beansnetserverd {SERVER=server} {DATABASE=database} {NAME=name} {BINDIP=address} {BINDPORT=port} [PROTOCOL=protocol] [KEYFILE=keyfile] [PASSWORD=password]
beansnetserverd {SERVER=server} {DATABASE=database} {NAME=//address:port/name}
beansnetserverd {auto}
The beansnetserverd is a Beans proxy server that accepts Beans application logins over a network and forwards them to a database server, for processing. beansnetserverd accepts connections from either the standalone application, or the Beans application that's running as a browser applet.
server and database specify the database server where connections are forwarded. beansnetserverd creates a Java remote process registry on address (which must be one of the IP addresses assigned to the machine that's running beansnetserverd) and port, then registers itself as process name.
It is also possible to have beansnetserverd register itself with another remote process registry, by specifying the registry server as a RMI URL. Note, however, that the default Java RMI classes do not properly work on multi-homed machines, and beansnetserverd must create and register its own registry to properly function on multi-homed machine.
The single argument auto instructs beansnetserverd to read its arguments from the file /usr/local/etc/java/beansnetserver.config. This file should list the above options, one per line.
RMI connections over an untrusted network, such as the Internet, should be encrypted. This is done by providing the PROTOCOL, KEYFILE, and PASSWORD options. protocol should be the literal string "SSL". keyfile specifies the filename of the Java keystore that holds the private key/certificate pair used to encrypt the connection. The default setting for this parameter should be /usr/local/share/beans/keystore. If a different file is used, the /usr/local/share/beans/AcctRemoteImpl.policy policy file should be modified accordingly to grant read permission on the keystore. Use the PASSWORD option to specify the password on the encrypted keystore file.
| NOTE: | At this time, the password specified on the command line may be visible with the ps(1). This is temporary, a future revision will provide the password to be manually entered. |
The keyfile should be created using java's keytool(1) utility. See Java's documentation for instructions for using keytool are provided. These instructions are summarized here for convenience.
keytool -genkey -alias default -keyalg RSA \ -validity 365 -keystore keystore |
Running this command prompts for a password, and some additional information (mostly descriptive in nature), which then saved in the file keystore in the current directory. The new key will be valid for 365 days, and provide the same password to beansnetserverd's PASSWORD option.
Move the keystore file to /usr/local/share/beans/keystore (the default keystore location), then extract the certificate from the keystore (will be needed on the client side):
keytool -export -alias default -keystore keystore \ -rfc -file certificate |
After running this command, /usr/local/share/beans/certificate will contain the corresponding certificate.
It's also possible to use a "real" certificate, signed by a trusted certificate authority, by importing the certificate into keystore. In that case, the certificate file should be the trusted CA's certificate.