Implementation Guide › Configuring Services › Configuring the Event Log Store › Example: Configure Non-Interactive Authentication Across Three Servers
Example: Configure Non-Interactive Authentication Across Three Servers
The simplest scenario for configuring non-interactive authentication, a prerequisite for auto archiving, is one with two CA Enterprise Log Manager servers, one collection server and one reporting/management server, and a remote storage system on any UNIX or Linux server. This example assumes that the three servers being prepared for auto archiving are named:
- NY-Collection-ELM
- NY-Reporting-ELM
- NY-Storage-Svr
The procedures for enabling non-interactive authentication follow:
- From NY-Collection-ELM, generate the RSA key pair as caelmservice and copy the public key of this pair as authorized_keys to the /tmp directory on NY-Reporting-ELM.
- Create an .ssh directory on NY-Reporting-ELM, change ownership to caelmservice, move authorized_keys from the /tmp directory to the .ssh directory and set the key file ownership to caelmservice with the required permissions.
- Validate non-interactive authentication from NY-Collection-ELM to NY-Reporting-ELM.
- From NY-Reporting-ELM, generate another RSA key pair as caelmservice and copy the public key as authorized_keys to the /tmp directory of NY-Storage-Svr.
- From NY-Storage-Svr, create the directory structure /opt/CA/LogManager. From this path, create an .ssh directory, change ownership to caelmservice, move authorized_keys to this directory and set the key file ownership to caelmservice with the required permissions.
- Validate non-interactive authentication from NY-Reporting-ELM to NY-Storage-Svr.
The details for these steps are similar to those of the hub and spoke scenario. For a three server scenario, you skip Step 2 on additional collection-reporting pairs and skip the Step 3 instructions on concatenating the files to authorized_keys.
More information:
Example: Auto-Archiving Across Three Servers
