Chapter 11 Security Configuration Tasks

Configuring identities

Identities define a user name, password, and SSL session characteristics to be used by components or servlets that call other components. Identities are also used for inter-server authentication when propagating caller credentials in a call sequence that involves multiple servers. EAServer provides a System and Anonymous identity by default.

To define a new identity:

1. Highlight the Identities folder.
2. Select File | New Identity.
3. Enter a name for the identity.
4. Configure the identity as described in "Configuring identity properties".

To modify or delete an identity:

1. Expand the Identities folder and highlight the icon for the identity of interest.
2. Choose File | Delete to delete the identity, or choose File | Identity Properties to display the Identity Properties window.
3. If modifying the identity, make your modifications as described in "Configuring identity properties" and click OK.

Configuring identity properties

The Identity Properties dialog has these tabs:

• "Identity properties/basic" defines the user name and password.
• "Identity properties/SSL" specifies whether connections made using the identity will use SSL and if so, the SSL session characteristics.
• "Identity properties/Entrust" configures Entrust specific properties for SSL connections.

Identity properties/basic

Enter the user name and password for inter-server connections made using the identity.

Identity properties/SSL

Settings on this tab specify whether connections made using the identity will use SSL and if so, the SSL session characteristics.

To configure the SSL settings:

1. If SSL is not to be used at all, choose <none> for the security characteristic. Otherwise choose the characteristic that defines the required level of security. See Table 11-2 for descriptions of the security characteristics.
2. Check Use Entrust if your site uses Entrust for SSL certificate management and you wish connections made with this identity to use an Entrust certificate.
3. If the specified security characteristic requires mutual authentication, choose a client certificate.

   Client certificate field may require a password If you have not connected to the Security Manager provider, Jaguar Manager prompts for the Sybase certificate database password when you put the focus on the Certificate Label field. You must connect to Security Manager or enter the correct certificate database password before you can view certificate names.

Identity properties/Entrust

If you enabled Entrust support in the SSL tab, the Entrust tab settings specify the Entrust certificate to be used.

To configure the Entrust settings:

1. Browse to or type the path to the entrust.ini file (typically located in the Windows installation directory on Windows NT machines, and in the Entrust clients subdirectory on UNIX systems.
2. Browse or type the path to the Entrust profile file (.epf extension) that defines the certificate to be used.
3. Enter the password required to use the specified Entrust profile.

Copyright © 2002 Sybase, Inc. All rights reserved.