ACIEncryption

Set ACIEncryption to False if you want to use a GSSAPI authentication setup without ACI Encryption. This parameter has an effect only if you have set Krb5Service or GSSServiceName to enable a Kerberos setup.

By default, DAH uses a Kerberos method with ACI Encryption. In this case, you specify the service name for the child servers in GSSServiceName, and the realm in Krb5Realm, and you configure the DAH Kerberos settings in the [ACIEncryption] section.

When you set ACIEncryption to False, DAH does not use ACI Encryption, and you configure the DAH GSSAPI settings by using the GSSServiceName and RequireGSSAuth parameters in the [Server] section. This option allows you to use TLS/SSL for encryption, and you can use standard third-party libraries to connect to the DAH and other IDOL components.

NOTE: When you set ACIEncryption to False, you must specify your child servers by fully qualified host name (not IP address) in the Host parameter. DAH uses the host name to read the Kerberos realm and ignores the Krb5Realm setting.

Micro Focus recommends that you turn off ACI Encryption for your Kerberos set up. This option allows you to use standard third-party tools for encryption and communication.

If you create a server group by specifying a comma-separated list of host names in the Host parameter, you can specify a value in the ACIEncryption parameter for each mirrored child server, or set one value, which applies to all the child servers in the group. Micro Focus strongly recommends setting the same value for all your child servers and groups.

Type: Boolean
Default: True
Required: No
Configuration Section: IDOLServerN or DistributedEngineN or DAHEngineN
Example: ACIEncryption=False
See Also: GSSServiceName