This topic describes how to secure a managed system manually.
Use this procedure in the following situations:
- You suspect that a rogue management server was introduced into an IBM
Director environment before all managed systems were secured, and you want
to resolve any possible security risks.
- You want to establish trust relationships between a managed system and
multiple management servers.
You can use this procedure to secure either an unsecured or secured
system. You also can automate this procedure by using logon scripts or other
automated execution mechanisms.
Complete the following steps to secure
a managed system manually:
- If you have not done so already, install and start IBM Director
Server. IBM Director Server creates a dsa*.pub and dsa*.pvt file, as well
as a secin.ini file set to secure.
Note: The secin.ini
file only exists for Windows platforms.
- Copy the dsa*.pub and secin.ini files
to a file server or other accessible location.
Note: If you want
to authorize more than one IBM Director Server to manage a system, copy the
dsa*.pub files from each. Only one copy of secin.ini is necessary.
- If IBM Director Agent installed on the managed system has not been
started yet, go to step 5.
Otherwise, stop IBM Director Agent. From a command prompt, type the following
command and press Enter:
Operating system |
Command |
i5/OS |
/qibm/userdata/director/bin/twgend |
Linux |
/opt/IBM/director/twgstop |
NetWare |
unload twgipc |
Windows |
net stop twgipc |
- Delete all existing dsa*.pub files from the managed system.
- Place the dsa*.pub and secin.ini files
(that you copied in step 2)
into one of the following directories:
Operating system |
Directory |
i5/OS |
/QIBM/UserData/Director/data |
Linux |
/opt/ibm/director/data |
NetWare |
c:\IBM\Director |
Windows |
c:\Program Files\IBM\director\data |
c is the hard disk where IBM Director Agent is
installed, and IBM Director Agent is installed in the default directory.
- To restart IBM Director Agent, type one of the following commands
and press Enter:
Operating system |
Command |
i5/OS |
/qibm/userdata/director/bin/twstart |
Linux |
/opt/IBM/director/twgstart |
NetWare |
load twgipc |
Windows |
net start twgipc |
After IBM Director Agent starts, the managed system is secure; it
permits only authorized IBM Director Servers (that is, the ones whose
dsa*.pub file you copied to the managed system) to manage it.