Agent Passwords; Facilitating Access To Remote Servers - Novell GROUPWISE 7 - SECURITY ADMINISTRATION Manual

mailbox access are obtain using trusted applications, third-party programs that can log into Post
Office Agents (POAs) in order to access GroupWise mailboxes. For more information about using
trusted application to bypass mailbox passwords, see
page 69

70.2 Agent Passwords

Agent passwords facilitate access to remote servers where domains, post office, and document
storage areas are located and access to eDirectory for synchronization of user information between
GroupWise and eDirectory. They also protect GroupWise Monitor and the agent Web consoles from
unauthorized access.
Section 70.2.1, "Facilitating Access to Remote Servers," on page 1115
Section 70.2.2, "Facilitating Access to eDirectory," on page 1116
Section 70.2.3, "Protecting the Agent Web Consoles," on page 1116
Section 70.2.4, "Protecting the GroupWise Monitor Web Console," on page 1116

70.2.1 Facilitating Access to Remote Servers

®
If the NetWare POA runs on a server other than where the post office database and directory
structure are located, it needs to log in to that remote server using an existing username and
password. There are several ways to provide this information:
Fill in the Remote User Name and Remote Password fields on the Post Office Settings page of
the Post Office object in ConsoleOne
Add the /dn startup switch to the POA startup file to provide the fully distinguished name of the
NetWare POA object
Add the /user and /password
password
The Windows POA also needs username and password information if it needs to access a document
storage area on a server other than the one where the post office database and directory structure are
located. The three methods listed above can be used for this situation as well. The Windows POA
does not need username and password information in order to access the post office directory
because it should already have a drive mapped to that location.
If the NetWare MTA, Internet Agent, or WebAccess Agent runs on a server other than where the
domain database and directory structure are located, it needs to log in to that remote server using an
existing username and password. All three of these agents support the /user and /password switches
for this purpose. The MTA also supports the /dn switch parallel to the POA. You cannot currently
use ConsoleOne to specify username and password information for these agents.
Providing passwords in clear text in a startup file might seem like a security risk. However, the
servers where the agents run should be kept physically secure. If an unauthorized person did gain
physical access, they would not be doing so for the purpose of obtaining these particular passwords.
And the passwords are encrypted as they pass over the wire between servers, so the security risk is
minimal.
Section 4.12, "Trusted Applications," on
startup switches to the POA startup file to provide a username and
GroupWise Passwords 1115