DCAS parameters for Certificate-based DCAS/RACF Credential Mapper plug-in
Required DCAS parameters: Some combination of the following parameters is required to allow the credential mapper plug-in to connect to the DCAS server securely:
- CMPI_DCAS_TRUSTSTORE
- This parameter contains the name of the keystore file to be used to look up the ZIETrans DCAS client certificate and the DCAS server certificate. If CMPI_DCAS_USE_DEFAULT_TRUSTSTORE is set to true, the JSSE default keystore file is used instead of the keystore file specified by this parameter.
- CMPI_DCAS_TRUSTSTORE_PASSWORD
- This parameter contains the password of the keystore file specified by CMPI_DCAS_TRUSTSTORE.
- CMPI_DCAS_TRUSTSTORE_TYPE
- This parameter contains the type of the keystore file specified by CMPI_DCAS_TRUSTSTORE. Valid values are pkcs12, jceks, and jks.
- CMPI_DCAS_USE_DEFAULT_TRUSTSTORE
- This parameter indicates whether the JSSE default keystore file
should be used to look up the ZIETrans DCAS client certificate and
the DCAS server certificate. The default is false.
If specified as true, this keystore file
is used instead of the keystore file specified by the CMPI_DCAS_TRUSTSTORE
parameter.
Note: The search order to locate the JSSE default keystore file is:
- the location specified by the javax.net.ssl.trustStore system property, then
- <java-home>/lib/security/jssecacerts, then
- <java-home>/lib/security/cacerts
Optional DCAS parameters: The following DCAS parameters are optional:
- CMPI_DCAS_HOST_ADDRESS
- The default DCAS host address is the destination host specified for the ZIETrans connection.
- CMPI_DCAS_HOST_PORT
- The default port address of 8990 is used, but you may override it using this parameter.
- CMPI_DCAS_NO_FIPS
- If set to true, this parameter indicates that the FIPS security provider should not be used. The default security provider will be used instead. The default is false.
- CMPI_DCAS_REQUEST_TIMEOUT
- This parameter specifies the passticket request timeout in milliseconds. It should be less than the macro timeout value. The default is 50000.
- CMPI_DCAS_TRACE_LEVEL
- This parameter specifies the trace level for the DCAS plug-in.
The trace messages are logged to the ZIETrans trace file. Trace level
values include the following settings:
- 0 = None: No tracing. This is the default.
- 1 = Minimum: Trace APIs and parameters, return values, and errors.
- 2 = Normal: Trace Minimum plus internal APIs and parameters and informational messages.
- 3 = Maximum: Trace Normal plus Java™ exceptions.
- CMPI_DCAS_VERIFY_SERVER_NAME
- This parameter indicates if the server host name in the certificate must be verified in addition to the certificate validation. The default is false.