Caché Installation Guide - InterSystems Documentation

More documents

Recommendations

Info

Preparing for Caché Advanced Security On OpenVMS, the file is cache.keytab and is located in the manager’s directory. • It is owned by the user that owns the Caché installation and the group cacheusr. • On UNIX and Mac, its permissions are 640; on OpenVMS, its permissions are [S:RWD,O:RWD,G:R,W:]. D.1.7 Testing Kerberos KDC Functions When using Kerberos in a system of only non-Windows servers and clients, it is simplest to use a native UNIX-based or OpenVMS KDC rather than a Windows domain controller. (Tru64 UNIX, however, can only use the Windows domain controller for KDC functionality.) Consult the vendor documentation on how to install and configure the KDC; these are usually tasks for your system administrator or system manager. When installing Kerberos, there are two sets of software to install: • The KDC, which goes on the Kerberos server machine. • There also may be client software, which goes on all machines hosting Kerberos clients. This set of software can vary widely by operating system. Consult your operating system vendor documentation for what client software exists and how to install it. After installing the required Kerberos software, you can perform a simple test using the kadmin, kinit, and klist commands to add a user principal to the Kerberos database, obtain a TGT (ticket-granting ticket) for this user, and list the TGT. Once you successfully complete a test to validate that Kerberos is able to provide tickets for registered principals, you are ready to install Caché. D.2 Initial Caché Security Settings During installation, there is a prompt for one of three sets of initial security settings: Minimal, Normal, and Locked Down. This selection determines the initial authorization configuration settings for Caché services and security, as shown in the following sections: • Initial User Security Settings • Initial Service Properties If you select Normal or Locked Down for your initial security setting, you must provide additional account information to the installation procedure. If you are using Kerberos authentication, you must select Normal or Locked Down mode. See the User Account Configuration section for details. 116 Caché Installation Guide
Initial Caché Security Settings Important: If you are concerned about the visibility of data in memory images (often known as core dumps), see the section “Protecting Sensitive Data in Memory Images” in the “System Management and Security” chapter of the Caché Security Administration Guide. D.2.1 Initial User Security Settings The following tables show the user password requirements and settings for predefined users based on which security level you choose. Initial User Security Settings Security Setting Minimal Normal Locked Down Password Pattern 3.32ANP 3.32ANP 8.32ANP Inactive Limit 0 90 days 90 days Enable _SYSTEM User Yes Yes No Roles assigned to UnknownUser %All None None You can maintain both the password pattern and inactive limit values from the [Home] > [Security Management] > [System Security Settings] > [System-wide Security Parameters] page of the System Management Portal. See the System-wide Security Parameters section of the “System Management and Security” chapter of the Caché Security Administration Guide for more information. After installation, you can view and maintain the user settings at the [Home] > [Security Management] > [Users] page of the System Management Portal. D.2.1.1 Password Pattern When Caché is installed, it has a default set of password requirements. For locked-down installations, the initial requirement is that a password be from 8 to 32 characters, and can consist of alphanumeric characters or punctuation; the abbreviation for this is 8.32ANP. Otherwise, the initial requirement is that the password be from 3 to 32 characters, and can consist of alphanumeric characters or punctuation (3.32ANP). D.2.1.2 Inactive Limit This value is the number of days an account can be inactive before it is disabled. For minimal installations, the limit is set to 0 indicating that accounts are not disabled, no matter how long they are inactive. Normal and locked-down installations have the default limit of 90 days. Caché Installation Guide 117
Page 1 and 2:
Caché Installation Guide Version 2
Page 3 and 4:
Table of Contents About This Book .
Page 5 and 6:
5.1.2 Supported Platforms and Web S
Page 7:
List of Tables Components Installed
Page 10 and 11:
About This Book Default Caché Inst
Page 12 and 13:
Upgrading Caché You may upgrade di
Page 15 and 16:
2 Installing Caché on Microsoft Wi
Page 17 and 18:
If you are installing Caché from a
Page 19 and 20:
2. The DVD should autoload; if it d
Page 21 and 22:
Caché Installation Component Group
Page 23 and 24:
Caché Installation To perform a se
Page 25 and 26:
is part of a Windows cluster, you m
Page 27 and 28:
Caché Installation To perform a Ca
Page 29 and 30:
Post-installation Tasks 7. The Read
Page 31 and 32:
enable a previous Caché instance t
Page 33 and 34:
Special Considerations Locale optio
Page 35 and 36:
3 Installing Caché on OpenVMS This
Page 37 and 38:
Caché Installation 3.2.1 Transfer
Page 39 and 40:
Post-installation Tasks a. Owner of
Page 41 and 42:
1. Check if times in Caché and Ope
Page 43 and 44:
Special Considerations Note: This E
Page 45 and 46:
4 Installing Caché on UNIX and Lin
Page 47 and 48:
Caché Installation 4.2 Caché Inst
Page 49 and 50:
Caché Standard Installation DVD Mo
Page 51 and 52:
Caché Standard Installation The up
Page 53 and 54:
Caché Standard Installation CAUTIO
Page 55 and 56:
Caché Client Installation • Usin
Page 57 and 58:
Post-installation Tasks 4.6 Post-in
Page 59 and 60:
Special Considerations • Tru64 UN
Page 61 and 62:
Special Considerations Important: I
Page 63 and 64:
Special Considerations # ls -l /uni
Page 65:
Special Considerations zonecfg:test
Page 68 and 69:
Installing Caché on Mac 5.1.2 Supp
Page 70 and 71:
Installing Caché on Mac 8. For a c
Page 72 and 73:
Installing Caché on Mac 3. Follow
Page 75 and 76: A Calculating System Parameters for
Page 77 and 78: A.2 OpenVMS Page Organization OpenV
Page 79 and 80: OpenVMS Physical Memory Allocation
Page 81 and 82: How Caché Uses OpenVMS Memory A.4
Page 83 and 84: A.5.1 Determine Parameter Calculato
Page 85 and 86: Alternatively, you may run the Open
Page 87 and 88: OpenVMS System Parameter Values Ana
Page 89 and 90: The is the name of the section you
Page 91 and 92: B Calculating System Parameters for
Page 93 and 94: By default, Caché automatically al
Page 95 and 96: ‡ The 1024 KB number is approxima
Page 97 and 98: The 2-GB value is the total address
Page 99 and 100: Kernel Parameter SEMMNI SEMMNS SEMM
Page 101 and 102: Configure UNIX Kernel Parameters
Page 103 and 104: Configure UNIX Kernel Parameters IB
Page 105 and 106: The following table lists the tunab
Page 107 and 108: ash$ ulimit -a core file size (bloc
Page 109 and 110: The ZFS Intent Log (ZIL) is used du
Page 111: Configure UNIX Kernel Parameters #s
Page 114 and 115: Using the Caché Installation Param
Page 120 and 121: Preparing for Caché Advanced Secur
show all

Caché Installation Guide - InterSystems Documentation

Create successful ePaper yourself

Delete template?

Save as template?