Enabling or disabling encryption of user credentials

If your IBM zSeries processor supports HMAC-SHA and 3DES, UIM can use them to encrypt a user's ID and password.

To enable or disable encryption of user credentials

  1. Open your startup configuration member for editing.


    Note

    The startup member name is typically the same as the started task procedure name for the UIM server.

  2. From your startup configuration member, find the ENCRYPTION_LEVEL parameter.

    The following example shows the variable set to the default to encrypt user credentials if the client supports encryption (CREDENTIALS - IF):

     <BMC_PARM   ID='ENCRYPTION_LEVEL'
                 VALUE='CREDENTIALS-IF' />
  3. Change ENCRYPTION_LEVEL to one of the following values:

    • NO

      User credentials will not be encrypted between UIM and the client.

      Warning

      Setting ENCRYPTION_LEVEL to NO transmits user credentials in clear text.

    • CREDENTIALS-IF

      If the z/Series processor and the client support encrypted credentials, encryption should be is used.

    • CREDENTIALS-REQUIRED

      Encrypted credentials are required and connection attempts using non-encrypted credentials will be rejected.

    • SSL-IF

      If the z/Series processor and the client support SSL, encryption should be used. If support does not exist, CREDENTIALS-IF is used. If that is not supported, the connection is rejected.

      When using this setting, see the following topics:

    • SSL-REQUIRED

      SSL encryption must be used on any connection, and non-SSL connection attempts are rejected. 

      Warning

      Older clients might not support the SSL standard, and be unable to connect to the server. 

      When using this setting, see the following topics:


Related topic

Configuring the UIM server6-2-00


 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*