You can configure security for individual routes using create route or alter route. Security parameters configured with these commands affect security for the outgoing login to the destination Replication Server. They override default parameters set with configure replication server.
You can set security parameters when you create a route. Here is the syntax for including security features using the create route command.
create route to dest_replication_server {
...
[set username to 'user' ]
[set password to 'passwd' ]
[set security_mechanism to 'mechanism_name' |
set security_parameter to { 'required' |
'not_required' } ]
Table 8-8 describes the security parameters you can set with create route. They are stored in the rs_config table in the RSSD. You must have sa permission to execute them.
Security parameters set at both ends of a route must be compatible. See “Planning for compatible settings” for details.
To change the security settings for a route, use the alter route command.
Log in to Replication Server and execute alter route at the isql prompt. Here is the syntax for altering security:
alter route to dest_replication_server {
...
set password to 'passwd' |
set security_mechanism to 'mechanism_name' |
set security_parameter to { 'required' |
'not_required' }}
Table 8-8 describes the security parameters you can change with alter route.
To change the security parameters of a route, you must first suspend the route. Perform these steps at the Replication Server:
Execute suspend route to suspend activity on the route.
Execute alter route to change a security parameter. Change one parameter at a time.
Execute resume route to resume activity on the route.
This section provides some examples of using alter route.
To require Replication Server to connect to the target Replication Server (TOKYO_RS) with a password, execute these commands:
alter route to TOKYO_RS set username 'TOKYO_rsi_user'
alter route to TOKYO_RS set password 'TOKYO_rsi_pw'
alter route to TOKYO_RS set unified_login to 'not_required'
If unified_login is “not_required,” you
must specify an RSI user and password.
To specify that all messages exchanged with the target Replication Server (TOKYO_RS) are checked for tampering, execute:
alter route to TOKYO_RS set msg_integrity to 'required'
