Difference between revisions of "ars.ini"

← Older edit

ars.ini (view source)

Revision as of 20:30, 20 November 2024

487 bytes added , 20:30, 20 November 2024

→‎Unlisted CMOD Configuration Parameters

Jderrick

Bureaucrats, Administrators

1,126

edits

@@ Line 76: / Line 76: @@
 == Unlisted CMOD Configuration Parameters ==
-;SRVR_FLAGS_SECURITY_EXIT
-: This is the flag to enable the Content Manager OnDemand User Security Exit.  The IBM CMOD Security Exit, <code> arsusec</code> is used to extend and customize user authentication in CM OnDemand.  When set to 1, CMOD will call the user exit when a user connects to CMOD and attempts to authenticate.  <code> arsusec</code> is normally used for providing alternate authentication methods to OnDemand, like Single Sign On ("SSO") and in previous versions, Lightweight Directory Access Protocol ("LDAP").
-: When enabled, the compiled <code> arsusec</code> binary must be located in the 'exits' directory under the 'bin' directory in your IBM CMOD installation directory, for example, <code> /opt/IBM/ondemand/V9.5/bin/exits</code>.  If the parameter is enabled, and the <code> arsusec</code> compiled binary is missing from the 'exits' directory, the server may be unable to start, and cause <code> arssockd </code> to report a [[Unable_to_determine_the_database_engine|ARS4013E - Unable to determine the database engine]] error.
 ;ARSSOCK_TLSV12_ONLY
 : When set to '1', this parameter disables all prior levels of TLS - improving security by disabling older, less secure cryptographic methods.
@@ Line 90: / Line 86: @@
 :The default is for CMOD to start up with FIPS compliance enabled.
 :If you are trying to upgrade to TLS v1.3, you need to disable FIPS support with <code>ARSSOCK_FIPS=0</code>.
+;SRVR_FLAGS_SECURITY_EXIT
+: This is the flag to enable the Content Manager OnDemand User Security Exit.  The IBM CMOD Security Exit, <code> arsusec</code> is used to extend and customize user authentication in CM OnDemand.  When set to 1, CMOD will call the user exit when a user connects to CMOD and attempts to authenticate.  <code> arsusec</code> is normally used for providing alternate authentication methods to OnDemand, like Single Sign On ("SSO") and in previous versions, Lightweight Directory Access Protocol ("LDAP").
+: When enabled, the compiled <code> arsusec</code> binary must be located in the 'exits' directory under the 'bin' directory in your IBM CMOD installation directory, for example, <code> /opt/IBM/ondemand/V9.5/bin/exits</code>.  If the parameter is enabled, and the <code> arsusec</code> compiled binary is missing from the 'exits' directory, the server may be unable to start, and cause <code> arssockd </code> to report a [[Unable_to_determine_the_database_engine|ARS4013E - Unable to determine the database engine]] error.
+;SRVR_OD_STASH
+: Specifies the location of the Content Manager OnDemand Server's configuration stash file - passwords for DB2, LDAP, Oracle, ZooKeeper, etc.
+: This parameter should contain the FULL path to the stash file:  <code>SRVR_OD_STASH=/opt/ibm/ondemand/V10.5/ars.stash</code>
+: NOTE:  For security, this file should be protected at the filesystem level with very restrictive permissions:  <code> chmod 600 ars.stash</code> &nbsp; to prevent the password data from being leaked.
 == Related Articles ==
 [https://www.ibm.com/docs/en/cmofm/10.5.0?topic=services-configuring-arsldapini-file LDAP Configuration File]