Using encryption for the UIM server
If your IBM zSeries processor supports HMAC-SHA and 3DES, UIM can use them to encrypt a user's ID and password.
To enable the cryptography features of the UIM server, your IBM zSeries processor must support CPACF or attached Coprocessors. Using either of these, the UIM server can:
- Encrypt or decrypt user credentials for more secure logon processing
- Implement TLS to secure the all network communications
To enable or disable a specific level of encryption
Open your startup configuration member for editing.
From your startup configuration member, find the ENCRYPTION_LEVEL parameter.
The following example shows the variable set to the default to implement TLS if the client supports encryption (SSL-IF):<BMC_PARM ID='ENCRYPTION_LEVEL'
VALUE='SSL-IF' />- Change ENCRYPTION_LEVEL to one of the following values:
NO
User credentials will not be encrypted between UIM and the client.
CREDENTIALS-IF
If the z/Series processor and the client support encrypted credentials, encryption should be is used.
CREDENTIALS-REQUIRED
Encrypted credentials are required and connection attempts using non-encrypted credentials will be rejected.
SSL-IF
If the z/Series processor and the client support SSL/ TLS, TLS should be used. If support does not exist, CREDENTIALS-IF is used. If that is not supported, the connection is rejected.
When using this setting, see the following topics:SSL-REQUIRED
SSL/TLS encryption must be used on any connection, and non-SSL/ TLS connection attempts are rejected.
When using this setting, see the following topics:
Related topic