What Are Proxy Users; Why Are Proxy Users Needed On Oes; Which Services Require Proxy Users And Why - Novell OPEN ENTERPRISE SERVER 2 SP2 - PLANING AND IMPLEMENTATION GUIDE 11-10-2009 Implementation Manual

I.2.1 What Are Proxy Users?
As the name implies, proxy users are user objects that perform functions on behalf of OES services.
Proxy user accounts do not represent people, rather they are eDirectory objects that provide very
specific and limited functionality to OES services. Generally, this includes only retrieving service-
related information, such as user passwords and service attributes, but sometimes proxy users also
write service information in eDirectory.
Many but not all OES services rely on proxy users to run on Linux (see
Proxy Users and Why?" on page
integral part of configuring OES.
None of the OES services require that you specify proxy user information during the OES
installation, but some, such as DNS/DHCP, AFP, CIFS, and iFolder, give you the option to do so.
Others, such as NCS and NSS create proxy users without user input, while Archive and Versioning
Services always uses the install admin as its proxy user.
I.2.2 Why Are Proxy Users Needed on OES?
OES provides the Novell services that were previously only available on NetWare.
To make its services available on Linux, Novell had to accommodate a fundamental difference
between the way services run on NetWare and the way they run on Linux.
NetWare Services: The NetWare operating system and eDirectory are tightly integrated. This
allows the services (NLMs) on NetWare to assume the identity of a server object in eDirectory,
thus gaining access to the other objects and information in eDirectory that are needed for the
services to run.
OES Services: eDirectory also runs very well on OES, and it provides the infrastructure on
which OES services rely, but it is not integrated with the Linux operating system.
On Linux servers there is no concept of a service, such as Apache or iFolder running as a server
object. Instead, each service runs using a User ID (uid) and a Group ID (gid) that the Linux
server recognizes as being valid.
I.2.3 Which Services Require Proxy Users and Why?
The following services utilize a proxy user.
Proxy Users Functions Listed by Service
Table I-3
Associated Service
AFP
Archive Versioning
CIFS
260 OES 2 SP2: Planning and Implementation Guide
260). Proxy user creation and/or configuration is therefore an
Example Proxy User Name
AfpProxyUser-servername
admin
The install admin is always
specified.
CifsProxyUser-servername
"Which Services Require
Services That the User Provides
Retrieves passwords for AFP users.
The service runs as this user.
Retrieves passwords for CIFS users.