Securing a managed system manually

This topic describes how to secure a managed system manually.

Use this procedure in the following situations:
  • You suspect that a rogue management server was introduced into an IBM Director environment before all managed systems were secured, and you want to resolve any possible security risks.
  • You want to establish trust relationships between a managed system and multiple management servers.
You can use this procedure to secure either an unsecured or secured system. You also can automate this procedure by using logon scripts or other automated execution mechanisms.

Complete the following steps to secure a managed system manually:

  1. If you have not done so already, install and start IBM Director Server. IBM Director Server creates a dsa*.pub and dsa*.pvt file, as well as a secin.ini file set to secure.
    Note: The secin.ini file only exists for Windows platforms.
  2. Copy the dsa*.pub and secin.ini files to a file server or other accessible location.
    Note: If you want to authorize more than one IBM Director Server to manage a system, copy the dsa*.pub files from each. Only one copy of secin.ini is necessary.
  3. If IBM Director Agent installed on the managed system has not been started yet, go to step 5. Otherwise, stop IBM Director Agent. From a command prompt, type the following command and press Enter:
    Operating system Command
    i5/OS /qibm/userdata/director/bin/twgend
    Linux /opt/IBM/director/twgstop
    NetWare unload twgipc
    Windows net stop twgipc
  4. Delete all existing dsa*.pub files from the managed system.
  5. Place the dsa*.pub and secin.ini files (that you copied in step 2) into one of the following directories:
    Operating system Directory
    i5/OS /QIBM/UserData/Director/data
    Linux /opt/ibm/director/data
    NetWare c:\IBM\Director
    Windows c:\Program Files\IBM\director\data
    c is the hard disk where IBM Director Agent is installed, and IBM Director Agent is installed in the default directory.
  6. To restart IBM Director Agent, type one of the following commands and press Enter:
    Operating system Command
    i5/OS /qibm/userdata/director/bin/twstart
    Linux /opt/IBM/director/twgstart
    NetWare load twgipc
    Windows net start twgipc
After IBM Director Agent starts, the managed system is secure; it permits only authorized IBM Director Servers (that is, the ones whose dsa*.pub file you copied to the managed system) to manage it.

Table of Contents

(C) Copyright IBM Corporation 1999,2005. All Rights Reserved.