1.1 Overview
2.1 Utilities to create Certificates
Certificate Utilities
Limiting the period for which a certificate is valid
Limiting the IP addresses for Hosts and Users
Restricting nodes on which a host certificate can be used
Restricting nodes on which Gem or Application can run
Example certificate creation
2.2 Examine and delete certificates
Certificate directory structure
Duplicates and Deleting certificates
2.3 Certificate revocation list
scripts to revoke host and user
Applying updated CRL
3.1 Setup and Login
1. Configuring the Stone and the remote node
2. Setup script and log directories
On the Stone’s Node
On the Remote Node
Setup log directories
3. Start certificate-only NetLDI on the Stone’s Node
Example
4. Start certificate-only NetLDI on the Remote Node
Define or select a configuration file
Start the Remote NetLDI
5. Start the HostAgent on the Stone’s node
Flow of Operations during HostAgent startup
6. Login
Flow of Operations during Login
Troubleshooting startup failures
Objects hidden by Object filtering
3.2 X509 logins from Topaz
X509 login parameters
topaz arguments to configure X509 parameters on command line
Status command
3.3 X509 logins using the GCI interface
3.4 X509 logins using GBS
3.5 X509 logins using External Sessions
3.6 Local Logins
4.1 Overview
Overview of Object level security
Object Filtering
Object Filtering support classes
4.2 Details on Classes that implement Object Filtering
IPv4Subnet
ObjectFilteringPolicy
Creation
Specifying mappings
ObjectFilteringPolicyMap
Specifying and looking up policies within a map
Installing and finding out about the defined map/ObjectFilter
UnauthorizedObjectStub
4.3 ObjectFilter internal and usage details
Changing the ObjectFilter
Filtering and mid level caches
5.1 Overview
X509-secured Mid-level caches
5.2 Configuring and Starting the X509 Mid Level Cache
Starting the mid-level cache NetLDI
1. Create Certificates and configure on mid-cache host
2. Start the mid-level cache’s NetLDI
3. Start the two HostAgents from the Stone’s node
Flow of Operations
5.3 Connecting to a mid-level cache
Reconnecting
6.1 Managing HostAgents
Information about HostAgents
Stopping HostAgents
Stopping from the command line
Stopping from within the image
Restarting after stopping host agent
6.2 Managing Caches
Timeout of the secure remote cache
Mid level caches require explicit stop
Information on caches
Warming caches on startup
Keeping mid-level caches warm
6.3 Managing NetLDIs
Stopping certificate-only NetLDIs
Multiple NetLDIs
6.4 Log Files
Netldi default log file directory
Gem logs
HostAgent logs
Other process log files
6.5 Other Administration
Requiring UserProfiles to use X509 Authentication
Disallowed Operations in a X509 session
A.1 Configuration Parameters specific to X509-Secured GemStone
NetLDI configuration Parameters
Configuration parameters used for x509 remote caches
Gem Configuration Parameters
Other parameters with specific behavior in X509-secured processes
A.2 Utility details for X509
gslist
gslist for remote nodes
HostAgent information
starthostagent
startnetldi
stophostagent
