Table of Contents
Advertisement
What Is Access Control?
What Is Access Control?
Access control allows you determine who can access Enterprise Administration
Server and which servers and tabs (also called programs) they can access as
well as who can access the files or directories on your web site. You can use
two methods for controlling access:
• User-Group. This method requires users to enter a username and
• Host-IP. This method requires the user to access the web server from a
To control the amount of time that ACL user cache is valid, use the
ACLCacheLifetime directive in the magnus.conf file. Each time an entry
in the cache is referenced, its age is calculated and checked against
ACLCacheLifetime. The entry is not used if its age is greater than or equal
to the ACLCacheLifetime. The default value is 120 seconds. If this value is
set to 0, the cache is turned off. If you use a large number for this value, you
may need to restart Enterprise Server when you make changes to the LDAP
entries. For example, if this value is set to 120 seconds, Enterprise Server might
be out of sync with the LDAP server for as long as two minutes. If your LDAP is
not likely to change often, use a large number.
The ACL Cache holds information for 200 users, and each user entry can cache
one group membership for that user (these values can not be tuned). Entries in
the cache are maintained in a list, and new entries are added at the head of the
list. When the cache is full entries are recycled from the end of the list. An
entry's position in the list does not change when it is referenced. The number
of entries in the cache depends entirely on how many people have
authenticated against an ACL (until the cache is full, at which time the cache
will have 200 entries until the server is restarted).
326 Netscape Enterprise Server Administrator's Guide
password before accessing the server. The server compares the information
in a client certificate or the client certificate itself with a directory server
entry. This methods requires the use of a directory server. If you choose to
use client certificates, you should increase the value of the
AcceptTimeout directive in magnus.conf.
specific computer, where the web server recognizes the computer by either
its hostname or its IP address. This methods does not require a directory
server.
Advertisement
Table of Contents
Need help?
Do you have a question about the Netscape Enterprise Server and is the answer not in the manual?