Manualshelf

XYGATE User Authentication Reference Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series
919293949596979899100
XYGATE
®
User Authentication
(XUA) 1.85 Reference Manual
Chapter 12. Configuring the LDAP Interface
XYPRO Technology Corporation 65 Proprietary and Confidential
Individual certificate files should be in PEM format: BASE64 format, delimited by
" -----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----".
Transfer individual certificate files to the HP NonStop using the binary option and then
combine them into a single file by FUP COPY’ing them into a new file as follows:
TACL> FUP CREATE CERTALL,LIKE CERT001
TACL> FUP COPY CERT001,CERTALL
TACL> FUP COPY CERT002,CERTALL
TACL> FUP COPY CERT003,CERTALL
You can use the XYCERTM macro to break up the multi-certificate file into files with
one certificate per file, and run either the XYCERT program or the OPENSSL program
against the file to display the certificate contents.
Syntax : XYCERTM
XYCERTM <file> { OPENSSL | XYCERT }
Example : Displaying the contents of a multi-certificate file using XYCERT
TACL> XYCERTM $SYSTEM.XYGATEUA.CERTALL XYCERT
Example : Displaying the contents of a multi-certificate file using OPENSSL
TACL> XYCERTM $SYSTEM.XYGATEUA.CERTALL OPENSSL
In the above example, the UACONF keyword LDAP_PROXY_CACERT should have a
value "CERTALL" (include the double-quotation marks) to reference the file with the
combined certificate files.
12.3.4 Telserv Process Configuration Checking
To make sure your Telserv process is using the TCPIP stack intended for
communication between the NonStop host and the LDAP server, perform the checks
suggested in this section.
1. Determine the Telserv process used by your session.
$DATA WORK> who
Home terminal: $ZTN0.#PT8RM7V
TACL process: \NODE.$Y8WH
Primary CPU: 0 (NSE-D)
Default Segment File: $VEBG.#0002437
Pages allocated: 28 Pages Maximum: 1036
Bytes Used: 16944 (0%) Bytes Maximum: 2121728
Current volume: $DATA.WORK
Saved volume: $DATA.WORK
Userid: 255,255 Username: SUPER.SUPER Security: "OOOO"
Logon name: SUPE.SUPER
2.
Determine what TCP/IP process is configured for the use of the Telserv process.
$DATA WORK 13> SCF
SCF - T9082H01 - (04DEC06) (15NOV06) - 04/09/2008 15:20:29 System \NODE
(C) 1986 Tandem (C) 2006 Hewlett Packard Development Company, L.P.
(Invoking \NODE. $DATA.WORK.SCFCSTM)
The Telserv process name in
this example is $ZTN0