Difference between revisions of "ars.ini"

Jump to navigation Jump to search

ars.ini (view source)

Revision as of 20:30, 20 November 2024

487 bytes added ,  20:30, 20 November 2024
→‎Unlisted CMOD Configuration Parameters
m (Updated version number to CMOD v10.5.)
 
Line 76: Line 76:


== Unlisted CMOD Configuration Parameters ==
== Unlisted CMOD Configuration Parameters ==
;SRVR_FLAGS_SECURITY_EXIT
: This is the flag to enable the Content Manager OnDemand User Security Exit.  The IBM CMOD Security Exit, <code> arsusec</code> is used to extend and customize user authentication in CM OnDemand.  When set to 1, CMOD will call the user exit when a user connects to CMOD and attempts to authenticate.  <code> arsusec</code> is normally used for providing alternate authentication methods to OnDemand, like Single Sign On ("SSO") and in previous versions, Lightweight Directory Access Protocol ("LDAP").
: When enabled, the compiled <code> arsusec</code> binary must be located in the 'exits' directory under the 'bin' directory in your IBM CMOD installation directory, for example, <code> /opt/IBM/ondemand/V9.5/bin/exits</code>.  If the parameter is enabled, and the <code> arsusec</code> compiled binary is missing from the 'exits' directory, the server may be unable to start, and cause <code> arssockd </code> to report a [[Unable_to_determine_the_database_engine|ARS4013E - Unable to determine the database engine]] error.
;ARSSOCK_TLSV12_ONLY
;ARSSOCK_TLSV12_ONLY
: When set to '1', this parameter disables all prior levels of TLS - improving security by disabling older, less secure cryptographic methods.
: When set to '1', this parameter disables all prior levels of TLS - improving security by disabling older, less secure cryptographic methods.
Line 90: Line 86:
:The default is for CMOD to start up with FIPS compliance enabled.   
:The default is for CMOD to start up with FIPS compliance enabled.   
:If you are trying to upgrade to TLS v1.3, you need to disable FIPS support with <code>ARSSOCK_FIPS=0</code>.
:If you are trying to upgrade to TLS v1.3, you need to disable FIPS support with <code>ARSSOCK_FIPS=0</code>.
;SRVR_FLAGS_SECURITY_EXIT
: This is the flag to enable the Content Manager OnDemand User Security Exit.  The IBM CMOD Security Exit, <code> arsusec</code> is used to extend and customize user authentication in CM OnDemand.  When set to 1, CMOD will call the user exit when a user connects to CMOD and attempts to authenticate.  <code> arsusec</code> is normally used for providing alternate authentication methods to OnDemand, like Single Sign On ("SSO") and in previous versions, Lightweight Directory Access Protocol ("LDAP").
: When enabled, the compiled <code> arsusec</code> binary must be located in the 'exits' directory under the 'bin' directory in your IBM CMOD installation directory, for example, <code> /opt/IBM/ondemand/V9.5/bin/exits</code>.  If the parameter is enabled, and the <code> arsusec</code> compiled binary is missing from the 'exits' directory, the server may be unable to start, and cause <code> arssockd </code> to report a [[Unable_to_determine_the_database_engine|ARS4013E - Unable to determine the database engine]] error.
;SRVR_OD_STASH
: Specifies the location of the Content Manager OnDemand Server's configuration stash file - passwords for DB2, LDAP, Oracle, ZooKeeper, etc.
: This parameter should contain the FULL path to the stash file:  <code>SRVR_OD_STASH=/opt/ibm/ondemand/V10.5/ars.stash</code>
: NOTE:  For security, this file should be protected at the filesystem level with very restrictive permissions:  <code> chmod 600 ars.stash</code> &nbsp; to prevent the password data from being leaked.


== Related Articles ==
== Related Articles ==


[https://www.ibm.com/docs/en/cmofm/10.5.0?topic=services-configuring-arsldapini-file LDAP Configuration File]
[https://www.ibm.com/docs/en/cmofm/10.5.0?topic=services-configuring-arsldapini-file LDAP Configuration File]
Retrieved from "https://CMOD.wiki/index.php?title=Special:MobileDiff/1138"

Navigation menu