Configuration requirements for connecting V7.2 or earlier clients to V7.2.1 or later servers in FIPS 140–2 mode
Tivoli Netcool/OMNIbus V7.2.1, or later, maintains backward compatibility with existing client applications when running in non-FIPS 140–2 mode. To operate in FIPS 140–2 mode, some configuration is required for V7.2 or earlier clients that require connection to servers running in secure mode.
The following table shows the compatibility between V7.2 or earlier clients, and V7.2.1 or later servers running in secure mode, and the configuration changes required for FIPS 140–2 mode.
V7.2, or earlier client | Compatible | Configuration changes for connecting in FIPS 140–2 mode |
---|---|---|
Unidirectional and bidirectional gateways | Yes | Gateways can authenticate and connect to a V7.2.1 or later ObjectServer running in secure mode, without any changes. |
Process control client (nco_pad) and process control utilities (nco_pa_shutdown, nco_pa_start, nco_pa_status, and nco_pa_stop) | Yes | Clients can connect to a V7.2.1 or later process agent running in secure mode if the client application is started with the -nosecure option and a plain text password. |
Conductor (nco) and event lists (nco_event and nco_elct) | No | Clients cannot connect to a V7.2.1 or later ObjectServer running in secure mode. |
Probes | Yes | Probes can connect to a V7.2.1 or later ObjectServer
running in secure mode if they are started with the -nosecurelogin option
and a plain text password. Additionally, the AuthPassword property setting in the probe properties file must not be encrypted with the nco_crypt or nco_g_crypt utility. |
SQL interactive interface (nco_sql) | Yes | Clients can connect to a V7.2.1 or later ObjectServer running in secure mode if they are started with the -nosecure option. Authentication fails if the -nosecure option is not specified. |
Proxy server client (nco_proxyserv) | Yes | Proxy servers can connect to a V7.2.1 or later ObjectServer running in secure mode, without any changes. |
Process agent client (nco_pad) | Yes | Process agents can connect to a V7.2.1 or later ObjectServer running in secure mode, without any changes. |
Other clients | - | When the ObjectServer is in FIPS 140–2 mode, clients supplying encrypted passwords cannot connect to the ObjectServer. |