Line: 1 to 1 | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
Deleted: | ||||||||
< < | ||||||||
APPX Login Manager For Unix/LinuxThis page describes how to install the APPX Login Manager command and how to use it to install, configure, and manage APPX Login Services on Unix/Linux systems. | ||||||||
Line: 268 to 267 | ||||||||
disabled - APPX clients may only request a plain text connection -TrustedCAFile=CAFILENAME | ||||||||
Changed: | ||||||||
< < | This option identifies the pathname of the file that identifies which client certificates to trust. | |||||||
> > | This option identifies the pathname of the file that identifies which client certificates to trust (leave blank if client certificates are not required). | |||||||
-ServerCertificateFile=CERTFILENAME
This option identifies the pathname of the server's X509 certificate (leave blank for anonymous connections). | ||||||||
Line: 544 to 543 | ||||||||
Red Hat service command. | ||||||||
Added: | ||||||||
> > |
| |||||||
Changed: | ||||||||
< < | Usage: service appxd-8060 {start|stop|status|reload|restart}
013) (Cosmetic) Redundant redundant redundantdata data data. A minimal install produces three warning statements as documented below: [root@APPX4.30TestBox tools]# ./appxLoginMgr -install -port=8060 Warning - the engine that you named has the setuid bit enabled, you may not want that bit set for the authentication method that you have chosen (OS-User) To turn off the setuid bit, chmod u-s ../appx Configuration written to: appxd-7777.ini Environment written to: appxd-7777.env Service script written to: /etc/init.d/appxd-8060 Configuration complete Registering service Starting appxd-8060: serviceName: appxd-8060 servicePath: /usr/local/appx/tools/ Looking for config file in appxd-8060.ini Warning - the engine that you named has the setuid bit enabled, | |||||||
> > | service [serviceName] [start|stop|restart|status] | |||||||
Changed: | ||||||||
< < | you may not want that bit set for the authentication | |||||||
> > | Examples:How to create private/public-keys without passphrase for serverExample of appxLoginMgr parameter to identify private key:ServerPrivateKeyFile =/usr/local/appx/tools/tubes.internal.appx.com.private.key | |||||||
Changed: | ||||||||
< < | method that you have chosen (OS-User) | |||||||
> > | Example of openssl command to create private key:
openssl genrsa -out tubes.internal.appx.com.private.key 1024 How to create public SSL certificate for serverExample of appxLoginMgr parameter to identify SSL certificate:ServerCertificateFile =/usr/local/appx/tools/tubes.internal.appx.com.crt | |||||||
Changed: | ||||||||
< < | To turn off the setuid bit, chmod u-s ../appx | |||||||
> > | Example of openssl command to create SSL certificate:
openssl req -new -days 365 -key tubes.internal.appx.com.private.key -x509 -out tubes.internal.appx.com.crt Warnings:"the engine that you named has the setuid bit enabled" | |||||||
Changed: | ||||||||
< < | Writing process ID to /var/run/appxd-7777.pid | |||||||
> > | This warning message is displayed when you start a service and the engine specified for AppxExecutable has the setuid bit set. | |||||||
Changed: | ||||||||
< < | running as process 12156 servicing port 8060 | |||||||
> > | When launching an APPX session, the APPX Login Manager sets the real user ID and the effective user ID of the APPX session based on the value specified for the ImpersonateUser parameter. If the engine has the setuid bit set, then the effective user of the APPX session will be changed by the operating system to be the owner of the APPX engine and the APPX session will run with the permissions of that user. | |||||||
Added: | ||||||||
> > | ||||||||
Warning - the engine that you named has the setuid bit enabled, | ||||||||
Deleted: | ||||||||
< < | ||||||||
you may not want that bit set for the authentication | ||||||||
Deleted: | ||||||||
< < | ||||||||
method that you have chosen (OS-User) | ||||||||
Deleted: | ||||||||
< < | ||||||||
To turn off the setuid bit, chmod u-s ../appx | ||||||||
Added: | ||||||||
> > | ||||||||
Changed: | ||||||||
< < | up and running (process 12156 servicing port 8060)
Installation Complete
[root@APPX4.30TestBox tools]#
014) (Suggestion) Warn users not to moveconfiguration files. We should probably warn via screen notice on service creation, and document inside the .ini and .env files that if the .ini, .env and appxLoginMgr/appxAuditLogger are move or renamed, then the /etc/init.d system startup script will fail to work. The /etc/inid.d/appxd-8060 startup script references by name and path the .ini, .env, and appxLoginMgr/appxAuditLogger files.Suggested Behavior changes: | |||||||
> > | Issues:
Enhancement Suggestons: | |||||||
| ||||||||
Changed: | ||||||||
< < |
| |||||||
> > |
| |||||||
| ||||||||
Line: 629 to 611 | ||||||||
| ||||||||
Changed: | ||||||||
< < | Issues:
RequireSSL - Not Implemented. Do not Use.
RequireSSLClientCertificates
ServerCertificateFile - This is the server's SSL public certificate
ServerPrivateKeyFile - This is the server's SSL private server key
ServerPrivateKeyPassphrase
SSLMode
TrustedCAFile = #determines which client certificates to trustHow to create a server's SSL private server key and server's SSL public certificate from the Unix/Linux command line with the openssl tool.Create new private/public-keys without passphrase for server*openssl genrsa -out tubes.internal.appx.com.private.key 1024* Create server's SSL public certificate*openssl req -new -days 365 -key tubes.internal.appx.com.private.key -x509 -out tubes.internal.appx.com.crt* Limitations: | |||||||
> > |
| |||||||
Comments:Read what other users have said about this page or add your own comments. |