Managing the
WebID Domain Secret
The domain
cookies that you distribute to tokenholders must contain a unique
identifier known as a domain secret. The domain secret is known
to all the ACE/Agents in your domain that have the Domain Cookies
feature enabled, and therefore must be the same on each machine.
The domain secret
must be stored in the DomainData parameter of
the aceagent.cfg file of every machine in
the domain that has the Domain Cookies feature enabled.
Note:
The
domain secret data string must be 64 characters in length and can
contain only the characters 0 through 9
and a through f (both upper and
lower case are permitted).
For example, your domian secret will look
similar to this: 2e8D115f90B5c6a. . .
To distribute
the domain secret:
- Choose one server in the domain to be the
domain cookie "source" machine. You will copy
this machine's domain secret to the rest of the servers
that will distribute domain cookies.
- cd to the /netscape_home_directory/plugins/aceagent
directory.
- Using a text editor, such as vi, open the aceagent.cfg file.
- Delete the existing string value in DomainData
parameter.
- Enter a 64-character string of random data
in the DomainData parameter.
This string can
contain only the characters 0 through 9,
and a through f (both
upper and lower case are permitted).
- Write down the 64-character string or copy
it to the clipboard.
- Save and close the aceagent.cfg
file.
- Go or telnet to another
Web server that will have the Domain Cookies feature
enabled.
Note:
All ACE/Agent administration should be done over a secure
connection. Do not
send or ftp the domain secret in clear text.
- Open the aceagent.cfg file
- In the DomainData parameter, enter or
paste in the 64-character domain secret data string.
- Save and close the file.
- Repeat steps 6-8 on each server in the domain that will
have the Domain Cookies feature enabled.
- If you have
written down the domain secret, destroy the paper on
which it is written.
Domain Cookies