What is the purpose of the DXadmind password?

Document ID : KB000054230
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

When CA Directory is installed on a server, part of the installation is defining the DXadmind configuraton. This configuration is used not only for the DXadmind own use, but it's also used as an authentication mechanism by DXmanager. This techdoc explains the relationship between DXmanager and DXadmind.

Solution:

The purpose of the DXadmind password is so that a DXmanager connection can be authenticated. The DXadmind password is defined in two different locations, and it is essential that the DXadmind password be the same across the entire DXmanager backbone.

The two places that the DXadmind password is defined are:

  1. The DXadmind process installed on each CA Directory host.
  2. The DXmanager "backbone defaults".

It is vital that the DXadmind password is the same no matter how many CA Directory hosts you deploy. Having a consistent password across your entire backbone will ensure that the one DXmanager server will be able to connect to all your Directory hosts.

DXmanager and DXadmind function in a manager (DXmanager) & agent (DXadmind) style relationship.

Periodically DXmanager will connect to each DXadmind process. In order for this connection to be authenticated, DXmanager and DXadmind need to exchange and verify a set of credentials.

This authentication process uses the following high level steps:

  1. DXmanager will send the pre-configured DXadmind password to the DXadmind process running on the Directory host.

  2. DXadmind will use the IP address of the DXmanager server and the presented password and compare them with the "DXmanager Trusted Host" and it's own DXadmind password.

  3. If the trusted host matches the IP address of the connecting server, and the DXadmind password matches, then DXadmind will allow the connection. If not, then the connection will be refused.

    The connection and authentication process is illustrated below:

    Figure 1

In order to initially configure the DXadmind password and other required items, the process is:

DXadmind Install

When you install each directory server the installation will ask for:

  1. DXmanager Trusted Hostname (needs to be resolvable via host name resolution or simply the IP address of the DXmanager host)
  2. DXadmind TCP port (this is normally 2123)
  3. DXadmind password (this is the password that needs to be synchronized with DXmanager)

So if you were to install 3 directory servers, during the install you would point them all at the same DXmanager trusted host, communicating on TCP port 2123 and all would have the same DXadmind password.

DXmanager Install

When you install DXmanager and come to configure the "backbone defaults", there is a section in the GUI which allows you to define the DXadmind configuration details.

  1. You need to define the same DXadmind password that you used when you installed all the Directory hosts
  2. DXadmind TCP port (leave this as the default 2123)
  3. DXadmind Trap port (leave this as the default 20162)

An illustration of the configuration section is below:

Figure 2