1,126
edits
Difference between revisions of "ars.ini"
→Unlisted CMOD Configuration Parameters
(Added IBM CMOD ars.ini parameter SRVR_FLAGS_SECURITY_EXIT.) |
|||
| Line 79: | Line 79: | ||
: This is the flag to enable the Content Manager OnDemand User Security Exit. The IBM CMOD Security Exit, <code> arsusec</code> is used to extend and customize user authentication in CM OnDemand. When set to 1, CMOD will call the user exit when a user connects to CMOD and attempts to authenticate. <code> arsusec</code> is normally used for providing alternate authentication methods to OnDemand, like Single Sign On ("SSO") and in previous versions, Lightweight Directory Access Protocol ("LDAP"). | : This is the flag to enable the Content Manager OnDemand User Security Exit. The IBM CMOD Security Exit, <code> arsusec</code> is used to extend and customize user authentication in CM OnDemand. When set to 1, CMOD will call the user exit when a user connects to CMOD and attempts to authenticate. <code> arsusec</code> is normally used for providing alternate authentication methods to OnDemand, like Single Sign On ("SSO") and in previous versions, Lightweight Directory Access Protocol ("LDAP"). | ||
: When enabled, the compiled <code> arsusec</code> binary must be located in the 'exits' directory under the 'bin' directory in your IBM CMOD installation directory, for example, <code> /opt/IBM/ondemand/V9.5/bin/exits</code>. If the parameter is enabled, and the <code> arsusec</code> compiled binary is missing from the 'exits' directory, the server may be unable to start, and cause <code> arssockd </code> to report a [[Unable_to_determine_the_database_engine|ARS4013E - Unable to determine the database engine]] error. | : When enabled, the compiled <code> arsusec</code> binary must be located in the 'exits' directory under the 'bin' directory in your IBM CMOD installation directory, for example, <code> /opt/IBM/ondemand/V9.5/bin/exits</code>. If the parameter is enabled, and the <code> arsusec</code> compiled binary is missing from the 'exits' directory, the server may be unable to start, and cause <code> arssockd </code> to report a [[Unable_to_determine_the_database_engine|ARS4013E - Unable to determine the database engine]] error. | ||
;ARSSOCK_STRICT_SHA2_ONLY_CERTS | |||
: When set to '1', this flag instructs Content Manager OnDemand to only allow certificates that use the SHA2 hashing method in CMOD server certificates. This increases security, as certificates signed with SHA1 are considered vulnerable to 'collision' attacks, and as a result, are not secure. | |||
== Related Articles == | == Related Articles == | ||
[https://www.ibm.com/support/knowledgecenter/SSEPCD_9.5.0/com.ibm.ondemand.installmp.doc/dodso059.htm LDAP Messages File] | [https://www.ibm.com/support/knowledgecenter/SSEPCD_9.5.0/com.ibm.ondemand.installmp.doc/dodso059.htm LDAP Messages File] | ||