This chapter takes you through the VMS Authentication Manager (VAM) product installation procedure and certain post-installation tasks. It is for the OpenVMS system manager, administrator, or technician responsible for product installation.
To prepare for installation, see Chapter 1, Before You Begin.
Note! Once you have installed VAM, you need to reinstall it after you have done a major OpenVMS upgrade.
To install VAM:
1 Load the software.
2 Run the VMSINSTAL procedure.
3 Install other products, if needed, and perform post-installation tasks.
VAM is downloaded from the Process Software FTP site. Information on downloading the software will be supplied to users by Process Software.
The VAM software must be installed from the system manager’s account.
If you install VAM on a VMS cluster that has a common system disk, install the software on only one node in the cluster. Be sure to configure VAM on all systems in a VMS cluster that has a common system disk, even though it only needs to be installed once.
VMSINSTAL is the OpenVMS installation program for layered products. VMSINSTAL prompts you for any information it needs. Table 2-1 shows the steps to follow.
|
Step |
For this task... |
Enter this response... |
|
1 |
Make sure that you are logged in to the system manager’s account, and invoke VMSINSTAL |
@SYS$UPDATE:VMSINSTAL |
|
2 |
Determine if you are satisfied with your system disk backup |
Return or Y (Yes) or N (No) |
|
3 |
Determine where the distribution volumes will be mounted |
The disk (and directory) where you want the software to be mounted. |
|
4 |
Enter the products you want processed from the first distribution volume set |
VAM020 |
|
5 |
Enter the installation options you wish to use (such as obtaining the Release Notes) |
Return for no options or N for Release Notes. |
|
6 |
Specify the device where you want the files installed. |
Return if accepting default of SYS$SYSDEVICE: |
$ @sys$update:vmsinstal vam020 dka600:
OpenVMS Software Product Installation Procedure V8.2
It is 16-NOV-2006 at 14:09.
Enter a question mark (?) at any time for help.
%VMSINSTAL-W-NOTSYSTEM, You are not logged in to the SYSTEM account.
%VMSINSTAL-W-ACTIVE, The following processes are still active:
DECW$SERVER_0
DECW$TE_043B
* Do you want to continue anyway [NO]? y
* Are you satisfied with the backup of your system disk [YES]?
The following products will be processed:
VAM V2.0
Beginning installation of VAM V2.0 at 14:09
%VMSINSTAL-I-RESTORE, Restoring product save set A ...
VMS Authentication Module (R)
ALL RIGHTS RESERVED UNDER THE COPYRIGHT LAWS OF THE UNITED STATES
This licensed material is the valuable property of Process Software.
Its use, duplication, or disclosure is subject to the restrictions set
forth in the License Agreement.
Other use, duplication or disclosure, unless expressly provided for in
the license agreement, is unlawful.
* What device do you want to install VMS Authentication Module on [SYS$SYSDEVICE:]:
* Do you want to purge files replaced by this installation [YES]?
The installation will now proceed with no further questions.
*******************************************************************
To complete this installation, you must refer to the documentation
and the Release Notes for post-installation instructions.
*******************************************************************
%VMSINSTAL-I-MOVEFILES, Files will now be moved to their target directories...
Installation of VAM V2.0 completed at 14:09
Adding history entry in VMI$ROOT:[SYSUPD]VMSINSTAL.HISTORY
Creating installation data file: VMI$ROOT:[SYSUPD]VAM010.VMI_DATA
VMSINSTAL procedure done at 14:10
No special preparation is required after installing VAM on one node of a VMScluster with a common system disk.
VAM has no files which can be shared between cluster systems of different architectures.
The following sections describe the post-installation setup required to enable the various forms of authentication. Specific configuration of the authentication methods (e.g., LDAP) are covered in subsequent chapters
For both the VAM callable module and the VAM OpenVMS LOGINOUT callouts, the file VAM:VAM_CONFIG.TEMPLATE must be copied (if it doesn’t already exist) to VAM:VAM_CONFIG.DAT. This file contains the configurable options for VAM, and may be edited as needed by the system manager.
The following files must have at least the the following protection and ownership. Failure to have these protections will result in authentication attempts failing. Note that the SECURID file is created automatically with these protections.
VAM_CONFIG.DAT [SYSTEM] (RWED,RWED,,)
SECURID. [SYSTEM] (R,R,,)
SDCONF.REC [SYSTEM] (RWED,RWED,,)
To use the VAM callable module, the system manager must add the line
@<install_device>:[VAM]VAM_STARTUP
to the SYSTARTUP_VMS.COM file.
Beyond that, no further configuration on the client system is required.
The user will be responsible for using the provided VAM API to integrate VAM into the desired application(s).
The OpenVMS system requires further configuration to enable the LOGINOUT callouts.
• Edit VAM:VAM_CONFIG.DAT and set the appropriate configuration keywords as desired.
• The dynamic SYSGEN parameter LGI_CALLOUTS must be set to "1":
• Next, the system manager must determine which authentication methods (LDAP and/or SecurID) users are to be required to use. See chapters 3 and 4 for information on configuring the LGI callouts for these methods.
Note! Including the LGI parameter on the VAM_STARTUP command line will enable both the VAM LGI callouts and the VAM callable module.
The following keywords, found in VAM:CONFIG.DAT, are used to control access using the OpenVMS LOGINOUT callouts.
LGI_AUTH_METHODS
Contains a priority-ordered list of the authentication methods to be used. For example, "LDAP,SECURID" will cause the VAM LGI interface to attempt first LDAP and then SECURID authentication when called.
FALLTHROUGH_TO_VMS
If set to 1, allows VAM to fall through to using normal VMS authentication if the SecurID and/or LDAP servers are all unreachable.
These logical names are defined on all VAM systems. They are defined in VAM:VAM_SPECIFIC_STARTUP.COM when the VAM_STARTUP command procedure is executed.
VAM
This logical points to the <install_device>:[VAM] directory.
VAM_ROOT
This logical points to <install_device>:[VAM.]. It may be used, for example, to specify the log file directory: VAM_ROOT:[LOG].
The following logical names are used to affect logging for the VAM software. The logicals are located in the VAM_SPECIFIC_STARTUP command procedure and are normally commented out. This logging is used to debug VAM installations, and should generally be used only when recommended by Process Software.
VAM_LOGFILE
This logical determines the location and name of the file used to log VAM transactions and errors.
VAM_CURRENT_TRACE_LEVEL
This logical determines the level of detail in the VAM log. The level is a combination of the following bit masks:
TRACE_EXECUTION (1) - traces general steps the VAM module is performing.
TRACE_EXECUTION_DEEP (2) - verbose tracking of the VAM module processing.
TRACE_INFO (4) - Tracks informational messages generated by the VAM module
TRACE_ERROR (8) - Logs errors encountered by the VAM module
