Certificate Management - Novell LINUX ENTERPRISE SERVER 10 - INSTALLATION AND ADMINISTRATION 11-05-2007 Installation Manual

over the network, enable Allow Remote Graphical Login. Because this access
possibility represents a potential security risk, it is inactive by default.
User Addition
Every user has a numerical and an alphabetical user ID. The correlation between
these is established using the file /etc/passwd and should be as unique as pos-
sible. Using the data in this screen, define the range of numbers assigned to the
numerical part of the user ID when a new user is added. A minimum of 500 is
suitable for users. Automatically generated system users start with 1000. Proceed
in the same way with the group ID settings.
Miscellaneous Settings
To use predefined file permission settings, select Easy, Secure, or Paranoid. Easy
should be sufficient for most users. The setting Paranoid is extremely restrictive
and can serve as the basic level of operation for custom settings. If you select
Paranoid, remember that some programs might not work correctly or even at all,
because users no longer have permission to access certain files.
Also set which user should launch the updatedb program, if installed. This pro-
gram, which automatically runs on a daily basis or after booting, generates a
database (locatedb) in which the location of each file on your computer is stored.
If you select Nobody, any user can find only the paths in the database that can be
seen by any other (unprivileged) user. If root is selected, all local files are indexed,
because the user root, as superuser, may access all directories. Make sure that
the options Current Directory in root's Path and Current Directory in Path of
Regular Users are deactivated. Only advanced users should consider using these
options because these settings may pose a significant security risk if used incorrectly.
To have some control over the system even if it crashes, click Enable Magic SysRq
Keys.
Click Finish to complete your security configuration.

8.9.4 Certificate Management

Certificates are used for communication and can also be found, for example, on company
ID cards. To manage them or import a common server certificate, use Security and
Users > CA Management. Detailed information about certificates, their technologies,
and management with YaST are provided in
(page 801).
Chapter 42, Managing X.509 Certification
System Configuration with YaST 175