Samba on NonStop User Manual
B Securing SWAT
HP NonStop SSL (T0910) can be used to allow for secure remote administration of NS-Samba
done through SWAT. To secure SWAT, you should perform the following steps on NonStop server:
1. Enable the SWAT service, as described in “Enabling SWAT” (page 16).
2. Install HP NonStop SSL.
3. Configure SSL for production as SSL Server as described in the HP NonStop SSL Reference
Manual.
4. Install a secure tunnel for SWAT using an HP NonStop SSL generic server proxy (PROXYS)
process:
a. Select a port number that will be used for SSL SWAT connections (For example, 2000).
b. At your TACL prompt, run the HP NonStop SSL SETUP macro:
> VOLUME $SYSTEM.ZNSSSL
> RUN SETUP
Select “GENERIC SERVER” as the run mode and follow the installation instructions. Enter
901 (the port number of the SWAT server), as the target port and the selected SSL SWAT
port as the SSL listening port (For example, 2000).
The SETUP macro will create a configuration file (for example, PXYSCF0) and an SCF
IN file for the installation as persistent process (for example, PXYSIN0).
c. At your TACL prompt, run the HP NonStop SSL SETUP macro:
> SCF /IN PXYSIN0/
d. Start the HP NonStop SSL PROXYS persistent process, for example:
> SCF START PROCESS $ZZKRN.#SSL-PROXYS-0
e. Check the log file (configured in the configuration file) to verify the PROXYS process has
started correctly, for example:
> ZSSH.SHOWLOG PXYSLOG *
f. Verify that the log contains a message of following pattern:
$PXYS0|10Jan11 09:56:04.13|20|secure-to-plain proxy started on
target host 127.0 .0.1, target port 901, source port 2000
5. After successful completion, to launch SWAT, point your web browser to the following address:
https://[NonStop system name or IP address]:[SSL listening port] in
the address bar. For example, https://hostname:2000.
24 Securing SWAT