Use this page to define default security settings that can be used with Directory Server and enterprise servers.
You can override these defaults for individual servers.
- Verify against all Security Managers
- Set this if you want each security query to be checked by all entries on the Security Manager Priority List. If this is not
set, the entries will be queried in the order that they appear on the Priority List until one gives a response of Allow, Deny,
or Fail (equivalent to Deny). This response will then be used to decide what action should be taken. If this field is set,
all entries on the list will be queried, and if any returns a Deny or Fail, the access request will be denied. If there are
no Deny or Fail responses and at least one of the entries on the list gives Allow as its response, the request will be allowed.
If a security manager does not have a rule for the resource or user specified in the request, it gives a response of Unknown.
Whatever the setting of the
Verify against all Security Managers field, if all of the entries on the priority list respond with Unknown, the request will be denied unless you have checked
Allow unknown resources or
Allow unknown users.
- Allow unknown resources
- Check this if you want the security facility to permit access to any unknown resource; that is, any resource for which all
entries on the priority list return Unknown. You might use this in circumstances where you only want to restrict access to
some resources.
- Allow unknown users
- Check this if you want to allow unknown users to log in.
- Create audit events
- Check this to enable the enterprise server or Directory Server to generate security audit events. These events can be captured
and logged by the Audit Facility.
- Use all groups
- Check this if a user requesting authorization is to have the permissions of every group to which they belong. Uncheck this
if the user is to have only the permissions of the group specified in the initial security API call that requested verification
(authentication) of the user's credentials. Where no group is specified in the verify call, a default group is used.
- Cache TTL
- Enter the maximum time in seconds that an entry in the cache can be used to satisfy requests before the details must be required
from the security manager.
- Cache limit
- Enter the maximum size in kilobytes that the Directory Server or enterprise server's security facility can use for caching
the results of security queries.
- Configuration Information
- Specify any additional configuration settings that the security facility requires.