Loading and Saving Your Configuration

Loading and Saving Your Configuration Using RMI Server

AAA configuration files consist of one or more entries. While accessing these files through the Server Manager interface, the initial screen lists each existing entry and provides controls to open HTML forms. You can add or modify the AAA server’s configuration files by entering values in these forms. You must then submit these values to the program. The fields in the HTML forms include text boxes, drop-down lists, and other form controls. Fields with bold labels require values for a complete configuration.

Server Manager stores changes you make to the server configuration, but does not immediately save them on a remote server. When you select the Load Configuration link from the navigation tree, the interface (shown in Figure 6-6) displays a prompt. You can edit the server configuration settings using this prompt. Information for the access device, proxies, local realms, users, and server properties in the loaded configuration will replace the existing information for all server configuration items.

Figure 6-6 Server Manager’s Load Configuration Screen

After you have made changes to the server configuration items, you can save the modified configuration on any server that has an active connection with the Server Manager program. When you click Save Configuration, the Server Manager interface displays a prompt (shown in Figure 6-7). Using this prompt, you can select the servers on which the settings must be saved.

	CAUTION: Clicking Save saves the entire server configuration settings (access device, proxies, local realms, users, and server properties) on the specified servers.

Figure 6-7 Server Manager’s Save Configuration Screen

	NOTE: If you do not wish to save changes that have been made, you can revert to the previous settings by loading the original configuration.

A running server does not recognize configuration modifications. After the changes have been saved on a server, you have to restart the server.

	NOTE: More than one administrator cannot edit the same functional area (access device, proxies, local realms, users, server properties) of a server configuration at the same time. After you access the configuration screens for a functional area, the Server Manager does  not allow others to access that functional area until you have moved to a different item.Selecting Save Server Attributes Only saves the group and server attributes on the host running Tomcat (HP-UX AAA Server Manager) to the host running HP-UX AAA Servers. However, the configuration files of the individual HP-UX AAA Servers are not saved.

Enhancing Loading and Saving Performance Using Secure Copy Protocol

You can load and save configuration files using the RMI Server or the Secure Copy Protocol (SCP). SCP reduces the time required to load and save configuration files.

To use SCP during saving or loading configuration, you must enable key-based authentication, which does not require a password, between the user account configured to start Tomcat (HP-UX AAA Server Manager) on the local host and the user account configured to start the RMI Server on the remote host. In the user account configured to start the RMI Server on the remote host, the default : aaa, rmiserver.aaa.user property in the rmiserver.properties file can be modified to change the default aaa value.

	NOTE: If you do not choose to use SCP, RMI Server is used by default.

Setting up Key-Based Authentication

This section describes how to set up key-based authentication between the user account configured to start Tomcat (HP-UX AAA Server Manager) on the local host and the user account configured to start the RMI Server on the remote host.

Setting up key-based authentication involves creating a public-private key set with ssh-keygen, generating public-private rsa key pair, and sharing the public key with the user account configured to start the RMI Server on the remote host.

This section describes the following procedures:

Sharing the Public key with Remote Hosts

To share the public key with the user account configured to start the RMI Server on the remote host from the local host where HP-UX Server Manager GUI is running, complete the following steps:

1. To transfer the public key to the remote system, enter the following command at the HP-UX prompt:

   # scp <public key path> <user>@<remoteserver>:/<desired path>

   	NOTE: Replace public key path with the file path where the public key is saved. Replace user with the name of the user who starts the RMI server on the corresponding host. Replace remoteserver with the name of the remote server where RMI server is running. Replace desired path with the path on the remote server where you want to copy the public key.

2. To log in to the remote system, enter the following command at the HP-UX prompt:

   # ssh <user>@<remote server>

3. Create a new directory as follows:

   # mkdir .ssh

4. Change the permissions of the directory as follows:

   # chmod 700 .ssh

5. To append the public key to the authorized_keys directory, enter the following command at the HP-UX prompt:

   # cat <desired path>/<public key file> >> .ssh/authorized_keys

6. Change the permissions of the directory as follows:

   # chmod 644 .ssh/authorized_keys

7. Log out of the system.

	NOTE: You must repeat this procedure for all the user accounts on all the remote RMI servers with which you want to share the public key.

Verifying Key-Based Authentication

To verify key-based authentication, log in to the remote system from the local host where HP-UX Server Manager GUI is running, as follows:

# ssh <user>@<remoteserver>

If a password is not required to log in, key-based authentication is configured successfully.