/usr/share/doc/polyorb-doc/html/polyorb_ug/Configuring-Security-services-for-PolyORB.html is in polyorb-doc 2.11~20140418-3.2.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 | <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<!-- This is free software; you can redistribute it and/or modify it under
terms of the GNU General Public License as published by the Free
Software Foundation; either version 3, or (at your option) any later
version. This software is distributed in the hope that it will be
useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License and
a copy of the GCC Runtime Library Exception along with this program;
see the files COPYING3 and COPYING.RUNTIME respectively. If not, see
<http://www.gnu.org/licenses/>. -->
<!-- Created by GNU Texinfo 6.3, http://www.gnu.org/software/texinfo/ -->
<head>
<title>PolyORB User’s Guide: Configuring Security services for PolyORB</title>
<meta name="description" content="PolyORB User’s Guide: Configuring Security services for PolyORB">
<meta name="keywords" content="PolyORB User’s Guide: Configuring Security services for PolyORB">
<meta name="resource-type" content="document">
<meta name="distribution" content="global">
<meta name="Generator" content="makeinfo">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link href="About-This-Guide.html#About-This-Guide" rel="start" title="About This Guide">
<link href="Index.html#Index" rel="index" title="Index">
<link href="About-This-Guide.html#SEC_Contents" rel="contents" title="Table of Contents">
<link href="Configuring-a-CORBA-application.html#Configuring-a-CORBA-application" rel="up" title="Configuring a CORBA application">
<link href="Command-line-arguments.html#Command-line-arguments" rel="next" title="Command line arguments">
<link href="Configuring-GIOP-protocol-stack-for-PolyORB.html#Configuring-GIOP-protocol-stack-for-PolyORB" rel="prev" title="Configuring GIOP protocol stack for PolyORB">
<style type="text/css">
<!--
a.summary-letter {text-decoration: none}
blockquote.indentedblock {margin-right: 0em}
blockquote.smallindentedblock {margin-right: 0em; font-size: smaller}
blockquote.smallquotation {font-size: smaller}
div.display {margin-left: 3.2em}
div.example {margin-left: 3.2em}
div.lisp {margin-left: 3.2em}
div.smalldisplay {margin-left: 3.2em}
div.smallexample {margin-left: 3.2em}
div.smalllisp {margin-left: 3.2em}
kbd {font-style: oblique}
pre.display {font-family: inherit}
pre.format {font-family: inherit}
pre.menu-comment {font-family: serif}
pre.menu-preformatted {font-family: serif}
pre.smalldisplay {font-family: inherit; font-size: smaller}
pre.smallexample {font-size: smaller}
pre.smallformat {font-family: inherit; font-size: smaller}
pre.smalllisp {font-size: smaller}
span.nolinebreak {white-space: nowrap}
span.roman {font-family: initial; font-weight: normal}
span.sansserif {font-family: sans-serif; font-weight: normal}
ul.no-bullet {list-style: none}
-->
</style>
</head>
<body lang="en">
<a name="Configuring-Security-services-for-PolyORB"></a>
<div class="header">
<p>
Next: <a href="Command-line-arguments.html#Command-line-arguments" accesskey="n" rel="next">Command line arguments</a>, Previous: <a href="Configuring-GIOP-protocol-stack-for-PolyORB.html#Configuring-GIOP-protocol-stack-for-PolyORB" accesskey="p" rel="prev">Configuring GIOP protocol stack for PolyORB</a>, Up: <a href="Configuring-a-CORBA-application.html#Configuring-a-CORBA-application" accesskey="u" rel="up">Configuring a CORBA application</a> [<a href="About-This-Guide.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>][<a href="Index.html#Index" title="Index" rel="index">Index</a>]</p>
</div>
<hr>
<a name="Configuring-Security-services-for-PolyORB-1"></a>
<h4 class="subsection">6.7.3 Configuring Security services for PolyORB</h4>
<p>PolyORB provides support for some elements of the CORBA Security
mechanisms. This sections lists the corresponding configuration
parameters.
</p>
<a name="Supported-mechasnisms"></a>
<h4 class="subsubsection">6.7.3.1 Supported mechasnisms</h4>
<p>PolyORB provides support for the following security mechanisms:
</p>
<ol>
<li> SSL/TLS protected transport;
</li><li> GSSUP (user/password) authentication mechanism;
</li><li> identity assertion and backward trust evaluation.
</li></ol>
<a name="Compile_002dtime-configuration-2"></a>
<h4 class="subsubsection">6.7.3.2 Compile-time configuration</h4>
<p>To enable security support, applications must ‘with’ one of the
predefined setup packages:
</p>
<ol>
<li> <code>PolyORB.Setup.Secure_Client</code> - for client side support only;
</li><li> <code>PolyORB.Setup.Secure_Server</code> - for both client and server
side support.
</li></ol>
<a name="Run_002dtime-configuration-2"></a>
<h4 class="subsubsection">6.7.3.3 Run-time configuration</h4>
<ol>
<li> Capsule configuration
<p>This section details the configuration parameters for capsule
configuration.
</p>
<div class="smallexample">
<pre class="smallexample">[security_manager]
# List of sections for configure client's credentials
#own_credentials=my_credentials
#
# Client requires integrity proteced messages
#integrity_required=true
#
# Client requires confiodentiality protected messages
#confidentiality_required=true
#
# Client requires security association to detect replay (not supported
for now)
#detect_replay_required=true
#
# Client requires security association to detect message sequence
errors (not
# supported for now)
#detect_misordering_required=true
#
# Client requires target authentication
#establish_trust_in_target_required=true
#
# Client requires client authentication (usually not applicable at
all)
#establish_trust_in_client_required=true
#
# (rare useful)
#identity_assertion_required=true
#
# (rare useful)
#delegation_by_client_required=true
</pre></div>
</li><li> Credentials configuration
<p>This section details configuration parameters for defining a program’s
credentials. Depending on the mechanisms used for the transport and
authentication layers, the credentials configuration section may define
configuration only for one transport mechanism and/or one
authentication mechanism.
</p>
<div class="smallexample">
<pre class="smallexample">#[my_credentials]
#
# TLS protected transport mechanism used as transport mechanism
#transport_credentials_type=tls
#
# Connection method. Available methods: tls1, ssl3, ssl2
#tls.method=tls1
#
# Certificate file name
#tls.certificate_file=my.crt
#
# Certificate chain file name
#tls.certificate_chain_file=
#
# Private key file name
#tls.private_key_file=my.key
#
# Name of file, at which CA certificates for verification purposes are
#located
#tls.certificate_authority_file=root.crt
#
# Name of directory, at which CA certificates for verification
#purposes are
# located
#tls.certificate_authority_path=
#
# List of available ciphers
#tls.ciphers=ALL
#
# Verify peer certificate
#tls.verify_peer=true
#
# Fail if client don't provide ceritificate (server only)
#tls.verify_fail_if_no_peer_certificate=true
#
# GSSUP (user/password) mechanism as authentication mechanism
#authentication_credentials_type=gssup
#
# User name
#gssup.username=username@domain
#
# User password
#gssup.password=password
#
# Target name for which user/password pair is applicable
#gssup.target_name=@domain
</pre></div>
</li><li> POA configuration
<p>This section details configuration parameters for defining security
characteristics of objects managed by POA. The POA’s name is used as
the section name.
</p>
<div class="smallexample">
<pre class="smallexample">#[MySecurePOA]
#
# Unprotected invocations is allowed
#unprotected_invocation_allowed=true
#
# Section name for configuration of used protected transport mechanism
#(if any)
#transport_mechanism=tlsiop
#
# Section name for configuration of used authentication mechanism (if
#any)
#authentication_mechanism=my_gssup
#
# Target require client authentication at authentication layer (in
#addition
# to authentication at transport layer)
#authentication_required=true
#
# Name of file for backward trust evalutation rules
#backward_trust_rules_file=file.btr
#
# Section name for configuration of authorization tokens authority
#privilege_authorities=
</pre></div>
</li><li> TLS protected transport mechanism configuration
<p>This section details configuration parameters for the TLS protected
transport mechanism. The section name for mechanism configuration is
defined in the POA configuration.
</p>
<div class="smallexample">
<pre class="smallexample">[tlsiop]
# List of access points
#addresses=127.0.0.1:3456
</pre></div>
</li><li> GSSUP authentication mechanism
<p>This section details configuration parameters for the GSSUP
authentication mechanism. The section name for mechanism configuration
is defined in the POA configuration.
</p>
<div class="smallexample">
<pre class="smallexample">#[my_gssup]
#
# Authentication mechanism
#mechanism=gssup
#
# Target name
#gssup.target_name=@domain
#
# User name/password mapping file
#gssup.passwd_file=passwd.pwd
</pre></div>
</li></ol>
<hr>
<div class="header">
<p>
Next: <a href="Command-line-arguments.html#Command-line-arguments" accesskey="n" rel="next">Command line arguments</a>, Previous: <a href="Configuring-GIOP-protocol-stack-for-PolyORB.html#Configuring-GIOP-protocol-stack-for-PolyORB" accesskey="p" rel="prev">Configuring GIOP protocol stack for PolyORB</a>, Up: <a href="Configuring-a-CORBA-application.html#Configuring-a-CORBA-application" accesskey="u" rel="up">Configuring a CORBA application</a> [<a href="About-This-Guide.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>][<a href="Index.html#Index" title="Index" rel="index">Index</a>]</p>
</div>
</body>
</html>
|