The parameters described below are used to configure the gateway to ensure secure connections.
Refer also to Security Settings in the Gateway.
Your system must be configured for using the SNC interface.
gw/acl_file
This parameter specifies the name of an access control list (ACL) file. With an ACL you can configure who is permitted to connect to the gateway.
The same ACL file is used for the standard port and for the SNC port of the gateway.
If the specified ACL file does not exist or is erroneous, the gateway immediately closes.
If the parameter is not set, access control is not valid.
Default Setting |
Empty (no ACL file is used) |
Dynamic |
No |
More information: Setting Up Access Control Lists (ACL)
gw/acl_mode
This parameter defines the behavior of the gateway, if an ACL file (gw/sec_info or gw/reg_info) does not exist.
The following values are possible:
0 : There is no restriction with starting external servers or registering servers.
This setting should not be used in production operation.
1 : External and registered servers are only permitted within the system (application servers of the same system). All other servers are rejected or have to be maintained in the respective files.
Default Setting |
1 |
Dynamic |
Yes |
gw/sec_info
File with the security information.
Any unauthorized starting of external programs can be prevented by maintaining the file secinfo in the data directory of the gateway instance.
Default Setting |
<Data Directory>/secinfo |
Dynamic |
Yes |
More information: Making Security Settings for External Programs
gw/reg_info
File with the security information for registered programs.
Unauthorized registration of programs can be prevented by maintaining the file reginfo in the data directory of the gateway instance.
If the file exists, the system searches for valid registration entries in this list. If there are none, the system searches, as up to now too, in the gw/sec_info file.
Default Setting |
<Data directory>/reg info |
Dynamic |
Yes |
More information: Making Security Settings for External Programs
SNC Parameters
There are a number of additional parameters that control the behavior of the Gateway in conjunction with SNC (Secure Network Communication).
Parameter |
Meaning |
Default Value |
Dynamic |
---|---|---|---|
snc/enable |
This parameter specifies whether the gateway accepts connections that protect the data via SNC. |
0 |
No |
snc/permit_insecure_comm |
This parameter specifies whether the gateway accepts connections without SNC. |
0 |
No |
snc/permit_insecure_start |
This parameter specifies whether the gateway may establish connections with programs that communicate without SNC. |
0 |
No |
snc/permit_common_name |
This parameter specifies whether the gateway can use a default SNC name specified by the parameter snc/identity/as, if an SNC name for the connection cannot be read from secinfo. |
0 |
No |
snc/gssapi_lib |
Path for the shared library of the security system in use. |
"" |
No |
snc/identity/as |
Identity of the gateway application server |
"" |
No |