HPE Community
Operating System - OpenVMS
1752777 Members
6247 Online
108789 Solutions
New Discussion юеВ

Re: Experienced at VMS, new to certificate environment

 
Richard W Hunt
Valued Contributor

тАО05-16-2007 03:42 AM

тАО05-16-2007 03:42 AM

Experienced at VMS, new to certificate environment

I am at a site trying to convert to use of USA Dept of Defense PKI-based certificates. We have OpenVMS 7.3-2 with all patches through this month. TCPIP 5.4 ECO6. We haven't loaded any certificates yet.

Our user environment is based on a Windows domain that requires PKI/ Computer Access Card (CAC) to log in. User will connect to our OpenVMS box using Reflections, probably v11 or later. They have an SSH mode of operation, which we will of course test for compatibility.

I have read over the OVMS documentation set but merely confused myself. Can someone comment on any success they have had with a similar environment and perhaps offer a short bullet list of steps I'll need to make this puppy work?
Sr. Systems Janitor
0 Kudos
5 REPLIES 5
Hoff
Honored Contributor

тАО05-16-2007 04:30 AM

тАО05-16-2007 04:30 AM

Re: Experienced at VMS, new to certificate environment

You'll need to acquire or to create the software needed to tie OpenVMS into the authentication. That's probably the most central key piece of this all, and it depends on what sort of distributed authentication is being used.

Certificates for SSH allow the client and the server to be tied together and authenticated, but don't (out of the box) involve token-based authentication.

Software "behind the scenes" and usually based on or tied into ACME can allow this distributed authentication. If that's via LDAP, all the better, as that's available.

Some reading material, if you have not already seen it: http://h71000.www7.hp.com/solutions/mail.html
http://h71000.www7.hp.com/openvms/security.html

0 Kudos
Ian Miller.
Honored Contributor

тАО05-16-2007 08:07 AM

тАО05-16-2007 08:07 AM

Re: Experienced at VMS, new to certificate environment

See also

http://www.process.com/VMSauth/index.html

____________________
Purely Personal Opinion
0 Kudos
Richard W Hunt
Valued Contributor

тАО05-23-2007 02:37 AM

тАО05-23-2007 02:37 AM

Re: Experienced at VMS, new to certificate environment

OK, let's say I'm interested in getting as close as I can to the above stated environment. There are ways of getting waivers on the fine details if I can get close. So...

How close can I come starting from out of the box and without buying any more software than minimally necessary? If I have a working SSH client and some certificates on the box, can I at least get SOME level of certificate usage activated?
Sr. Systems Janitor
0 Kudos
Richard W Hunt
Valued Contributor

тАО12-07-2007 09:59 AM

тАО12-07-2007 09:59 AM

Re: Experienced at VMS, new to certificate environment

Update: Between the SSH utilities and OpenSSL 1.3 I am able to get pretty close. The project was put on hold so I have left it behind for a while. Other upgrades and migrations to different platforms and just generally chaotic operations. A normal Navy day. But after 1/1/08 we will be getting back to this topic. I'll close this post and start a new one when I get somewhere.
Sr. Systems Janitor
0 Kudos
Richard W Hunt
Valued Contributor

тАО12-07-2007 09:59 AM

тАО12-07-2007 09:59 AM

Re: Experienced at VMS, new to certificate environment

Closing thread - I'll create a new thread when I need one.
Sr. Systems Janitor
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.