polyorb-doc 2.11~20140418-3.2 / usr / share / doc / polyorb-doc / html / polyorb_ug / Configuring-Security-services-for-PolyORB.html

This file is indexed.

/usr/share/doc/polyorb-doc/html/polyorb_ug/Configuring-Security-services-for-PolyORB.html is in polyorb-doc 2.11~20140418-3.2.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<!-- This is free software; you can redistribute it and/or modify it under
terms of the GNU General Public License as published by the Free
Software Foundation; either version 3, or (at your option) any later
version.  This software is distributed in the hope that it will be
useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.

You should have received a copy of the GNU General Public License and
a copy of the GCC Runtime Library Exception along with this program;
see the files COPYING3 and COPYING.RUNTIME respectively.  If not, see
<http://www.gnu.org/licenses/>. -->
<!-- Created by GNU Texinfo 6.3, http://www.gnu.org/software/texinfo/ -->
<head>
<title>PolyORB User&rsquo;s Guide: Configuring Security services for PolyORB</title>

<meta name="description" content="PolyORB User&rsquo;s Guide: Configuring Security services for PolyORB">
<meta name="keywords" content="PolyORB User&rsquo;s Guide: Configuring Security services for PolyORB">
<meta name="resource-type" content="document">
<meta name="distribution" content="global">
<meta name="Generator" content="makeinfo">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link href="About-This-Guide.html#About-This-Guide" rel="start" title="About This Guide">
<link href="Index.html#Index" rel="index" title="Index">
<link href="About-This-Guide.html#SEC_Contents" rel="contents" title="Table of Contents">
<link href="Configuring-a-CORBA-application.html#Configuring-a-CORBA-application" rel="up" title="Configuring a CORBA application">
<link href="Command-line-arguments.html#Command-line-arguments" rel="next" title="Command line arguments">
<link href="Configuring-GIOP-protocol-stack-for-PolyORB.html#Configuring-GIOP-protocol-stack-for-PolyORB" rel="prev" title="Configuring GIOP protocol stack for PolyORB">
<style type="text/css">
<!--
a.summary-letter {text-decoration: none}
blockquote.indentedblock {margin-right: 0em}
blockquote.smallindentedblock {margin-right: 0em; font-size: smaller}
blockquote.smallquotation {font-size: smaller}
div.display {margin-left: 3.2em}
div.example {margin-left: 3.2em}
div.lisp {margin-left: 3.2em}
div.smalldisplay {margin-left: 3.2em}
div.smallexample {margin-left: 3.2em}
div.smalllisp {margin-left: 3.2em}
kbd {font-style: oblique}
pre.display {font-family: inherit}
pre.format {font-family: inherit}
pre.menu-comment {font-family: serif}
pre.menu-preformatted {font-family: serif}
pre.smalldisplay {font-family: inherit; font-size: smaller}
pre.smallexample {font-size: smaller}
pre.smallformat {font-family: inherit; font-size: smaller}
pre.smalllisp {font-size: smaller}
span.nolinebreak {white-space: nowrap}
span.roman {font-family: initial; font-weight: normal}
span.sansserif {font-family: sans-serif; font-weight: normal}
ul.no-bullet {list-style: none}
-->
</style>


</head>

<body lang="en">
<a name="Configuring-Security-services-for-PolyORB"></a>
<div class="header">
<p>
Next: <a href="Command-line-arguments.html#Command-line-arguments" accesskey="n" rel="next">Command line arguments</a>, Previous: <a href="Configuring-GIOP-protocol-stack-for-PolyORB.html#Configuring-GIOP-protocol-stack-for-PolyORB" accesskey="p" rel="prev">Configuring GIOP protocol stack for PolyORB</a>, Up: <a href="Configuring-a-CORBA-application.html#Configuring-a-CORBA-application" accesskey="u" rel="up">Configuring a CORBA application</a> &nbsp; [<a href="About-This-Guide.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>][<a href="Index.html#Index" title="Index" rel="index">Index</a>]</p>
</div>
<hr>
<a name="Configuring-Security-services-for-PolyORB-1"></a>
<h4 class="subsection">6.7.3 Configuring Security services for PolyORB</h4>

<p>PolyORB provides support for some elements of the CORBA Security
mechanisms. This sections lists the corresponding configuration
parameters.
</p>
<a name="Supported-mechasnisms"></a>
<h4 class="subsubsection">6.7.3.1 Supported mechasnisms</h4>

<p>PolyORB provides support for the following security mechanisms:
</p>
<ol>
<li> SSL/TLS protected transport;

</li><li> GSSUP (user/password) authentication mechanism;

</li><li> identity assertion and backward trust evaluation.
</li></ol>

<a name="Compile_002dtime-configuration-2"></a>
<h4 class="subsubsection">6.7.3.2 Compile-time configuration</h4>

<p>To enable security support, applications must &lsquo;with&rsquo; one of the
predefined setup packages:
</p>
<ol>
<li> <code>PolyORB.Setup.Secure_Client</code> - for client side support only;

</li><li> <code>PolyORB.Setup.Secure_Server</code> - for both client and server
side support.
</li></ol>

<a name="Run_002dtime-configuration-2"></a>
<h4 class="subsubsection">6.7.3.3 Run-time configuration</h4>

<ol>
<li> Capsule configuration

<p>This section details the configuration parameters for capsule
configuration.
</p>
<div class="smallexample">
<pre class="smallexample">[security_manager]
# List of sections for configure client's credentials
#own_credentials=my_credentials
#
# Client requires integrity proteced messages
#integrity_required=true
#
# Client requires confiodentiality protected messages
#confidentiality_required=true
#
# Client requires security association to detect replay (not supported
for now)
#detect_replay_required=true
#
# Client requires security association to detect message sequence
errors (not
# supported for now)
#detect_misordering_required=true
#
# Client requires target authentication
#establish_trust_in_target_required=true
#
# Client requires client authentication (usually not applicable at
all)
#establish_trust_in_client_required=true
#
# (rare useful)
#identity_assertion_required=true
#
# (rare useful)
#delegation_by_client_required=true
</pre></div>

</li><li> Credentials configuration

<p>This section details configuration parameters for defining a program&rsquo;s
credentials. Depending on the mechanisms used for the transport and
authentication layers, the credentials configuration section may define
configuration only for one transport mechanism and/or one
authentication mechanism.
</p>
<div class="smallexample">
<pre class="smallexample">#[my_credentials]
#
# TLS protected transport mechanism used as transport mechanism
#transport_credentials_type=tls
#
# Connection method. Available methods: tls1, ssl3, ssl2
#tls.method=tls1
#
# Certificate file name
#tls.certificate_file=my.crt
#
# Certificate chain file name
#tls.certificate_chain_file=
#
# Private key file name
#tls.private_key_file=my.key
#
# Name of file, at which CA certificates for verification purposes are
#located
#tls.certificate_authority_file=root.crt
#
# Name of directory, at which CA certificates for verification
#purposes are
# located
#tls.certificate_authority_path=
#
# List of available ciphers
#tls.ciphers=ALL
#
# Verify peer certificate
#tls.verify_peer=true
#
# Fail if client don't provide ceritificate (server only)
#tls.verify_fail_if_no_peer_certificate=true
#
# GSSUP (user/password) mechanism as authentication mechanism
#authentication_credentials_type=gssup
#
# User name
#gssup.username=username@domain
#
# User password
#gssup.password=password
#
# Target name for which user/password pair is applicable
#gssup.target_name=@domain
</pre></div>

</li><li> POA configuration

<p>This section details configuration parameters for defining security
characteristics of objects managed by POA. The POA&rsquo;s name is used as
the section name.
</p>
<div class="smallexample">
<pre class="smallexample">#[MySecurePOA]
#
# Unprotected invocations is allowed
#unprotected_invocation_allowed=true
#
# Section name for configuration of used protected transport mechanism
#(if any)
#transport_mechanism=tlsiop
#
# Section name for configuration of used authentication mechanism (if
#any)
#authentication_mechanism=my_gssup
#
# Target require client authentication at authentication layer (in
#addition
# to authentication at transport layer)
#authentication_required=true
#
# Name of file for backward trust evalutation rules
#backward_trust_rules_file=file.btr
#
# Section name for configuration of authorization tokens authority
#privilege_authorities=
</pre></div>

</li><li> TLS protected transport mechanism configuration

<p>This section details configuration parameters for the TLS protected
transport mechanism. The section name for mechanism configuration is
defined in the POA configuration.
</p>
<div class="smallexample">
<pre class="smallexample">[tlsiop]
# List of access points
#addresses=127.0.0.1:3456
</pre></div>

</li><li> GSSUP authentication mechanism

<p>This section details configuration parameters for the GSSUP
authentication mechanism. The section name for mechanism configuration
is defined in the POA configuration.
</p>
<div class="smallexample">
<pre class="smallexample">#[my_gssup]
#
# Authentication mechanism
#mechanism=gssup
#
# Target name
#gssup.target_name=@domain
#
# User name/password mapping file
#gssup.passwd_file=passwd.pwd
</pre></div>
</li></ol>

<hr>
<div class="header">
<p>
Next: <a href="Command-line-arguments.html#Command-line-arguments" accesskey="n" rel="next">Command line arguments</a>, Previous: <a href="Configuring-GIOP-protocol-stack-for-PolyORB.html#Configuring-GIOP-protocol-stack-for-PolyORB" accesskey="p" rel="prev">Configuring GIOP protocol stack for PolyORB</a>, Up: <a href="Configuring-a-CORBA-application.html#Configuring-a-CORBA-application" accesskey="u" rel="up">Configuring a CORBA application</a> &nbsp; [<a href="About-This-Guide.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>][<a href="Index.html#Index" title="Index" rel="index">Index</a>]</p>
</div>



</body>
</html>

APT Browse - Built by Thomas Orozco.