CSP Gateway Configuration Guide - InterSystems Documentation
CSP Gateway Configuration Guide - InterSystems Documentation
CSP Gateway Configuration Guide - InterSystems Documentation
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>CSP</strong> <strong>Gateway</strong> Operation and <strong>Configuration</strong><br />
modify data at will. This is distinct from authenticating individual users to a <strong>CSP</strong> application. The <strong>CSP</strong> <strong>Gateway</strong>'s Caché<br />
username and password, Windows network credentials, or UNIX® Kerberos key table should never be used by ordinary<br />
users.<br />
2.2.1 <strong>Gateway</strong> Security Parameters<br />
Maintain the following security parameters using the <strong>CSP</strong> <strong>Gateway</strong> Web Management application. Under the <strong>Configuration</strong><br />
section, click Server Access and choose to edit, copy, or add a server. The Connection Security section has the following<br />
settings:<br />
• Connection Security Level — Choice of:<br />
– Password<br />
– Kerberos<br />
– Kerberos with packet integrity<br />
– Kerberos with encryption<br />
• User Name<br />
• Password<br />
• Product— Choice of:<br />
– Caché<br />
– Ensemble<br />
• Service Principal Name<br />
• Key Table<br />
2.2.2 Minimal Connection Security<br />
In Minimal Connection Security, the Connection Security Level is set to Password and the User Name and Password fields<br />
are left empty.<br />
In this mode, there is a minimal level of security applied to the connection between the <strong>Gateway</strong> and Caché. This mode of<br />
operation is the default scenario if an older version of the <strong>Gateway</strong> is used (that is, an installation without the additional<br />
security parameters). It is also the mode of operation if a newer <strong>Gateway</strong> is used to connect to an earlier version of Caché<br />
(pre version 5.1).<br />
If this mode of operation, ensure that the <strong>CSP</strong> service (%Service_<strong>CSP</strong>) together with the user name under which it<br />
operates (for example, <strong>CSP</strong>System) is not expecting any form of authentication.<br />
2.2.3 Simple Username- and Password-based Authentication<br />
In Username- and Password-based Authentication, the Connection Security Level is set to Password and the User Name<br />
and Password fields are applied.<br />
This is the simplest form of authentication that can be applied between the <strong>Gateway</strong> and Caché.<br />
It should be remembered that Caché passwords are a weak form of authentication since they must be sent over the network<br />
as plain text for authentication in Caché. Network sniffing is easy to do and can be used to reveal these passwords. Passwords<br />
used in this configuration option must be held in the <strong>Gateway</strong> configuration file (<strong>CSP</strong>.ini) in accordance with the following<br />
guidelines.<br />
28 <strong>CSP</strong> <strong>Gateway</strong> <strong>Configuration</strong> <strong>Guide</strong>