Hitachi

JP1 Version 12 JP1/Base User's Guide


8.1.1 Specifying the authentication servers to use

Specify the host running JP1/Base that will be used as the authentication server. The authentication server must be specified on the following hosts:

A host specified as an authentication server manages JP1 users and the operating permissions for JP1 resource groups. When JP1/IM, JP1/AJS, or other products that use user authentication provided by JP1/Base access the authentication server through SSL communication, you have to enable the SSL communication setting on the host on which JP1/Base is installed. To be able to use SSL communication, the required version of JP1/Base must be 11-00 or later in all products that use user authentication provided by JP1/Base.

Note that if the communication encryption function (SSL communication) is enabled on an authentication server host, SSL communication must also be enabled on each host that connects to that authentication server. If hosts that do not use SSL communication must be authenticated, you need to install an authentication server that does not use SSL communication to separate the user authentication block. Also note that to use SSL communication, the version of JP1/Base on the authentication server host and the hosts connecting to the authentication server host must be 11-00 or later.

You can use the GUI or commands to set up an authentication server.

Organization of this subsection

(1) Using the GUI to set up the authentication server

To specify an authentication server, from the Authentication Server page of the JP1/Base Environment Settings dialog box, click Order of authentication server. In the Order of authentication server area, you can add an authentication server, and then delete or change an entered authentication server. The following describes these procedures. If you want to set the local host as the authentication server (primary or secondary authentication server), stop the JP1/Base service before you complete this area.

Adding an authentication server:

You can use up to two hosts as authentication servers. The first host listed in the Authentication Server field will be the primary authentication server, and the one below will be the secondary authentication server.

You can add an authentication server, unless two authentication servers are already listed in the Authentication Server field.

  1. Click the Add button.

  2. In the Authentication Server dialog box, enter the authentication server name and then click OK.

    The Authentication Server page comes to the front. The authentication server name you specified in the Authentication Server dialog box appears in the Authentication Server field. You can specify both the local host and another host for the authentication server.

Note

For the authentication server name, enter a host name. You cannot specify an IP address.

Deleting an authentication server:
  1. From the Authentication Server field, select the authentication server you want to delete.

  2. Click the Delete button.

Changing an authentication server:
  1. From the Authentication Server field, select the authentication server you want to change.

  2. Click the Change button.

    Change the authentication server in the Authentication Server dialog box.

  3. Click the OK button.

    The Authentication Server page comes to the front. The authentication server name you changed in the Authentication Server dialog box appears in the Authentication Server field.

If you want to swap the primary and secondary authentication servers, select one of the host names listed in the Authentication Server field, and then click the Up or Down button.

Note

When you add a second authentication server or change one of the two authentication servers, the Set this authentication server in state of blockage check box in the Authentication Server dialog box becomes available. If you select this check box, any hosts whose host names you type in cannot be used as an authentication server. Do not select this check box in normal circumstances.

When you finish the settings in the Order of authentication server area, click Apply. The settings take effect. If you specify the local host as an authentication server, and then select (highlight) the local host as the authentication server in the Authentication Server field, the JP1 user and Authority level for JP1 resource group areas become available.

(2) Using commands to set authentication server

Use the jbssetupsrv command to register and delete an authentication server. For details on the jbssetupsrv command, see jbssetupsrv (Windows only) in 15. Commands.

Registering an authentication server

To register an authentication server, execute the following command:

jbssetupsrv [-h logical-host-name]
            primary-authentication-server-name [secondary-authentication-server-name]
Deleting an authentication server

To delete an authentication server, execute the following command:

jbssetupsrv [-h logical-host-name]
            -d [authentication-server-name]

If you omit the logical host name from the -h option, the logical host name set for the environment variable JP1_HOSTNAME is used by default. If the environment variable JP1_HOSTNAME is not set, the physical host name is assumed.

If you omit the secondary authentication server name, JP1/Base uses only one authentication server in the user authentication block.

If you only specify the -d option, all the authentication servers on the specified logical host are deleted.

(3) After setting authentication servers

To check which hosts are set as authentication servers, execute the following command:

jbslistsrv [-h logical-host-name]

For details on the jbslistsrv command, see jbslistsrv in 15. Commands.

If you specified the local host as the primary authentication server, go to 8.1.2 Setting JP1 users (standard users).

If you specified the local host as the secondary authentication server, complete the settings of the authentication server for the host you specified as the primary authentication server, and then go to 8.1.4 Copying settings from the primary authentication server.

If you did not specify the local host as an authentication server, the settings for user authentication are now finished.