During the CA Harvest SCM installation, you specify either internal authentication or OpenLDAP authentication as the method your site will use to authenticate users' names and passwords, for example, when a user attempts to log in to the product. Internal authentication uses the product to authenticate the user name and password, while OpenLDAP authentication uses an OpenLDAP authentication server for authentication.
The authentication method that you select may depend on your company's IT standards and conventions, resources, environment-specific concerns, manager input, and other factors in your company that influence IT-related decisions.
Consider all applicable factors, select your authentication method, and record your choice on the installation worksheet.
If you select internal authentication, you do not need to perform any preparation tasks.
If you select OpenLDAP authentication, prepare to install it.
For details about these TLS values, including how to specify them during the installation using either method, see the LDAP compliant directory configuration parameters (see page 101) for the TLS fields.
Create the CA Harvest SCM User and Default Directories
Important! Before creating the CA Harvest SCM user and default directories, do the following:
■ On Linux, verify that the umask is set to 0022.
■ On UNIX, verify that the umask is set to 022.
■ Log in as the root user (the user named root).
To create the product user and default directories on UNIX and Linux 1. Enter the following command to create the SCM group:
groupadd cascm
2. Enter the following command to create a UNIX or Linux user named cascm who owns and runs the product server.
useradd cascm
How to Prepare for the Agent Installation
124 Implementation Guide
3. Enter the following command to add this user to the cascm group:
usermod cascm -G cascm
4. Enter the following command to assign a password to this user.
passwd cascm
When prompted, specify the password.
5. If the product default directories do not exist, enter the following commands to create them:
mkdir /opt/CA/scm mkdir /opt/CA/pec mkdir /opt/CA/ETPKI
Enter the following commands to verify that the SCM user you created in Step 1 has write access to the required directories:
chmod 775 /opt/CA/scm /opt/CA/ETPKI /opt/CA/pec
6. Enter the following commands to verify that the SCM group owns the following directories:
chgrp -R cascm /opt/CA/scm chgrp -R cascm /opt/CA/ETPKI chgrp -R cascm /opt/CA/pec
7. Enter the following commands to verify that the SCM user owns the following directories:
chown -R cascm /opt/CA/scm chown -R cascm /opt/CA/ETPKI chown -R cascm /opt/CA/pec
8. As the new SCM UNIX or Linux user (su cascm), complete these tasks:
■ Create the $CA_SCM_HOME environment variable.
■ Add $CA_SCM_HOME/bin to the PATH variable in the SCM UNIX or Linux user .profile [bash] or .cshrc [csh] file.
One method for performing both tasks is adding the following line to the
~cascm/.profile file:
CA_SCM_HOME=/opt/CA/scm
PATH=${CA_SCM_HOME}/bin:${PATH}
export CA_SCM_HOME
Note: $CA_SCM_HOME is the directory where the program files are installed on UNIX and Linux. (On Windows, this variable is %CA_SCM_HOME%.)
How to Prepare for the Agent Installation
Chapter 3: Installing on UNIX, Linux, and zLinux 125
Install CAPKI for All the Users on a Computer
You can install the Public Key Infrastructure (CAPKI) to help ensure the security of users, data, and applications in your enterprise.
Follow these steps:
1. Run the following commands:
cp /cdrom/ETPKI/etpki_platform.tar to /home/cascm/
2. untar the etpki_platform.tar
A folder structure is created. For example, on an AIX platform the directory structure is as follows:
etpki_aix setup readme.txt
3. Change directories (cd) to the etpki_platform directory, and log in as the root user.
4. Run the following command:
setup install caller=CallerID options
You can specify the following options for this command:
CallerID
Specifies the parent application or component that is installing, and is dependent upon, CAPKI. This ID can be selected by users of CAPKI, so it is important that the ID uniquely identifies the parent product. When you have multiple subcomponents of a product and each component relies on CAPKI, use a CallerID that uniquely identifies each component. The maximum length of the identifier is 255 characters and it cannot contain spaces.
CAPKI maintains a list of the CallerIDs of the products that installed it. When a product using CAPKI is uninstalled, the associated CallerID is removed from the list. And, when the list is empty, CAPKI is removed from the computer.
For example, when installing CAPKI for the CA Harvest SCM server component, specify the callerID can be SCMSERVER. When installing the CA Harvest SCM client, specify callerID as SCMCLIENT. When installing the CA Harvest SCM agent, specify callerID as SCMAGENT.
How to Prepare for the Agent Installation
126 Implementation Guide
instdir=path
Specifies an absolute path to the CAPKI installation directory. The installer determines the CAPKI installation directory that is based on the following factors in the given sequence:
a. Location that is specified by an existing CASHCOMP environment variable b. Location that is specified by an existing CALIB environment variable (This
path is done as previous versions of the CAPKI installer were dependent on CALIB)
c. Location specified in the instdir parameter
d. Default location: /opt/CA/SharedComponents/CAPKI
Note: CAPKI installation cause problems, if the required library libstdc++.so with version 5.0.2 is not found. Contact your administrator to install the required library.
verbose
Enables the output of diagnoses messages.
env=<none|user|all>
Sets environment variables for specific users. You can specify the following parameters:
none
(Default) Do not set environment variables.
user
Sets environment variables for only the current user ($HOME/.profile).
Installs to a custom location. It is mandatory to specify env=<user.
all
Sets environment variables for all users (/etc/profile).
How to Prepare for the Agent Installation
Chapter 3: Installing on UNIX, Linux, and zLinux 127 CAPKI is installed on your computer, and if you specify to set environment variables, the following environment variables are set:
■ CASHCOMP=Points to parent directory of the CAPKI install directory
■ CALIB=Points to $CASHCOMP/lib
■ CABIN=Points to $CASHCOMP/bin
Note: These variables are not set if env=none option is passed to the ETPKI r4.x (CAPKI) installer.
During the installation if you receive a return code of 0, CAPKI was successfully installed.
If you receive a return code of 3, CAPKI did not install successfully. You can view a log file, capki_install.log in /tmp directory on non windows and in %TEMP% folder on windows machines. When you use the verbose option, the log file contains more messages.
Note: Previous versions of CAPKI used to set the ETPKIHOME variable. CAPKI (ETPKI 4.2.9) no longer sets or uses that variable.