Difference: APPXLoginManagerForUnixLinux (62 vs. 63)

Revision 632012-04-05 - BredaHennessy

Line: 1 to 1
 
META TOPICPARENT name="APPX500Features"

APPX Login Manager For Unix/Linux

Line: 24 to 24
 
  • User & Group Impersonation (Unix/Linux only)
  • SSL Support
    • Anonymous
Changed:
<
<
    • Server Certficates
>
>
    • Server Certificates
 
    • Client Certificates
  • Environment Specification
    • Inherit from service
Line: 89 to 89
 

Method 1 - The APPX Login Manager Command (appxLoginMgr)

The -modify command and the - replace command of the appxLoginMgr tool can be used to modify or replace a previously configured instance of the APPX Login Manager. These options update the existing APPX Login Manager daemon configuration files (ini and env) with the options specified. If you use this technique, the service will be automatically restarted for you, using the new settings. Note that when specifying variables on the command line, you must prefix them with a dash if you are referring to settings such as SSLmode, or without a dash if you are referring to environment variables, such as APPX_KEYMAP.

Method 2 - Text Editor

Changed:
<
<		A text editor can be used to directly edit the APPX Login Manager daemon configuration files (ini and env). The configuration files include comments to help you make the desired changes. If you use this method to modify an existing configuration, you should exercise care to ensure that the syntax is correct. The preferred method for modifying an APPX Login Manager daemon is with Medhod 1 above.
>
>		A text editor can be used to directly edit the APPX Login Manager daemon configuration files (ini and env). The configuration files include comments to help you make the desired changes. If you use this method to modify an existing configuration, you should exercise care to ensure that the syntax is correct. The preferred method for modifying an APPX Login Manager daemon is with Method 1 above.
 

Managing an APPX Login Manager Daemon

Two methods are available for managing an existing instance of the APPX Connection Service.

Line: 157 to 157
 

Configuration - Options

Options - General
Changed:
<
<		-name, -ServiceName=SERVICENAME
The ServiceName uniquely identifies an APPX connection service. When creating (installing) a connection service, the SERVICENAME value may be any string value that conforms to the rules for valid filenames on your server. If this option is omitted when a connection service is being created, the connection service will be created with a default ServiceName based on the following template: "appxd-" followed by the specified TCP/IP port number, e.g "appx-8060".
>
>		-name, -ServiceName=SERVICENAME
The ServiceName uniquely identifies an APPX connection service. When creating (installing) a connection service, the SERVICENAME value may be any string value that conforms to the rules for valid filenames on your server. If this option is omitted when a connection service is being created, the connection service will be created with a default ServiceName based on the following template: "appxd-" followed by the specified TCP/IP port number, e.g. "appx-8060".
  -DisplayName=DISPLAYNAME
The DisplayName is a "user-friendly" descriptive name for a connection service. The DISPLAYNAME value will appear in your system's Services control panel and will be displayed by the ps command. If you don't specify a DISPLAYNAME when a connection service is being created, the connection service will be created with a DISPLAYNAME based on the SERVICENAME.

-engine, -AppxExecutable={../appx, PATHNAME}

Changed:
<
<
This option identifies the PATHNAME of the APPX engine that is to be run when initiating an APPX session. The specified PATHNAME may be alsolute or it may be relative to directory in which the service configuration file (ini) for the connection service is located. If this option is not specified, the default PATHNAME of "../appx" is used to initiate an APPX session.
>
>
This option identifies the PATHNAME of the APPX engine that is to be run when initiating an APPX session. The specified PATHNAME may be absolute or it may be relative to directory in which the service configuration file (ini) for the connection service is located. If this option is not specified, the default PATHNAME of "../appx" is used to initiate an APPX session.
  -LogDirectory={/tmp, LOGDIR}
When the service is started, two log files are created in the LOGDIR directory - a connection service log file (.log) and a status file (.stat). Both log files have the same name as the ServiceName but one has a file extension of .log and the other has a file extension of .stat. If the LogDirectory option is not specified, the log files are created in the /tmp directory.
Line: 218 to 218
 

-Umask=FILECREATIONMASK

Changed:
<
<
When a file is created, the default permissions set by Unix/Linux are 666 (-rw-rw-rw-). When a directory is created, the default permissions set by Unix/Linux are 777 (drwxrwxrwx). If the umask option is specified, the FILECREATIONMASK value will modify the default permissions of files or directories that are created by the APPX session. The value of FILECREATIONMASK must be a decimal, hex, or octal number whose bits will be used to mask or turn off the corresonding bits of the default file creation permissions. For example, if you want files to be created with permissions of 644, the appropriate FILECREATIONMASK value would be 022 (octal). If you want files to be created with the default permissions of 666, the appropriate FILECREATIONMASK value would be 000 (octal). For more information on umask values, please refer to your Unix/Linux system documentation.
>
>
When a file is created, the default permissions set by Unix/Linux are 666 (-rw-rw-rw-). When a directory is created, the default permissions set by Unix/Linux are 777 (drwxrwxrwx). If the umask option is specified, the FILECREATIONMASK value will modify the default permissions of files or directories that are created by the APPX session. The value of FILECREATIONMASK must be a decimal, hex, or octal number whose bits will be used to mask or turn off the corresponding bits of the default file creation permissions. For example, if you want files to be created with permissions of 644, the appropriate FILECREATIONMASK value would be 022 (octal). If you want files to be created with the default permissions of 666, the appropriate FILECREATIONMASK value would be 000 (octal). For more information on umask values, please refer to your Unix/Linux system documentation.
  If the umask option is not set, files and directories that are created by the APPX session will be given the default permissions of the Service Owner. -IncludeSystemEnv={true, false}
Set this option to true if you want the APPX sessions which are initiated by the connection service to inherit the environment of the connection service.
Line: 254 to 254
 
This option is used to set the number of times that an APPX session is to attempt to contact a non-responsive APPX client before the APPX session should terminate.

-TCPKeepInterval={60, SECONDS}

Changed:
<
<
This option is used to set the number of seconds that an APPX session is to wait between attemps to contact a non-responsive APPX client.
>
>
This option is used to set the number of seconds that an APPX session is to wait between attempts to contact a non-responsive APPX client.
 
Options - SSL
Line: 273 to 273
 
This option identifies the pathname of the server's X509 certificate (leave blank for anonymous connections).

-ServerPrivateKeyFile=KEYFILENAME

Changed:
<
<
This option idenfies the pathname of server's private key file (unlocks the ServerCertificateFile).
>
>
This option identifies the pathname of server's private key file (unlocks the ServerCertificateFile).
  -RequireSSL={true, false}
This option is not needed and has not been implemented.
Line: 364 to 364
 # AppxProcessType = #startup process type for spawned engines AuthenticationMethod = OS-User #authentication method (OS-User, Appx-User, HT-User(filename)) DisplayName = Login-8430 #descriptive name
Changed:
<
<		ImpersonateGID = true #change effective grouo ID for spawned engines?
>
>		ImpersonateGID = true #change effective group ID for spawned engines?
 ImpersonateGroup = NamedGroup(appxgrp) #[LogonUser, NamedGroup(groupname), ServiceOwner] ImpersonateUID = true #change effective user ID for spawned engines? ImpersonateUser = NamedUser(appx) #[LogonUser, NamedUser(username), ServiceOwner]
Line: 588 to 588
 
  1. APPX_KEYMAP environment variable should be initialized upon default install options. Currently "appxLoginMgr -install -SockPort=8060" does not place APPX_KEYMAP into appxLoginMgr-8060.env.
  2. appxLoginMgr should create .ini and .env files in the tools subdirectory, and not in the current working directory.
  3. The appxLoginMgr -replace argument should require the -ServiceName option, and not assume ServiceName =appx-8060.
Changed:
<
<
  1. The requirements for use of -name argument seem inconsistant. Below are examples where + works, and - does not.
>
>
  1. The requirements for use of -name argument seem inconsistent. Below are examples where + works, and - does not.
 

    1. (-) ./appxLoginMgr -modify appx-8060 -TCPNodelay=false

    2. (+) ./appxLoginMgr -modify -name=appx-8060 -TCPNodelay=false
    3. (-)./appxLoginMgr -status
Line: 604 to 604
 
    1. (+) ./appxLoginMgr -status -name=8060

  2. Warn users not to move configuration files. A service script is created in the /etc/init.d system directory for each service installed by running the appxLoginMgr command. These scripts reference the corresponding service configuration files using a fully qualified absolute pathname. If you move the configuration files to another directory or rename them, the service scripts will no longer work. We should probably warn via screen notice on service creation, and document inside the .ini and .env files that if the .ini, .env and appxLoginMgr/appxAuditLogger are move or renamed, then the /etc/init.d system startup script will fail to work. The service scripts also reference the appxLoginMgr command using a fully qualified absolute pathname.

  3. RequireSSL is not a valid parameter and should be removed from the configuration file.

Changed:
<
<

  1. RequireSSLClientCertificates is not a valid parameter and should be removed from the configuratoin file.

>
>

  1. RequireSSLClientCertificates is not a valid parameter and should be removed from the configuration file.

 

  1. ServerPrivateKeyPassphrase is not a valid parameter and should be removed from the configuration file.

Comments:

View topic | History: r68 < r67 < r66 < r65 | More topic actions...
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback