Securing the server

You can set up secure communication between clients and servers as well as between servers.

  • Communication between clients and servers can be secured using the SSL protocol, which you specify when connecting to the server. See Using SSL to encrypt connections to a Helix server for information on how you secure client-server communication.

    Communication between clients and servers can also be secured using a firewall. For more information, see Using firewalls.

  • User authentication can be done using passwords or tickets, and the strength of the password can be defined by an administrator. Users can be authenticated against an Active Directory or LDAP server, or against an internal Helix server user database. See Authentication options for information about how you can authenticate users.
  • Access is defined using a protections that determine which Helix server commands can be run, on which files, by whom, and from which host. See Authorizing access to find out how you define protections.
  • Communication between servers in a distributed environment can be secured using a trust file and by setting permissions for the service users that own the different servers in the environment. For more information, see Helix Core Server Administrator Guide.

Before you can configure access and authentication, you must create users as described in Managing users.

Recommended settings to configurables for security

After installing Helix server, it is good practice to set the following configurables:




require ticket-based authentication security 3 or 4
force new users that you create to reset their passwords dm.user.resetpassword 1
prevent the automatic creation of new users dm.user.noautocreate 1 or 2
hide sensitive information from unauthorized users of p4 info 1
hide user details from unauthenticated users run.users.authorize 1
disable unauthorized viewing of the details of the server configuration dm.keys.hide 2