Use configure replication server to establish default security settings for all outgoing logins (when Replication Server acts as a client) and incoming logins (when Replication Server acts as a server).
You can override default security settings for these outgoing pathways:
Individual connections – see “Configuring security for database connections”.
Individual routes – see “Configuring security for routes”.
The pathway from Replication Server to ID Server – see “Configuring security to the ID Server”.
You cannot override any default security settings that
control security for incoming logins.
When Replication Server seeks to open a pathway to another server, it checks to see if security parameters have been set specifically for that pathway. If not, Replication Server uses the default security settings determined using configure replication server.
To set global security parameters, log in to Replication Server and execute configure replication server at the isql prompt. Here is the syntax:
configure replication server {
set security_mechanism to 'mechanism_name' |
set security_parameter to { 'required' |
'not_required' }}
You can set all of the configuration parameters listed in Table 8-8. They are stored in the rs_config table in the RSSD. You must have sa permission to execute them.
This section provides examples of using configure replication server.
To require all servers and users that connect to Replication Server to be authenticated by the security mechanism, set unified_login to “required.” Log in to Replication Server and execute this command at the isql prompt:
configure replication server set unified_login to 'required'
If unified_login is “not_required”, Replication Server allows servers and users to connect with either a credential or a password.
unified_login must be “required” for
other security services to take effect.
To require all data sent or received by Replication Server to be encrypted, log in to the Replication Server and execute this command at the isql prompt:
configure replication server set msg_encryption to 'required'
