Operating System - OpenVMS
cancel
Showing results for 
Search instead for 
Did you mean: 

Experienced at VMS, new to certificate environment

Richard W Hunt
Valued Contributor

Experienced at VMS, new to certificate environment

I am at a site trying to convert to use of USA Dept of Defense PKI-based certificates. We have OpenVMS 7.3-2 with all patches through this month. TCPIP 5.4 ECO6. We haven't loaded any certificates yet.

Our user environment is based on a Windows domain that requires PKI/ Computer Access Card (CAC) to log in. User will connect to our OpenVMS box using Reflections, probably v11 or later. They have an SSH mode of operation, which we will of course test for compatibility.

I have read over the OVMS documentation set but merely confused myself. Can someone comment on any success they have had with a similar environment and perhaps offer a short bullet list of steps I'll need to make this puppy work?
Sr. Systems Janitor
5 REPLIES
Hoff
Honored Contributor

Re: Experienced at VMS, new to certificate environment

You'll need to acquire or to create the software needed to tie OpenVMS into the authentication. That's probably the most central key piece of this all, and it depends on what sort of distributed authentication is being used.

Certificates for SSH allow the client and the server to be tied together and authenticated, but don't (out of the box) involve token-based authentication.

Software "behind the scenes" and usually based on or tied into ACME can allow this distributed authentication. If that's via LDAP, all the better, as that's available.

Some reading material, if you have not already seen it: http://h71000.www7.hp.com/solutions/mail.html
http://h71000.www7.hp.com/openvms/security.html

Ian Miller.
Honored Contributor

Re: Experienced at VMS, new to certificate environment

See also

http://www.process.com/VMSauth/index.html

____________________
Purely Personal Opinion
Richard W Hunt
Valued Contributor

Re: Experienced at VMS, new to certificate environment

OK, let's say I'm interested in getting as close as I can to the above stated environment. There are ways of getting waivers on the fine details if I can get close. So...

How close can I come starting from out of the box and without buying any more software than minimally necessary? If I have a working SSH client and some certificates on the box, can I at least get SOME level of certificate usage activated?
Sr. Systems Janitor
Richard W Hunt
Valued Contributor

Re: Experienced at VMS, new to certificate environment

Update: Between the SSH utilities and OpenSSL 1.3 I am able to get pretty close. The project was put on hold so I have left it behind for a while. Other upgrades and migrations to different platforms and just generally chaotic operations. A normal Navy day. But after 1/1/08 we will be getting back to this topic. I'll close this post and start a new one when I get somewhere.
Sr. Systems Janitor
Richard W Hunt
Valued Contributor

Re: Experienced at VMS, new to certificate environment

Closing thread - I'll create a new thread when I need one.
Sr. Systems Janitor