Restricting IBM Director Console sessions

This topic describes how to modify the TWGServer.prop and TWGConsole.prop files to specify the port used by IBM Director Console sessions and the specific cipher suites to be used.

If you installed IBM Director Server and IBM Director Console in the default location, these files are located in the following directories on the management server and management console:
For i5/OS /QIBM/UserData/Director/data/
For Linux /opt/ibm/director/data/
For Windows c:\Program Files\IBM\Director\data
c is the drive letter of the hard disk on which IBM Director is installed.

Complete the following steps:

  1. Using an ASCII text editor or the i5/OS™ Edit File (EDTF) command, open the TWGServer.prop file.
  2. Modify the file so that it contains the following properties:
    twg.gateway.link.1=com.tivoli.twg.libs.TWGSSLLink
    twg.gateway.link.1.initparm=port_number -cipherSuites cipher_suite

    port_number is the port and cipher_suite is the cipher suite.

    Note: Separate multiple cipher suites with a comma; do not add a space after the comma.
  3. Save and close the TWGServer.prop file.
  4. Stop and restart IBM Director Server.
  5. Using an ASCII text editor or the i5/OS Edit File (EDTF) command, open TWGConsole.prop file.
  6. Modify the TWGConsole.prop file so that it contains the same properties as the TWGServer.prop file that you modified in step 2.
  7. Save and close the TWGConsole.prop file.
  8. Stop and restart IBM Director Console.
  9. (Management servers running Linux or Windows) Copy a cacerts file to the following directory on the management server and name it cacerts.ssl:
    For Linux /opt/ibm/director/data
    For Windows c:\Program Files\IBM\director\data
  10. You can find an existing cacerts file in the following directory:
    For Linux /opt/ibm/director/jre/lib/security
    For Windows c:\Program Files\IBM\director\jre\lib\security
  11. Import the applicable Rivest-Shamir-Adleman (RSA) or Secure Hash Algorithm (SHA) certificate into the cacerts.ssl file. You can use the keytool program located in one of the following directories:
    For Linux /opt/ibm/director/jre/bin
    For Windows c:\Program Files\IBM\Director\jre\bin

    To establish an SSL session without importing an RSA or SHA certificate, use an anonymous cipher suite.

Table of Contents

(C) Copyright IBM Corporation 1999,2005. All Rights Reserved.