21.2.2 How to set the connection permission configuration file

(1) Settings for restricting connections to JP1/AJS3 - Manager

To restrict connections to JP1/AJS3 - Manager, specify the following IP addresses in the manager connection permission configuration file or the agent connection permission configuration file:

• IP address of a host that you want to permit to connect

• IP address of the local host

Cautionary note:

JP1/AJS3 - Manager internally performs TCP/IP communication. Accordingly, you need to specify all IP addresses that can be used as connection-source IP addresses, such as the loopback address or the IP address of the logical host, as the IP addresses of the local host.

Make sure that you specify the IP address of the local host in the manager connection permission configuration file and the agent connection permission configuration file. If you do not do so, the JP1/AJS3 service will not be able to start. Also, if you do not specify the IP address of the local host in the agent connection permission configuration file, the passing information setting job cannot be executed.

The file that needs to be set differs according to whether restricting connections to JP1/AJS3 - Manager is enabled. The value that is specified for the CONNECTIONRESTRICTION environment setting parameter also differs according to the setting for restricting connection sources. Which file must be set and the value that must be specified for the CONNECTIONRESTRICTION environment setting parameter for each type of restricted connection to JP1/AJS3 - Manager is described below.

If connections to manager hosts are restricted and connections to agent hosts are not restricted:

File that needs to be set

Manager connection permission configuration file

Value to be specified for the CONNECTIONRESTRICTION environment setting parameter

manager

If restricting connections to manager hosts is not enabled and restricting connections to agent hosts is enabled:

File that needs to be set

Agent connection permission configuration file

Value to be specified for the CONNECTIONRESTRICTION environment setting parameter

agent

If restricting connections to both manager hosts and agent hosts:

Files that needs to be set

• Manager connection permission configuration file

• Agent connection permission configuration file

Value to be specified for the CONNECTIONRESTRICTION environment setting parameter

all

To Page Top

(2) Settings for restricting connections to JP1/AJS3 - Agent

To restrict connections to JP1/AJS3 - Agent, specify the IP address of the manager host that you want to allow to connect in the agent connection permission configuration file.

Unlike in JP1/AJS3 - Manager, in JP1/AJS3 - Agent, you do not need to specify the IP address of the local host.

To Page Top

(3) Coding rules for the connection permission configuration file

Specify the IP address that you want to permit to connect in the connection permission configuration file as follows:

• Specify one IP address and one linefeed character per line.

• Specify all the IP addresses of all hosts that can be used as connection sources.

• IP addresses can be either IPv4 addresses or IPv6 addresses.

  For details about IPv6 addresses, see 2.3.5 Communication using IPv6 addresses in the JP1/Automatic Job Management System 3 System Design (Configuration) Guide.

  For details about how to specify IPv6 addresses, see 1.1.5 Specifying an IPv6 address in the manual JP1/Automatic Job Management System 3 Command Reference.

To Page Top

(4) An example of coding

Suppose that you enable restricting connection sources in the following environment.

Figure 21‒1: An example of setting restricting connection sources

Code the manager connection permission configuration file on the manager host as below. Note that the information following # is treated as a comment.

127.0.0.1     #Communication permission from the local host (loopback address)
192.168.31.2  #Communication permission from the local host
192.168.31.1

Code the agent connection permission configuration file on the agent host as follows:

192.168.31.2

To Page Top

(5) Notes on the connection permission configuration file

• The following is the maximum number of specifiable IP addresses for each file:

  Manager connection permission configuration file: 512

  Agent connection permission configuration file: 64

• The maximum length of a line in the connection permission configuration file is 1,022 bytes.

  Any lines that exceed the maximum length are treated as a syntax errors when the JP1/AJS3 service starts, the JP1/AJS3 Queueless Agent service starts^#1, the JP1/AJS3 System Control Manager service starts^#2, the JP1/AJS3 System Control Agent service starts^#1, or the jajs_pmtcon command is executed with the -u option specified.

  #1

  Applies only to the agent connection permission configuration file.

  #2

  Applies only to the manager connection permission configuration file.

• The following lines are ignored:

  • 0-byte line

  • A line that contains only spaces or tab characters

  • A line beginning with a hash mark (#) (the line is treated as a comment line)

    If a # mark occurs midway in a line, the # and what follows the mark is treated as a comment.

• If space characters or tab characters occur at either the beginning or the end of a line, the value without these characters is used.

• If no correct IP addresses have been specified, all connections are refused.

• If the format of the specified IP address is incorrect, a message (KAVS8036-E) is output and the specified value is ignored.

• If there is a syntax error on a line in the connection permission configuration file, a message (KAVS8036-E) is output to the integrated trace log and the JP1/AJS3 service starts.

  In this case, the line with the syntax error is ignored and the settings of only the correct lines are subject to restriction. If all the lines have a syntax error, connections from all hosts are refused.

To Page Top