VMS Authentication Module Administration and User's Guide

Previous Page TOC Index Next Page



Chapter 2

Installing and Configuring VAM

Introduction

This chapter takes you through the VMS Authentication Manager (VAM) product installation procedure and certain post-installation tasks. It is for the OpenVMS system manager, administrator, or technician responsible for product installation.

To prepare for installation, see Chapter 1, Before You Begin.

Note! Once you have installed VAM, you need to reinstall it after you have done a major OpenVMS upgrade.

To install VAM:

1 Load the software.

2 Run the VMSINSTAL procedure.

3 Install other products, if needed, and perform post-installation tasks.

Load the Software

VAM is downloaded from the Process Software FTP site. Information on downloading the software will be supplied to users by Process Software.

The VAM software must be installed from the system manager’s account.

If you install VAM on a VMS cluster that has a common system disk, install the software on only one node in the cluster. Be sure to configure VAM on all systems in a VMS cluster that has a common system disk, even though it only needs to be installed once.

Start VMSINSTAL

VMSINSTAL is the OpenVMS installation program for layered products. VMSINSTAL prompts you for any information it needs. Table 2-1 shows the steps to follow.

Table 2-1 Starting VMSINSTAL

Step

For this task...

Enter this response...

1

Make sure that you are logged in to the system manager’s account, and invoke VMSINSTAL

@SYS$UPDATE:VMSINSTAL

2

Determine if you are satisfied with your system disk backup

Return or Y (Yes) or N (No)

3

Determine where the distribution volumes will be mounted

The disk (and directory) where you want the software to be mounted.

4

Enter the products you want processed from the first distribution volume set

VAM020

5

Enter the installation options you wish to use (such as obtaining the Release Notes)

Return for no options or N for Release Notes.

6

Specify the device where you want the files installed.

Return if accepting default of SYS$SYSDEVICE:

Sample Installation

$ @sys$update:vmsinstal vam020 dka600:

       OpenVMS Software Product Installation Procedure V8.2

 

It is 16-NOV-2006 at 14:09.

 

Enter a question mark (?) at any time for help.

 

%VMSINSTAL-W-NOTSYSTEM, You are not logged in to the SYSTEM account.

%VMSINSTAL-W-ACTIVE, The following processes are still active:

       DECW$SERVER_0

       DECW$TE_043B

* Do you want to continue anyway [NO]? y

* Are you satisfied with the backup of your system disk [YES]?

 

 

The following products will be processed:

 

  VAM V2.0

 

         Beginning installation of VAM V2.0 at 14:09

 

%VMSINSTAL-I-RESTORE, Restoring product save set A ...

 

                   VMS Authentication Module (R)

 

ALL RIGHTS RESERVED UNDER THE COPYRIGHT LAWS OF THE UNITED STATES

 

This licensed material is the valuable property of Process Software.

Its use, duplication, or disclosure is subject to the restrictions set

forth in the License Agreement.

 

Other use, duplication or disclosure, unless expressly provided for in

the license agreement, is unlawful.

 

* What device do you want to install VMS Authentication Module on [SYS$SYSDEVICE:]:

 

* Do you want to purge files replaced by this installation [YES]?

 

The installation will now proceed with no further questions.

 

*******************************************************************

 

To complete this installation, you must refer to the documentation

and the Release Notes for post-installation instructions.

 

*******************************************************************

 

%VMSINSTAL-I-MOVEFILES, Files will now be moved to their target directories...

 

        Installation of VAM V2.0 completed at 14:09

 

    Adding history entry in VMI$ROOT:[SYSUPD]VMSINSTAL.HISTORY

 

    Creating installation data file: VMI$ROOT:[SYSUPD]VAM010.VMI_DATA

 

 

           VMSINSTAL procedure done at 14:10

$

Installing VAM for the First Time on a Common VMScluster System Disk

No special preparation is required after installing VAM on one node of a VMScluster with a common system disk.

Installing VAM on Mixed Platform Clusters

VAM has no files which can be shared between cluster systems of different architectures.

Post-Installation Steps

The following sections describe the post-installation setup required to enable the various forms of authentication. Specific configuration of the authentication methods (e.g., LDAP) are covered in subsequent chapters

For both the VAM callable module and the VAM OpenVMS LOGINOUT callouts, the file VAM:VAM_CONFIG.TEMPLATE must be copied (if it doesn’t already exist) to VAM:VAM_CONFIG.DAT. This file contains the configurable options for VAM, and may be edited as needed by the system manager.

Post-Installation File Protections

The following files must have at least the the following protection and ownership. Failure to have these protections will result in authentication attempts failing. Note that the SECURID file is created automatically with these protections.

VAM_CONFIG.DAT [SYSTEM] (RWED,RWED,,)
SECURID. [SYSTEM] (R,R,,)
SDCONF.REC [SYSTEM] (RWED,RWED,,)

Post-Installation Using the VAM Callable Module

To use the VAM callable module, the system manager must add the line

@<install_device>:[VAM]VAM_STARTUP

to the SYSTARTUP_VMS.COM file.

Beyond that, no further configuration on the client system is required.

The user will be responsible for using the provided VAM API to integrate VAM into the desired application(s).

Post-Installation Using the VAM OpenVMS LOGINOUT Callouts

The OpenVMS system requires further configuration to enable the LOGINOUT callouts.

Edit VAM:VAM_CONFIG.DAT and set the appropriate configuration keywords as desired.

The dynamic SYSGEN parameter LGI_CALLOUTS must be set to "1":

Next, the system manager must determine which authentication methods (LDAP and/or SecurID) users are to be required to use. See chapters 3 and 4 for information on configuring the LGI callouts for these methods.

Note! Including the LGI parameter on the VAM_STARTUP command line will enable both the VAM LGI callouts and the VAM callable module.

Configuration Keywords When Using LOGINOUT Callouts

The following keywords, found in VAM:CONFIG.DAT, are used to control access using the OpenVMS LOGINOUT callouts.

LGI_AUTH_METHODS

Contains a priority-ordered list of the authentication methods to be used. For example, "LDAP,SECURID" will cause the VAM LGI interface to attempt first LDAP and then SECURID authentication when called.

FALLTHROUGH_TO_VMS

If set to 1, allows VAM to fall through to using normal VMS authentication if the SecurID and/or LDAP servers are all unreachable.

General Logical Names

These logical names are defined on all VAM systems. They are defined in VAM:VAM_SPECIFIC_STARTUP.COM when the VAM_STARTUP command procedure is executed.

VAM

This logical points to the <install_device>:[VAM] directory.

VAM_ROOT

This logical points to <install_device>:[VAM.]. It may be used, for example, to specify the log file directory: VAM_ROOT:[LOG].

Logging Control Logicals

The following logical names are used to affect logging for the VAM software. The logicals are located in the VAM_SPECIFIC_STARTUP command procedure and are normally commented out. This logging is used to debug VAM installations, and should generally be used only when recommended by Process Software.

VAM_LOGFILE

This logical determines the location and name of the file used to log VAM transactions and errors.

VAM_CURRENT_TRACE_LEVEL

This logical determines the level of detail in the VAM log. The level is a combination of the following bit masks:

TRACE_EXECUTION (1) - traces general steps the VAM module is performing.

TRACE_EXECUTION_DEEP (2) - verbose tracking of the VAM module processing.

TRACE_INFO (4) - Tracks informational messages generated by the VAM module

TRACE_ERROR (8) - Logs errors encountered by the VAM module

Previous Page Page Top TOC Index Next Page