Implementation Guide › Configuring Services › Configuring the Event Log Store › Example: Configure Non-Interactive Authentication Across Three Servers

Example: Configure Non-Interactive Authentication Across Three Servers

The simplest scenario for configuring non-interactive authentication, a prerequisite for auto archiving, is one with two CA User Activity Reporting Module servers, one collection server and one reporting/management server, and a remote storage system on any UNIX or Linux server. This example assumes that the three servers being prepared for auto archiving are named:

• NY-Collection-ELM
• NY-Reporting-ELM
• NY-Storage-Svr

The procedures for enabling non-interactive authentication follow:

1. From NY-Collection-ELM, generate the RSA key pair as caelmservice and copy the public key of this pair as authorized_keys to the /tmp directory on NY-Reporting-ELM.
2. Create an .ssh directory on NY-Reporting-ELM, change ownership to caelmservice, move authorized_keys from the /tmp directory to the .ssh directory and set the key file ownership to caelmservice with the required permissions.
3. Validate non-interactive authentication from NY-Collection-ELM to NY-Reporting-ELM.
4. From NY-Reporting-ELM, generate another RSA key pair as caelmservice and copy the public key as authorized_keys to the /tmp directory of NY-Storage-Svr.
5. From NY-Storage-Svr, create the directory structure /opt/CA/LogManager. From this path, create an .ssh directory, change ownership to caelmservice, move authorized_keys to this directory and set the key file ownership to caelmservice with the required permissions.
6. Validate non-interactive authentication from NY-Reporting-ELM to NY-Storage-Svr.

The details for these steps are similar to those of the hub and spoke scenario. For a three server scenario, you skip Step 2 on additional collection-reporting pairs and skip the Step 3 instructions on concatenating the files to authorized_keys.

More information:

Example: Auto-Archiving Across Three Servers