Facilitating Access To Edirectory; Protecting The Agent Web Consoles - Novell GROUPWISE 8 - ADMINISTRATION Administration Manual
Hide thumbs
Also See for GROUPWISE 8 - ADMINISTRATION:
- Manual (81 pages) ,
- Quick manual (10 pages) ,
- Troubleshooting manual (182 pages)
Table of Contents
Advertisement
If the NetWare MTA, Internet Agent, or WebAccess Agent runs on a server other than where the
domain database and directory structure are located, it needs to log in to that remote server using an
existing username and password. All three of these agents support the /user and /password switches
for this purpose. The MTA also supports the /dn switch parallel to the POA. You cannot currently
use ConsoleOne to specify username and password information for these agents.
Providing passwords in clear text in a startup file might seem like a security risk. However, the
servers where the agents run should be kept physically secure. If an unauthorized person did gain
physical access, they would not be doing so for the purpose of obtaining these particular passwords.
And the passwords are encrypted as they pass over the wire between servers, so the security risk is
minimal.
74.2.2 Facilitating Access to eDirectory
If you have enabled eDirectory user synchronization, the MTA must be able to log in to eDirectory
in order to obtain the updated user information. An eDirectory-enabled MTA should be installed on
a server where a local eDirectory replica is located.
If the eDirectory-enabled NetWare MTA is running on a different server from where the domain is
located, you must add the /user and /password switches, or the /dn switch, to the MTA startup file so
that the MTA can authenticate to eDirectory. The /dn switch is preferable, so that username and
password information is not exposed in the MTA startup file. If the NetWare MTA is running on the
same server where the domain is located, the MTA can look up the distinguished name in the
domain database.
For the eDirectory-enabled Windows MTA, you must add the /user and /password switches to the
MTA startup file in order to specify the network user account that the MTA should use to
authenticate to eDirectory.
For more information, see
74.2.3 Protecting the Agent Web Consoles
When you install the POA and the MTA, they are automatically configured with an agent Web
console and no password protection is provided. When you install the Internet Agent and the
WebAccess Agent, you can choose whether to enable the agent Web console during installation. If
you do, you can provide password protection at that time.
If you do not want agent Web console status information available to anyone who knows the agent
network address and port number, you should set passwords on your agent Web console, as
described in the following sections:
Section 37.2, "Using the POA Web Console," on page 544
Section 42.2, "Using the MTA Web Console," on page 673
Section 49.2, "Using the Internet Agent Web Console," on page 805
Section 56.1.2, "Using the WebAccess Agent Web Console," on page 949
If you plan to access the agent Web consoles from GroupWise Monitor, it is most convenient if you
use the same password on all agent Web consoles. That way, you can provide the agent Web console
password once in GroupWise Monitor, rather than having to provide various passwords as you view
1156 GroupWise 8 Administration Guide
Section 41.4.1, "Using eDirectory User Synchronization," on page
653.
Advertisement
Table of Contents
Troubleshooting
