Home | Previous Page | Next Page   Appendix B. Configuration Parameter and Environment Variable Reference >

ENCRYPT_MACFILE Configuration Parameter

default value
builtin
units
pathnames, up to 1536 bytes in length
range of values
One or more full path and filenames separated by commas, and the optional builtin keyword. For example: ENCRYPT_MACKFILE /usr/local/bin/mac1.dat, /usr/local/bin/mac2.dat,builtin
takes effect
when Enterprise Replication is initialized

The ENCRYPT_MACFILE configuration parameter specifies a list of the full path names of MAC key files.

To specify the built-in key, use the keyword builtin. Using the builtin option provides limited message verification (some validation of the received message and determination that it appears to have come from a Dynamic Server client or server). The strongest verification is done by a site-generated MAC key file.

To generate a MAC key file
  1. Execute the following command from the command line:

    GenMacKey –o filename

    The filename is the name of the MAC key file.

  2. Update the ENCRYPT_MACFILE configuration parameter on all Enterprise Replication servers to include the location of the new MAC key file.
  3. Distribute the new MAC key file.

Each of the entries for the ENCRYPT_MACFILE configuration parameter is prioritized and negotiated at connect time. The prioritization for the MAC key files is based on their creation time by the GenMacKey utility. The builtin option has the lowest priority. Because the MAC key files are negotiated, you should periodically change the keys.

Home | [ Top of Page | Previous Page | Next Page | Contents | Index ]