Security within the server is controlled using policies that can be configured. Policies can only be set by an operator with administrative privileges. Most policies can be set on a general (installation) or a configuration basis.
There are two basic kinds of policies:
Policies currently in effect can be displayed by the show policy command from a shell terminal. To set a policy, use the following command:
set policy <[configname/]name> <value> [-noverify]
The security-based policies available in the server are listed in the following table:
Name | Default | Use |
---|---|---|
minpswd | 0 | Minimum number of characters needed for a password to operate the configuration consoles. |
signpflow | false | Determines whether process flows must be signed for message execution. |
signdict | false | Determines whether the catalog for the configuration/dictionary must be signed for the server to start. |
signconfig | false | Determines whether the configuration file, which defines the configurations, must be signed for a server to start. |
Although configuration files are generally signed, the policies control whether the signature is checked before the configuration file is used.
Policies are contained in a security file in the main (<iwayhome>/config) area of the server. This file is always signed and verified on each use, which prevents unauthorized access to the policies as a result.
iWay Software |