Security Settings

Security settings for internal and external communication between different nodes of LogLogic LMI are stored in the /loglogic/conf/llsecurity.conf file.

For enhanced security, LogLogic LMI provides:

Two-factor authentication
Ability to prevent cross-site request forgery

Two-factor authentication

By default, two-factor authentication is disabled in LogLogic LMI. However, you can enable this feature by configuring parameters in the /loglogic/conf/llsecurity.conf file.

Prerequisites

Before enabling two-factor authentication, ensure that:

SSL certificates have been issued to all users.
The Distinguished Name (DN) in the user's SSL certificate matches the user name in LogLogic LMI.
Users have imported the SSL certificates in the browser to access LogLogic LMI.
If a user removes or deletes a certificate from the browser, the browser cache must be cleared and the browser restarted.

Procedure

Connect to the appliance by using SSH and edit the /loglogic/conf/llsecurity.conf file.

Configure the following parameters in the file:

Parameter	Default Value	Description
CLIENT_AUTH_ENABLED	false (disabled)	Enables or disables client authentication.
CA_CERT_FILE_PATH	(empty)	Path to the extra client CA certificate file. For example, /loglogic/conf/`<CA_CERT_FILE>` Applicable only if two-factor authentication is enabled.

Parameter

Default Value

Description

CLIENT_AUTH_ENABLED

false (disabled)

Enables or disables client authentication.

CA_CERT_FILE_PATH

(empty)

Path to the extra client CA certificate file.

For example, /loglogic/conf/<CA_CERT_FILE>

Applicable only if two-factor authentication is enabled.

After making any changes to these parameters, restart the LogLogic LMI application by running the following commands:
1. $ mtask stop
2. $ mtask start

Contents

Index

Search Results

Security Settings

Two-factor authentication

Prerequisites

Procedure