SDK security features apply to authentication and communication connections.

Authentication occurs whenever a client program initiates a connection to a server program. The client passes an SDK username and a password to the server. The server determines whether the client is allowed to connect and, if the connection is allowed, what privileges the client is granted.

Secure communication connections are implemented through the use of the Diffie Helman-Advanced Encryption Standard (DH-AES), encryption based on a site secret, or DH-AES used in conjunction with the site secret.

To properly configure the security system, you must understand how the security system works. The answers to the following questions will help:

  • Which programs are servers and which are clients?

  • How does a server authenticate a client?

  • How does a client obtain a username and password to pass on to a server?

  • How does encryption apply to authentication as well as communication connections?

    Note:

    For the UNIX account used to run SDK processes, if the system administrator sets explicit permissions for the file mode creation mask (the umask) for a parent process, SDK software respects those permissions. For processes started by the SDK sm_serviced program described in sm_serviced and ic-serviced on page 67, the umask permission is inherited.