Previous Topic: Prepare CA VM:Secure Authorization MODULEsNext Topic: Software Requirements for Supporting Enhanced Server Validation

Rules Facility GuideConfiguring CA VM:Secure to Work with the TCP/IP FeatureSoftware Requirements for Servers Supporting Traditional Server ValidationTCP/IP Server Configuration Information

TCP/IP Server Configuration Information

The IBM manual TCP/IP Planning and Customization, contains full instructions for configuring TCP/IP to work with an external security manager, such as CA VM:Secure. We recommend that you read this material before proceeding. This chapter is intended to be a supplement to the IBM documentation, not a replacement.

You can customize TCP/IP in several ways. This chapter explains one of the methods. For more information about other methods, see the previously referenced IBM documentation. This section explains the use of the SYSTEM DTCPARMS file, which is used for TCP/IP server customization. If you are using CA VM:Secure as your external security manager, the parameters in your SYSTEM DTCPARMS file need to be set as follows:

  1. Put the VALIDAT MODULE we supply, or the one you created in the previous procedure, on the 'server configuration' minidisk. By default, this is the TCPMAINT 198 minidisk. This ensures that all of the TCP/IP service virtual machines have the VALIDAT MODULE in their search order.
  2. Put the RPIUCMS MODULE we provide, or the one you created in the previous procedure, on the 'server configuration' minidisk. By default, this is the TCPMAINT 198 minidisk. This ensures that all of the TCP/IP service virtual machines have the RPIUCMS MODULE in their search order.
  3. XEDIT file SYSTEM DTCPARMS located on TCPMAINT 198 minidisk.
  4. Find the entry for the class of server or the particular server you are configuring.

    The class entry will have a :type.class tag, and a :nick tag with the class name as the value. Examples are—:nick.nfs, :nick.ftp, or :nick.rexec, and so on. The tag names you are setting in the following steps may be specified on the :Type.Server for a server, or they may be specified on the appropriate :Type.Class entry in the DTCPARMS file. Providing this information at the class level ensures that all servers of the same class will use the specified CA VM:Secure services.

  5. Add or change the definition to specify :ESM_Enable.YES so that the server will initialize the module which handles RACROUTE macro authorization requests issued by each server.
  6. Add or change the definition to specify :ESM_Validate.VALIDAT so that the server will call the supplied VALIDAT MODULE to perform password validation.
  7. Add or change the definition to specify :ESM_Racroute.RPIUCMS so that the server knows to use the RPIUCMS to service RACROUTE macro calls. This is not strictly necessary, since the default module name is RPIUCMS, but it will clearly document what name you are using.