (14233)

ManualsBrandsHP ManualsSoftwareTru64 UNIX 5.1B

111

112

113

114

115

116

117

118

119

120

5.1.4.12 Enabling Support Using the Access Database

Secure connections to servers and clients can be defined by adding lines to the access database

(access db text file) and then running makemap to create the updated access_db file.

Here are four examples that offer or do not offer TLS support for certain connections. Each line

illustrates the line format used in the access database. The line format for the text file is:

First field <tab> second field <tab> third field

By default, STARTLS is requested on all outgoing connections and offered on incoming

connections when certificates are configured. By placing a line in the access database, STARTLS

can be turned off.

Try_TLS: general.mymachine.com YES

Try_TLS: mymachine.com NO

Try_TLS: 42.0 NO

Try_TLS: 127.0 NO

Here, STARTLS is offered to general.mymachine.com. It is not offered to mymachine.com,

any address starting with 42.0 or 127.0

To turn on TLS support for connecting as a client, the access_db line format is as follows:

VERIFY

TLS_Srv: host-name or address ENCR:bits

VERIFY:BITS

The third fields shown here are optional.

To turn on TLS support for connecting as the server the access_db file format line is:

VERIFY

TLS_Clt: host-name or address ENCR:bits

VERIFY:bits

The third fields shown here are optional.

Here are some additional client examples:

Access database text line

StartTLS connection as client to system abcTLS_Serv:abc.hp.com

StartTLS connection and certificate verification requiredTLS_Serv:abc.hp.com VERIFY

Must encrypt with at least 64 bitsTLS_Serv:abc.hp.com ENCR:64

Certificate verification and encryption strength of at least 64 bitsTLS_Serv:abc.hp.com VERIFY:64

Here are some additional server examples:

Access database text line

StartTLS connection as server to system nbcTLS_Clt:nbc.hp.com

StartTLS connection and certificate verification requiredTLS_Clt:nbc.hp.com VERIFY

Must encrypt with at least 32 bitsStartTLS connection and certificate verification

required

Certificate verification and encryption strength of at least 32 bitsTLS_Clt:nbc.hp.com VERIFY:32

Additional access database tags allow the fine tuning of TLS connections:

5.1 Sendmail Server Administration 119