域之间的信任关系配置(英文)

转载 2007年09月21日 23:46:00
  
Enabling Trust Between WebLogic Domains
Note: Enabling trust between WebLogic Server domains opens the servers up to man-in-the-middle attacks. Great care should be taken when enabling trust in a production environment. BEA recommends having strong network security such as a dedicated communication channel or protection by a strong firewall.
A trust relationship is established when principals in a Subject from one WebLogic Server domain (referred to as the domain) are accepted as principals in the local domain.
This release of WebLogic Server adds more restrictions to the trust relationship between domains. Now a trust relationship is established when the Credential attribute for one domain matches the Credential attribute for another domain.
By default, when you boot an Administration Server for the first time, the Credential attribute is not defined. As the Administration Server boots, it notices that the Credential attribute is not defined and generates a random credential. The Administration Server uses that credential to sign principals in subjects created in that domain. The config.xml file which stores the credential is saved after the credential is generated. Managed servers in that domain obtain the credential from the Administration Server when booting.
WebLogic Server performs a validation (comparing how the principal was signed with how a local principal would be signed) whenever the code is asked to create a new subject.
Note: Any credentials in clear text are encrypted the next time the config.xml file is persisted to disk.
If you want a WebLogic Server 6.x domain to interoperate with a WebLogic Server 7.0 domain, change the Credential attribute in the WebLogic Server 7.0 domain to the password of the system user in the WebLogic Server 6.x domain.
If you want two 7.0 domains to interoperate, perform the following procedure in both domains.
To establish a trust relationship between WebLogic Server domains:
1.        In the left panel of the console, select the domain name at the top of the tree.
2.        Select the Security-->Advanced tab.
3.        Uncheck the Enable Generated Credential attribute.
4.        Click the Change... link in the Credential attribute.
5.        Enter a password for the domain. Choose the password carefully. BEA Systems recommends using a combination of upper and lower case letters and numbers.
6.        Confirm the password.
7.        Click Apply.
8.        Reboot WebLogic Server.
When using inter-domain trust with a WebLogic Server domain that uses custom Principals (meaning a custom Authentication provider is configured in the domain), the domain that is not using custom Principals must have the class for the custom Principal defined in the server's class path in order for authentication to work properly. Otherwise, a java.lang.ClassNotFound is thrown.
For example: two domains (Domain 1 and Domain 2) have established trust (meaning their domain credentials are set to the same value).
§            Domain 1 has a custom Authentication provider that creates custom Principals of type myPrincipal.
§            mySubject is a Subject authenticated on Domain 1 that contains a Principal of type myPrincipal.
§            mySubject is passed from Domain 1 to Domain 2. Subjects are passed between domains in the following circumstances:
·              When one domain makes an RMI call over T3 to another domain.
·              When one domain makes an RMI call over IIOP and CSIv2 cannot be established.
·              A Subject is passed as a argument to a user's method.
·              When using the JMX Message bridge.
§            Domain 2 must have myPrincipal defined in the server class path or a java.lang.ClassNotFound will be thrown when Domain 2 tries to deserialize the Subject.

实战详解域信任关系,Active Directory系列之十七

实战详解域信任关系            上篇博文中我们对域信任关系作了一下概述,本文中我们将通过一个实例为大家介绍如何创建域信任关系。拓扑如下图所示,当前网络中有两个域,一个域是ITET.COM...
  • zmoneyz
  • zmoneyz
  • 2014年07月07日 20:24
  • 1100

此工作站和主域间的信任关系失败

此工作站和主域间的信任关系失败文:铁乐与猫(食梦貘) 2014年11月18日 在域中总是会有计算机由于某种原因,导致计算机账户的密码无法和Sa secret同步,系统会在计算机登录到域的时候,提...
  • u012145252
  • u012145252
  • 2016年09月18日 14:52
  • 1987

Linux服务器间信任关系建立方法

Linux两台服务器间建立信任关系的方法 在Linux服务器之间建立信任关系,是很多线上服务系统的基础性工作,这样能便于程序在多台服务器之间自动传输数据,或者方便用户不输入密码就可以在不同的主机...
  • cserchen
  • cserchen
  • 2014年01月20日 15:57
  • 11581

Linux 两台主机之间建立信任关系方式及基本原理

前言: 去年学过一段时间的现在密码学,最近在配置github, Linux主机之间建立信任关系的时候都用到了其中一些知识,所以刚好整理一下,想直接看操作方式的可直接拉到下面密码学基本知...
  • u014001964
  • u014001964
  • 2016年06月21日 15:01
  • 2134

linux机器间建立SSH信任关系

linux机器间建立SSH信任关系   ssh信任关系,是指一台服务器上的一个用户信任客户端的一个用户,允许这个用户不输入密码登录,另一个说法叫做public_key_auth。实际上就是证书信任。 ...
  • franktan2010
  • franktan2010
  • 2014年12月13日 10:38
  • 2149

Oracle Study之-AIX6.1构建主机之间的信任关系(ssh)

Oracle Study之-AIX6.1构建主机之间的信任关系(ssh)    在AIX环境下构建主机信任关系首选rsh,但在构建Oracle 11g RAC时需要ssh支持,以下文档介绍如何在AIX...
  • lqx0405
  • lqx0405
  • 2016年04月19日 16:54
  • 1126

Linux服务器间信任关系建立方法

 Linux两台服务器间建立信任关系的方法 在Linux服务器之间建立信任关系,是很多线上服务系统的基础性工作,这样能便于程序在多台服务器之间自动传输数据,或者方便用户不输入密码就...
  • jiangzeyun
  • jiangzeyun
  • 2015年01月07日 11:10
  • 1174

服务器上的安全数据库没有此工作站信任关系的计算机帐户 解决办法

原文:http://tongzidane.blog.163.com/blog/static/5816589220126551814141/问题:当Windows 7或者Windows2008加入域后,...
  • wag2765
  • wag2765
  • 2016年01月25日 16:42
  • 1370

windows server 2012 活动目录部署系列(五)域信任关系

在林中新建另外一个域david.com。过程就不再陈述。
  • david_520042
  • david_520042
  • 2014年09月22日 10:10
  • 2305

Linux添加信任关系的方法

主机A增加client B的信任关系方法以及注意事项 在主机A中的操作 1 在服务器A上,进入当前用户根目录下的隐藏目录 .ssh 命令: cd  ~/.ssh ---通过 ls –a 命令观察...
  • f8152
  • f8152
  • 2016年10月09日 16:51
  • 961
内容举报
返回顶部
收藏助手
不良信息举报
您举报文章:域之间的信任关系配置(英文)
举报原因:
原因补充:

(最多只允许输入30个字)