Caché Installation Guide - InterSystems Documentation
Caché Installation Guide - InterSystems Documentation
Caché Installation Guide - InterSystems Documentation
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Preparing for <strong>Caché</strong> Advanced Security<br />
On OpenVMS, the file is cache.keytab and is located in the manager’s directory.<br />
• It is owned by the user that owns the <strong>Caché</strong> installation and the group cacheusr.<br />
• On UNIX and Mac, its permissions are 640; on OpenVMS, its permissions are<br />
[S:RWD,O:RWD,G:R,W:].<br />
D.1.7 Testing Kerberos KDC Functions<br />
When using Kerberos in a system of only non-Windows servers and clients, it is simplest to use a<br />
native UNIX-based or OpenVMS KDC rather than a Windows domain controller. (Tru64 UNIX,<br />
however, can only use the Windows domain controller for KDC functionality.) Consult the vendor<br />
documentation on how to install and configure the KDC; these are usually tasks for your system<br />
administrator or system manager.<br />
When installing Kerberos, there are two sets of software to install:<br />
• The KDC, which goes on the Kerberos server machine.<br />
• There also may be client software, which goes on all machines hosting Kerberos clients. This set<br />
of software can vary widely by operating system. Consult your operating system vendor documentation<br />
for what client software exists and how to install it.<br />
After installing the required Kerberos software, you can perform a simple test using the kadmin, kinit,<br />
and klist commands to add a user principal to the Kerberos database, obtain a TGT (ticket-granting<br />
ticket) for this user, and list the TGT.<br />
Once you successfully complete a test to validate that Kerberos is able to provide tickets for registered<br />
principals, you are ready to install <strong>Caché</strong>.<br />
D.2 Initial <strong>Caché</strong> Security Settings<br />
During installation, there is a prompt for one of three sets of initial security settings: Minimal, Normal,<br />
and Locked Down. This selection determines the initial authorization configuration settings for <strong>Caché</strong><br />
services and security, as shown in the following sections:<br />
• Initial User Security Settings<br />
• Initial Service Properties<br />
If you select Normal or Locked Down for your initial security setting, you must provide additional<br />
account information to the installation procedure. If you are using Kerberos authentication, you must<br />
select Normal or Locked Down mode. See the User Account Configuration section for details.<br />
116 <strong>Caché</strong> <strong>Installation</strong> <strong>Guide</strong>