Impact of Changing usernamepassword for SequelLink

Hi,

We have IS/TN4.6 running on Solaris. Originally, the SequelLink was installed using the Unix root username/password with the SLAgent and SLOracle processes running as root.

Our Network people want to stop the processes running under root (due to security issues) and have these processes running under wmadmin.

What needs to be done to start the processes under a different user, and what changes need to be made to the TN/IS setups?

Please help.

Jennifer,

As far as I know there is an open issue with Sequelink that requires root privileges to operate swcla.

Normal process to start Sequelink services is:

  1. login as root
  2. run startSLAgent under admin
  3. start swcla admin console
  4. login (I think at this point root privileges are required as access to user is needed)
  5. start desired services using sst command.

Also for security issues normaly sys admins push a lot against this “root” login and SLAgent running with root permissions.

A possible solution is to start/stop SLAgent service and all other data services using batch scripts similar to startSLAgent/stopSLAgent.

For IS/TN I don’t think it makes the difference what users is used to run the services…

Hope this is useful,

Regards,

Sorin

Sorin,

Thanks for the help.

Yes, our network people feel uncomfortable with a the SequeLink Oracle Agent script, which has the root password hard-coded within it, to start swcla:
/apps/sqllink/admin/swcla -l -uid root -pwd [password] ss SLOracle81

I guess we just have to stick with the hard-coded password.

Regards,

Jennifer

hi Jennifer,

I really meant something else. By a script I intend something like

/app/oracle/slserver52/admin/swcla -nologo -d /app/oracle/slserver52/cfg/swandm.ini ServiceStart ““SLAgent”” > ${LogFile}

I am not an expert of Sequelink…

If you send me your email, we can continue this conversation and send you the scripts I have…

Hope you still read this topic,

Best Regards

Sorin

Have you considered changing to a type 4 jdbc driver rather than the type 3 sequelink server model ?
We are on TN version 4.6 and use the Connect jdbc v3.2 (build 28) driver which we obtained from webMethods (because of sequelink server problems).
I believe this is the same driver as used by TN 6.0.1.
This is a much easier architecture to manage from our perspective.

> Have you considered changing to a type 4 jdbc driver rather
> than the type 3 sequelink server model ?

Kevin - sounds extremely interesting. Do you mean TN 4.6 uses the Type 4 driver to connect directly to the RDBMS, without the Merant proxy in the middle?

Hi Sonam,
yes, we no longer use the Merant proxy in any env. for our TN 4.6. This oracle driver has been built by data direct (the same suppliers of the Merant proxy). You can obtain the sl53_cj32.jar from wM.

Excellent - thanks Kevin.