Host Authentication and Communication
Managing Security for Backup Networks 6-9
the media server, and host client as the client. An Oracle Secure Backup user
belonging to a class that has the manage devices class right attempts to run lsvol
-L library_name in obtool. If the attempt is made on client, then it fails with an
illegal request from non-trusted host error. The same command succeeds
when attempted on admin or media.
You can turn off these trust checks by setting the Oracle Secure Backup security policy
trustedhosts to off. This disables the constraints placed on non-trusted hosts.
Host Authentication and Communication
By default, Oracle Secure Backup uses the Secure Sockets Layer (SSL) protocol to
establish a secure communication channel between hosts in an administrative
domain. Each host has an X.509 certificate known as an identity certificate. This
identity certificate is signed by a Certification Authority (CA) and uniquely identifies
this host within the administrative domain. The identity certificate is required for
authenticated SSL connections.
This section contains these topics:
■ Identity Certificates and Public Key Cryptography
■ Authenticated SSL Connections
■ Certification Authority
■ Oracle Wallet
■ Web Server Authentication
■ Revoking a Host Identity Certificate
Identity Certificates and Public Key Cryptography
An identity certificate has both a body and a digital signature. The contents of a
certificate include the following:
■ A public key
■ The identity of the host
■ What the host is authorized to do
Every host in the domain, including the administrative server, has a private key
known only to that host that is stored with the host's identity certificate. This private
key corresponds to a public key that is made available to other hosts in the
administrative domain.
Any host in the domain can use a public key to send an encrypted message to another
host. But only the host with the corresponding private key can decrypt the message. A
host can use its private key to attach a digital signature to the message. The host
Note: Commands that originate from the Oracle Secure Backup Web
tool are always routed to the administrative server for processing, and
are not affected by the trustedhosts policy.
Note: Currently, the Network Data Management Protocol (NDMP)
does not support an SSL connection to a filer.
To Next Page
Loading...
Need help?
General