External security filename for gateway
This parameter can be used to protect external programs against beingregistered. Unauthorized registration of programs can be prevented bymaintaining the file reginfo in the data directory of the gatewayinstance.
If the file exists, the system searches for valid registration entriesin this list. If not, the system searches as previously in thegw/sec_info> file.
Using the reginfo file makes it possible to define the entries betterthan before.
The syntax of the entries in this file is as follows
TP=<(><<)>tp> [HOST=<(><<)>hostname>] [NO=<(><<)>n>] [ACCESS=<(>
Certain programs can be allowed to register from an external host byspecifying the relevant information.
Valid TP name:
No restriction : *
TP name : foo
Start of name : foo*
Valid host name:
No restriction : *
Host name: sapprod for example
IP address: 220.127.116.11
Domain : *.sap.com
Subnet address : 192.1.1.*
Examples of valid entries
TP=* All registrations allow HOST=* TP=foo* All registrations that startwith foo,
but not f or fo
HOST=*.sap.com TP=* from domain *.sap.com, are all
If the TP name is specified without wildcards, the number ofregistrations allowed can be specified too.
HOST=* TP=foo NO=1 , meaning that only one program can be registeredwith the
name foo. All other attempts to register a program with this name arerejected.
To control access from the client side too, you can define an accesslist for each entry. This is a list of host names that must comply withthe rules above. *' is not allowed however. If no access list isspecified, the program can be used from any client. The local gatewaywhere the program is registered always has access.
What is important here is that the check is made on the basis of hostsand not at user level.
for example HOST=* TP=foo ACCESS=*.sap.com
Program foo can only be used by hosts from domain *.sap.com. Accessattempts coming from a different domain will be rejected.
The CANCEL list can be used to define whether other clients can teminatethe registered program. The same rules apply for this list as for HOSTor ACCESS,
for example HOST=* TP=foo ACCESS=*.sap.com CANCEL=*.wdf.sap.corp
Program foo can only be terminated by clients that have logged on fromdomain wdf.sap.corp.
Who is allowed
Limitation for os
Limitation for db