After creating the key database file and importing any required
certificates, make the key database file and password stash file available
to all clients that access the LDAP directory server.
After
you create the key database file and import any self-signed or new signer
certificates from other Certificate Authorities into it, you must make the
key database file and password stash file available to all clients that access
the LDAP directory server. When IBM Rational® ClearQuest® attempts
to authenticate a user against the LDAP directory server using SSL, it retrieves
the appropriate signer certificate from the key database file. If Rational ClearQuest cannot
find the key database file and password stash file, it cannot authenticate
the user.
Choose one of the following methods for making the key database file available
for all clients:
- Place the key database file and password stash file at a location that
is accessible to all clients, such as a network share. When you configure
the Rational ClearQuest database
set for LDAP authentication, you identify the location of the key database
file and password stash file by specifying the –K option to the installutil
setldapinit subcommand.
- If you name the key database file and password stash file ldapkey.kdb and ldapkey.sth,
respectively, you can distribute copies of both files to all clients and instruct
the users to store the files in the default location: installation drive:\installation
directory\Rational\Common on Windows® or /installation location/rational/common
on the UNIX® system
and Linux.
- Distribute the key database file and password stash file to all clients
and instruct the users to store the files in a specific location. The location's
path name must be the same on all client computers, including the drive letter.
When you configure the Rational ClearQuest database
set for LDAP authentication, you identify the location of the key database
file and password stash file by specifying the –K option to the installutil
setldapinit subcommand.
- Distribute the key database file and password stash file to all clients
and let each user decide where to store the files on their computers. Each
user must set the RATL_SSL_KEYRING environment variable to point to the key
file name using the full path specification. For example, on Windows, the
correct format for the file specification is installation drive:\installation
directory\Rational\Common\ldapkey.kdb, and on the UNIX system and Linux,
the correct format is /installation location/rational/common/ldapkey.kdb.
It is possible to use a combination of these methods. For example, some
clients might use the default location and other clients might use the RATL_SSL_KEYRING
environment variable to identify the location of the files. Rational ClearQuest uses
the following algorithm to attempt to find the key database file and password
stash file:
- If the RATL_SSL_KEYRING environment variable is set on the client computer, Rational ClearQuest uses that
location.
- If the RATL_SSL_KEYRING environment variable is not set, and you identified
the location by specifying the –K option to the installutil setldapinit subcommand, Rational ClearQuest uses that
location.
- If the RATL_SSL_KEYRING environment variable is not set and you did not
specify the –K option to the installutil setldapinit subcommand, Rational ClearQuest looks in
the default location for ldapkey.kdb and ldapkey.sth.