Oracle DOCUCOLOR 252 ユーザーズマニュアル
Configuring Security for the Administrative Domain
6-20
Oracle Secure Backup Installation and Configuration Guide
You can set the key size when you use the mkhost command or Oracle Secure Backup
to configure a host. If you specify the --certkeysize option on the
mkhost
command, then the specified value overrides the default certificate key size
set in the security policy. The key size applies only to the newly configured host and
does not affect the key size of any other current or future hosts.
does not affect the key size of any other current or future hosts.
Because larger key sizes require more computation time to generate the key pair than
smaller key sizes, the key size setting can affect the processing time of the mkhost
command. While the mkhost command is running,
smaller key sizes, the key size setting can affect the processing time of the mkhost
command. While the mkhost command is running,
message every 5 seconds. obtool displays a command prompt when the process has
completed.
completed.
To set the key size in the mkhost command:
1.
Log in to obtool as a user with the modify administrative domain's
configuration
configuration
right.
2.
Issue the mkhost command to set the key size for a host. The following example
sets the key size to 4096 bits when configuring
sets the key size to 4096 bits when configuring
stadf56. This setting applies
only to host stadf56.
ob> mkhost --inservice --role client --certkeysize 4096 stadf56
Info: waiting for host to update certification status...
Info: waiting for host to update certification status...
Info: waiting for host to update certification status...
Info: waiting for host to update certification status...
ob> lshost stadf56
stadf56 client (via OB) in service
Enabling and Disabling SSL for Host Authentication and Communication
By default Oracle Secure Backup uses authenticated and encrypted
connections for all control message traffic among hosts.
You can disable SSL encryption by setting the securecomms security policy to off.
Disabling SSL might improve performance, but be aware of the inherent security risks
in this action.
Disabling SSL might improve performance, but be aware of the inherent security risks
in this action.
To set the securecomms security policy:
1.
Log in to
as a user with the modify administrative domain's
configuration
right.
2.
Use the setp command to switch the securecomms policy to off, as shown in
the following example:
the following example:
ob> cdp security
ob> setp securecomms off
See Also:
Oracle Secure Backup Reference to learn how to use the
mkhost
command
See Also:
See Also:
Oracle Secure Backup Administrator's Guide to learn how to
set a policy