Documente Academic
Documente Profesional
Documente Cultură
Getting started
Skill Level: Introductory Olivier Antibi (oantibi@fr.ibm.com) E-business Architect IBM Jean-Paul Chobert (chobert@fr.ibm.com) E-business Architect IBM James Webster (websteja@us.ibm.com) Technical Consultant IBM
08 Aug 2003 Linux is quickly becoming a dominant platform for e-business and enterprise applications. The recent release of IBM Tivoli Access Manager 4.1 Fixpack 2 recognized this fact by adding support for Linux on the Intel platform. In this tutorial, you'll learn how to install and configure IBM Tivoli Access Manager 4.1 on Linux. You'll also walk through some simple steps that will test your installation, including the creation of a WebSEAL junction.
developerWorks
ibm.com/developerWorks
integrators and developers quickly get started using IBM Tivoli Access Manager on Linux. This tutorial provides tips for the installation process in a standard scenario. Also included are some verification tests that will help you ensure that the installation is running fine. This tutorial assumes that you are familiar with Tivoli Access Manager for e-business. You should also have a basic familiarity with the Linux platform. Refer to Resources for related material.
Base client (PDRTE, PDJrte, PDAuthADK) Base Server (PDMgrd, PDAcld) Web Portal Manager WebSEAL
Plug-in for Edge Server Yes (7.1 and later) Plug-in for Web Server AM for WAS AM for WLS No Yes (7.2 and later) Yes (7.2 and later)
TAM version 4.1 FP2 delivers major support for Red Hat and SuSE Linux on Intel hardware, allowing you to run the policy server and WebSEAL with the required runtime. That support is demonstrated in this tutorial. The sample platform is a 1.4 GHz Pentium 4 system with 512 MB of RAM running Red Hat Linux 7.3. This represents a sufficient developer workstation. For the recommended hardware, check the Tivoli Access Manager 4.1 Base Installation Guide.
ibm.com/developerWorks
developerWorks
Single sign-on (SSO) functionality is a key base requirement for e-business implementations. IBM Tivoli Access Manager offers robust and flexible SSO support and secure customer session management. By providing highly available and centralized authorization services, Tivoli Access Manager for e-business enables you to better manage and secure your business-critical distributed information, while ensuring that you can meet the time-to-market, flexibility, and scalability requirements that today's on-demand world requires. The IBM Tivoli Access Manager for e-business reverse proxy WebSEAL server is placed between Internet users and your intranet. It enables secure, policy-based, and highly available transactions. The Tivoli WebSEAL server typically resides between two firewalls, creating a semi-protected network commonly referred to as a demilitarized zone, or DMZ. All other servers can then be placed behind the inner firewall inside the more secure corporate network. This configuration prohibits unauthorized users from directly connecting to servers within the corporate network, as the figure below illustrates.
Installing Tivoli Access Manager on Linux Copyright IBM Corporation 2003. All rights reserved.
Trademarks Page 3 of 30
developerWorks
ibm.com/developerWorks
Policy server: Manages the object space database. WebSEAL: Runs the reverse proxy server and policy enforcer. User registry: An LDAP server; stores users, groups, and metadata. Web portal manager: Provides Web user administration. Junction: An HTTP or HTTPS connection between a front-end WebSEAL server and a back-end Web application server. Junctions logically combine the Web space of the back-end server with the Web space of the WebSEAL server, resulting in a unified view of the entire Web object space. Information about junctions is provided in Creating and testing a junction . Note that Web server plug-ins offer an alternative to the reverse proxy server. Additional components are available to meet specific requirements: Authorization server: Manages an object space database replica in synchronization with the policy server for remote mode enforcers. Authorization Development Kit: Helps developers build authorization into an application using C (aznAPI) or Java (JAAS and the PdPermission class) APIs. WebSEAL Development Kit: Helps developers build custom authorization methods (CDAS) to complement those available out of the box. Plug-in for IBM Edge Server's caching proxy Plug-in for IBM HTTP Server Plug-in for MS IIS Web server
Installing Tivoli Access Manager on Linux Copyright IBM Corporation 2003. All rights reserved.
Trademarks Page 4 of 30
ibm.com/developerWorks
developerWorks
from Red Hat CD number 3. Uninstall any existing LDAP server. Netscape LDAP's server may already be running. If it is, remove the nss-ldap package. In this tutorial, it's assumed that you are working from a clean installation of Linux, and that no other software is installed or running.
In this tutorial, IBM Directory Server V4.1.1 is part of the installation. It can be downloaded from the IBM Web site (see Resources).
Component IBM Directory V4.1.1 LDAP server RPMs Ldap-serverd-4.1-1.i386.rpm, Ldap-html_en_US-4.1-1.i386.rpm, Ldap-msg_en_US-4.1-1.i386.rpm
Installing Tivoli Access Manager on Linux Copyright IBM Corporation 2003. All rights reserved.
Trademarks Page 5 of 30
developerWorks
ibm.com/developerWorks
In the following sections, the installation of each of these components is described. This scenario uses a single system installation; however, hints on how to set up a multiple-system configuration are provided.
2.
export PATH=/opt/IBMJava2-131/jre/bin:$PATH
3.
Installing GSKIT
Install the GSKIT RPM now. If you don't, each subsequent software package will attempt to install its own version of the toolkit.
Installing Tivoli Access Manager on Linux Copyright IBM Corporation 2003. All rights reserved.
Trademarks Page 6 of 30
ibm.com/developerWorks
developerWorks
Application Server 5 is used. To download trial versions of the latest versions of DB2 UDB or WebSphere Application Server, see Resources. To begin the installation: 1. 2. 3. 4. Run db2setup from a shell. Select your preferred edition of DB2 UDB. Do not select DB2 Administration Server, unless you'll need it later. Do not select Data Warehouse Services.
Installing Tivoli Access Manager on Linux Copyright IBM Corporation 2003. All rights reserved.
Trademarks Page 7 of 30
developerWorks
ibm.com/developerWorks
export LD_PRELOAD=/usr/lib/libstdc++-libc6.1-2.so.3
3.
Configure LDAP to create the DB2 instance and the root user with the following command:
ldapxcfg
4.
In the next screen select both options, as illustrated in the figure below.
5.
Create a default database and choose the non UTF-8 character set:
6.
Installing Tivoli Access Manager on Linux Copyright IBM Corporation 2003. All rights reserved.
Trademarks Page 8 of 30
ibm.com/developerWorks
developerWorks
7.
When the progress bar finishes, a message indicating successful completion should appear:
Installing Tivoli Access Manager on Linux Copyright IBM Corporation 2003. All rights reserved.
Trademarks Page 9 of 30
developerWorks
ibm.com/developerWorks
You can alter this to match your environment. The second suffix is used by TAM to store metainformation for its own use. For this suffix, you must use the following:
secAuthority=Default
To create these suffixes: 1. 2. Open the file /usr/ldap/etc/slapd32.conf in a text editor. After the line ibm-slapdSuffix: cn=localhost, enter the two new suffixes, but comment the second with a #. The figure below shows the slapd32.conf file.
3.
After restarting LDAP, apply the TAM schema. Run the following command on one line, replacing passw0rd with your own password.
Installing Tivoli Access Manager on Linux Copyright IBM Corporation 2003. All rights reserved.
Trademarks Page 10 of 30
ibm.com/developerWorks
developerWorks
Numerous messages reading modifying entry c=schema will appear. 4. Stop the LDAP server: 1. Get the LDAP process ID with the following command:
cat /etc/slapd.pid
2.
kill -9 xxxx
You'll know LDAP server has been started when the following two messages are displayed:
Non SSL port initialized to 389. Local UNIX socket name initialized to /tmp/s.slapd
6.
Open the file /usr/ldap/etc/slapd32.conf in a text editor again and uncomment the secAuthority=Default suffix. Remember that the server must be restarted again for the suffix to be picked up by LDAP.
Configuring TAM
Launch the TAM configuration GUI from /opt/PolicyDirector/bin/pdconfig. This will bring up the following screen:
Installing Tivoli Access Manager on Linux Copyright IBM Corporation 2003. All rights reserved.
Trademarks Page 11 of 30
developerWorks
ibm.com/developerWorks
Configure these components in the following order: 1. 2. Enter option 1 for AM Runtime and answer the questions about your host name and port. Configure the policy server. Provide LDAP information as needed. Keep the default value of the policy server port. Make note of the root CA certificate location and name; if you've installed other TAM components on separate machines, you'll need to copy this information to those machines. Configure the authorization server and WebSEAL. At this point, you will be asked if you'd like to add more WebSEAL instances. Only one is used in this tutorial, but keep in mind that this configuration tool can be used to create more instances if needed. When you're done, the main menu display status will show you that all configuration has been successfully completed. Enable the LDAP access control: 1. 2. 3. 4. Open the Directory Management Tool (DMT) in a shell by entering dmt. This launches the DMT GUI. Click Rebind and enter the root user cn=root and its password. Now click on Browse Tree. Select the suffix o=ibm,c=us. Click ACL. A window appears. Fill in all the data.
3.
4.
Installing Tivoli Access Manager on Linux Copyright IBM Corporation 2003. All rights reserved.
Trademarks Page 12 of 30
ibm.com/developerWorks
developerWorks
5.
Click the Owners tab. For Type, select group. In the Distinguished Name field, enter cn=SecurityGroup,secAuthority=Default (see the illustration below):
6.
Installing Tivoli Access Manager on Linux Copyright IBM Corporation 2003. All rights reserved.
Trademarks Page 13 of 30
developerWorks
ibm.com/developerWorks
ibm.com/developerWorks
developerWorks
Database As your root user may not have the database environment, $DB2INSTANCE, and $PATH set properly in the .bashrc file, you will need to log on as the ldapdb2 user to start the database, as illustrated below.
[root@tam4linux root]# su - ldapdb2 [ldapdb2@tam4linux ldapdb2]$ db2start SQL1063N DB2START processing was successful. [ldapdb2@tam4linux ldapdb2]$ exit
LDAP server Once the database is started, you can start the LDAP server:
[root@tam4linux root]# slapd Cannot open message catalog file slapd.cat. Plugin of type EXTENDEDOP is successfully loaded from libevent.so. Plugin of type EXTENDEDOP is successfully loaded from libtranext.so. Plugin of type PREOPERATION is successfully loaded from libDSP.so. Plugin of type EXTENDEDOP is successfully loaded from libevent.so. Plugin of type EXTENDEDOP is successfully loaded from libtranext.so. Plugin of type AUDIT is successfully loaded from /lib/libldapaudit.so. Plugin of type EXTENDEDOP is successfully loaded from libevent.so. Plugin of type EXTENDEDOP is successfully loaded from libtranext.so. Plugin of type DATABASE is successfully loaded from /lib/libback-rdbm.so. Non-SSL port initialized to 389. Local UNIX socket name initialized to /tmp/s.slapd. [root@tam4linux root]#
Note that the LDAP server checks at startup to see if the database is running; if it is not, it will start it automatically, generating some warning messages in the process. Tivoli Access Manager components Start the Tivoli components with the autostart script, as follows:
[root@tam4linux root]# cd /opt/PolicyDirector/bin [root@tam4linux bin]# pd_start start Starting the: Access Manager Policy Server Starting the: Access Manager Authorization Server Starting the: Access Manager WebSEAL Server [root@tam4linux bin]#
Testing TAM
Now we'll execute some simple tests to check how things are going so far. 1. Start the administrative console pdadmin and list the servers, as follows:
Trademarks Page 15 of 30
Installing Tivoli Access Manager on Linux Copyright IBM Corporation 2003. All rights reserved.
developerWorks
ibm.com/developerWorks
[root@tam4linux root]# pdadmin pdadmin> login Enter User ID: sec_master Enter Password: pdadmin> server list ivacld-tam4linux.ibm.com webseald-tam4linux.ibm.com pdadmin>
As shown, you should see both the authorization server, ivacld-tam4linux.ibm.com, and the WebSEAL reverse proxy, webseald-tam4linux.ibm.com. 2. Create a user called ibmuser1 as follows:
[root@tam4linux root]# pdadmin pdadmin> login Enter User ID: sec_master Enter Password: pdadmin> user create ibmuser1 cn=ibmuser1,o=ibm,c=us ibmuser1 ibmuser1 passw0rd pdadmin> user modify ibmuser1 account-valid yes
3.
pdadmin> user show ibmuser1 Login ID: ibmuser1 LDAP DN: cn=ibmuser1,o=ibm,c=us LDAP CN: ibmuser1 LDAP SN: ibmuser1 Description: Is SecUser: yes Is GSO user: no Account valid: yes Password valid: yes Authorization mechanism: Default:LDAP pdadmin>
If these tests work, it's safe to assume that you've correctly installed and configured Tivoli Access Manager (TAM) and IBM Directory Server 4.1.
Configuring WebSEAL
In order to observe the behavior of WebSEAL, use a login form that displays an HTML login page instead of the basic authentication popup window. To do that, you'll need to configure WebSEAL for both HTTP and HTTPS. Note that you should be cautious when doing this as allowing HTTP authentication makes it easy for someone to snoop and alter http header information.
Installing Tivoli Access Manager on Linux Copyright IBM Corporation 2003. All rights reserved.
Trademarks Page 16 of 30
ibm.com/developerWorks
developerWorks
1.
Find webselad.conf in the pdweb directory. Open it and add the following modifications:
# Enable authentication using the Basic Authentication mechanism # One of <http, https, both, none> ba-auth = none # Enable authentication using forms # One of <http, https, both, none> forms-auth = both
2.
[root@tam4linux root]# cd /opt/pdweb/ [root@tam4linux pdweb]# cd bin [root@tam4linux bin]# pdweb_start usage: pdweb [start | restart | stop | status] or : pdweb [start | restart | stop ] webseald or instance [root@tam4linux bin]# pdweb_start restart Stopping the: Access Manager WebSEAL Server Starting the: Access Manager WebSEAL Server [root@tam4linux bin]#
Testing WebSEAL
After making the changes, test the new WebSEAL configuration. Access the WebSEAL host on port 80. If you made the changes to webseald.conf outlined on the previous section, you should get this forms-based login window:
Installing Tivoli Access Manager on Linux Copyright IBM Corporation 2003. All rights reserved.
Trademarks Page 17 of 30
developerWorks
ibm.com/developerWorks
Enter the user ID/password combination of the ibmuser1 user created previously. Once you've been authenticated, you will see the WebSEAL banner screen:
Installing Tivoli Access Manager on Linux Copyright IBM Corporation 2003. All rights reserved.
Trademarks Page 18 of 30
ibm.com/developerWorks
developerWorks
developerWorks
ibm.com/developerWorks
1.
2.
Find the document root and make note of it -- you'll be needing it later (see Configuring query_contents).
# # DocumentRoot: The directory out of which you will serve your # documents. By default, all requests are taken from this directory, but # symbolic links and aliases may be used to point to other locations. # DocumentRoot "/opt/IBMHttpServer/htdocs/en_US"
3.
Because the WebSEAL default configuration uses port 80, you have to change the port number for the HTTP server:
# Port: The port to which the standalone server listens. For # ports < 1023, you will need httpd to be run as root initially. # Port 81
4.
[root@tam4linux IBMHttpServer]# cd bin [root@tam4linux bin]# pwd /opt/IBMHttpServer/bin [root@tam4linux bin]# apachectl start ./apachectl start: httpd started [root@tam4linux bin]#
Current architecture To browse the current architecture, use a recursive call to object list in the pdadmin console. You'll obtain the full name of the objects that will be used in the ACL attach process.
[root@tam4linux root]# pdadmin pdadmin> login Enter User ID: sec_master Enter Password: pdadmin> object list /Management /WebSEAL pdadmin> object list /WebSEAL /WebSEAL/tam4linux.ibm.com pdadmin> object list /WebSEAL/tam4linux.ibm.com
Installing Tivoli Access Manager on Linux Copyright IBM Corporation 2003. All rights reserved.
Trademarks Page 20 of 30
ibm.com/developerWorks
developerWorks
/WebSEAL/tam4linux.ibm.com/cgi-bin /WebSEAL/tam4linux.ibm.com/icons /WebSEAL/tam4linux.ibm.com/pics /WebSEAL/tam4linux.ibm.com/index.html pdadmin> object list /WebSEAL/tam4linux.ibm.com /WebSEAL/tam4linux.ibm.com/cgi-bin /WebSEAL/tam4linux.ibm.com/icons /WebSEAL/tam4linux.ibm.com/pics /WebSEAL/tam4linux.ibm.com/index.html pdadmin>
Notice the sample host name, tam4linux.ibm.com. Throughout the remainder of this tutorial, substitute this with your own host name.
Creating a Junction
To create a junction, enter the following command on one line:
pdadmin> server task webseald-tam4linux.ibm.com create -t tcp -h tam4linux -p 81 /ibmhttp
Let's look more closely at the components of this command: -t tcp: Defines a TCP/IP junction type -h tam4linux: Defines the host name -p 81: Defines the port number /ibmhttp: Defines the mount point
Configuring query_contents
To browse the junction with the pdadmin tool, use a CGI script, query_contents, to explore the document root. To configure query_contents: 1. Copy the script from the pdweb directory and make it executable by all users:
[root@tam4linux query_contents]# pwd /opt/pdweb/www/lib/query_contents [root@tam4linux query_contents]# ls C query_contents.c query_contents.cfg query_contents.exe query_contents.sh [root@tam4linux query_contents]# cp query_contents.sh /opt/IBMHttpServer/cgi-bin/query_contents [root@tam4linux query_contents]# cd /opt/IBMHttpServer/cgi-bin/ [root@tam4linux cgi-bin]# ls query_contents [root@tam4linux cgi-bin]# chmod 555 query_contents
Installing Tivoli Access Manager on Linux Copyright IBM Corporation 2003. All rights reserved.
Trademarks Page 21 of 30
developerWorks
ibm.com/developerWorks
2.
Edit the CGI file and modify the document root to fit the one you have in your Web server.
# # NOTE: change this panel so that the document root is set correctly # for your installation. # ADD_TO_ROOT= case "$SERVER_SOFTWARE" in WebSEAL*|WAND*) DOCROOTDIR=`pwd` ;; # Apache*) changed to match our server_software *Apache*) # DOCROOTDIR=`pwd`/../htdocs changed to match our document root DOCROOTDIR=`pwd`/../htdocs/en_US
Here's a hint for a quick debug of this script. Add the following line:
echo SERVER_SOFTWARE : $SERVER_SOFTWARE
Then point your browser to the following URL (substitute tam4linux.ibm.com with your host name):
http://tam4linux.ibm.com/cgi-bin/query_contents
This should return HTTP_SERVER/1.3.26 Apache/1.3.26 (Unix). By default, the configuration fails and the document root directory is not well set. To keep the original configuration script, you need to modify the regular expression Apache*, which matches anything beginning with Apache, with *Apache*, which matches anything containing Apache, including IBM_HTTP_SERVER/1.3.26 Apache/1.3.26 (Unix). This change is reflected in the listing above. 3. Check the configuration. Point your browser to the following URL:
http://tam4linux.ibm.com/cgi-bin/query_contents?dirlist=/
Installing Tivoli Access Manager on Linux Copyright IBM Corporation 2003. All rights reserved.
Trademarks Page 22 of 30
ibm.com/developerWorks
developerWorks
Again, substitute tam4linux.ibm.com with your own host name. You should be see a list of the files of the document root directory. If you see a return value other than 100, check out the WebSEAL Admin guide for assistance. Your browser window should look like this:
4. 5.
Don't forget to remove any debug instructions. Finally, compare the list presented in the browser by the CGI script against the list available through the pdadmin console:
pdadmin> object list /WebSEAL/tam4linux.ibm.com/ibmhttp /WebSEAL/tam4linux.ibm.com/ibmhttp/HP-UX.gif /WebSEAL/tam4linux.ibm.com/ibmhttp/HTTP_top_a.gif /WebSEAL/tam4linux.ibm.com/ibmhttp/HTTP_top_b.gif /WebSEAL/tam4linux.ibm.com/ibmhttp/IBMlogosmall.gif /WebSEAL/tam4linux.ibm.com/ibmhttp/OS2.gif /WebSEAL/tam4linux.ibm.com/ibmhttp/Powered_by_a.gif /WebSEAL/tam4linux.ibm.com/ibmhttp/SystemAdmin.gif /WebSEAL/tam4linux.ibm.com/ibmhttp/aixlogo.gif /WebSEAL/tam4linux.ibm.com/ibmhttp/apadminred.html .... ....
developerWorks
ibm.com/developerWorks
Notice that you are giving unauthenticated people and any others the right to T(raverse), r(ead), and e(xecute) on any objects. Next, use the following commands to create the restricted ACL to restricts the access to the files below the manual directory to only authenticated users.
pdadmin> acl create Restricted pdadmin> acl modify Restricted set any-other Trx pdadmin> acl modify Restricted set unauthenticated T pdadmin> acl attach /WebSEAL/tam4linux.ibm.com/ibmhttp/manual Restricted pdadmin> acl show Restricted ACL Name: Restricted Description: Entries: User sec_master TcmdbsvaBl Any-other Trx Unauthenticated T
Notice that you are allowing the unauthenticated to only traverse this directory (to reach another allowed area, for example), but not to read or execute any objects. Note: A WebSEAL ACL should ALWAYS contain the core entries for groups iv-admin and webseal-servers, and user sec_master. While what we have will work for demo purposes, in a real world environment attaching WebSEAL ACLS's without the core entries can be a mess. The core entries should always be present in a WebSEAL ACL. To synchronize the policy server and WebSEAL:
pdadmin> server replicate pdadmin>
Installing Tivoli Access Manager on Linux Copyright IBM Corporation 2003. All rights reserved.
Trademarks Page 24 of 30
ibm.com/developerWorks
developerWorks
A simple test
To verify the good behavior of the junction with the ACL policy, let's first access the junction. As usual, you'll need to change tam4linux.ibm.com in the URL on this panel with your own host name. Note that no authentication is required to access the junction.
Click View Documentation to access the manuals. When you do, you'll get a popup login window, as illustrated below. The login panel appears because basic authentication has been selected in the WebSEAL configuration file. (Cf. configuring webSEAL).
Installing Tivoli Access Manager on Linux Copyright IBM Corporation 2003. All rights reserved.
Trademarks Page 25 of 30
developerWorks
ibm.com/developerWorks
Clicking the documentation link will access http://tam4linux.ibm.com/ibmhttp/manual/ibm/manual.html. Since we attached our ACL to the URL ../ibmhttp/manual, WebSEAL intercepts it as needing authentication. After you've connected and authenticated, until a new session is initiated you can access the manual and use the single sign-on functionality to browse the entire site without authenticating again.
Installing Tivoli Access Manager on Linux Copyright IBM Corporation 2003. All rights reserved.
Trademarks Page 26 of 30
ibm.com/developerWorks
developerWorks
Section 6. Summary
Linux is becoming a dominant platform for e-business and enterprise applications. Tivoli Access Manager solutions for Linux (zSeries and Intel architectures) provide the following benefits: An integrated security management platform that delivers a single security model across the e-business infrastructure: Web servers, Java 2 Platform, Enterprise Edition (J2EE) Application Servers, CRM, ERP, and SCM with RACF integration. A highly secure Linux kernel module provided by Access Manager for Operating Systems (AMOS) that secures the underlying Linux platform with a complete role-based access control and Web-based Linux administration across the Linux enterprise. Web single sign-on across the e-business infrastructure. A single security model across multiple Web application servers.
Installing Tivoli Access Manager on Linux Copyright IBM Corporation 2003. All rights reserved.
Trademarks Page 27 of 30
developerWorks
ibm.com/developerWorks
We hope this tutorial has been helpful for systems integrators looking to get a jump start on this newly supported platform.
Installing Tivoli Access Manager on Linux Copyright IBM Corporation 2003. All rights reserved.
Trademarks Page 28 of 30
ibm.com/developerWorks
developerWorks
Resources
Learn Check out the IBM Red Paper IBM Tivoli Access Manager for e-Business . Read the IBM developer domain tutorial, Secure your Web resources integrating WebSphere and Tivoli Access Manager . Learn more about Tivoli Access Manager from the Tivoli product page. Read the IBM Redbook, Enterprise Security Architecture using IBM Tivoli Security Solutions Stay current with developerWorks technical events and Webcasts. Get products and technologies Download the IBM Directory Server. Download a trial version of IBM WebSphere Application Server. Download a trial version of IBM DB2 Universal Database. Build your next development project with IBM trial software, available for download directly from developerWorks. Discuss Participate in the discussion forum for this content. Exchange knowledge with others in the Tivoli forums.
Jean-Paul Chobert Jean-Paul Chobert is an e-business architect with IBM Developer Relations. He has 21 years of software development experience.
Installing Tivoli Access Manager on Linux Copyright IBM Corporation 2003. All rights reserved.
Trademarks Page 29 of 30
developerWorks
ibm.com/developerWorks
Jean-Paul previously worked for Thomson CSF and Alcatel. He works in IBM for the strategic alliance partner program, doing consulting, mentoring, coding, and teaching. He is IBM IT Specialist certified and product certified in IBM Tivoli Access Manager, WebSphere MQ, WebSphere Application Server, WebSphere Commerce, WebSphere Studio, and e-Business Designer. He graduated from Ecole Nationale Superieure des Telecommunications, Paris, France.
James Webster James Webster is a technical consultant for security products in the Ready for Tivoli Integration program. He is a certified Tivoli Access Manager consultant. James has a degree in computer science from Texas A&M University. Contact him at websteja@us.ibm.com.
Installing Tivoli Access Manager on Linux Copyright IBM Corporation 2003. All rights reserved.
Trademarks Page 30 of 30