18.3 Security Configuration

The following table provides a summary of the options you can change to allow or limit access to the server through OES Remote Manager.

Table 18-2 Options for Changing or Limiting Access to a Server Through OES Remote Manager

Issue/Feature

Recommendation

For More Information

SSL key cipher strength

High (112-bit or greater encryption)

The default setting is ALL, which allows any encryption level.

Section A.8, SSL Key Cipher Strength Command

Let the root user access OES Remote Manager with full management rights.

This is the default setting. The root user is the only user with full management rights in OES Remote Manager.

By default, only the root user and LUM-enabled eDirectory users can log in to OES Remote Manager. Non-LUM-enabled eDirectory users cannot access the server through OES Remote Manager.

We recommend that the root user be the only local user created on the system. However, if local users log in to OES Remote Manager, their access is limited to viewing the file systems that they have the local rights to see. The management features are not available to non-root local users.

Accessing OES Remote Manager.

Let all LUM-enabled eDirectory users access file system information in OES Remote Manager.

All non-local user access is controlled by eDirectory and LUM. LUM-enabled eDirectory users can log in and view the file systems that they have the eDirectory rights and file system rights to see. These users (including Admin users and Admin-equivalent users) do not have management rights in OES Remote Manager.

Accessing OES Remote Manager.

Deny access to all non-LUM-enabled eDirectory users.

The eDirectory users that are not LUM enabled cannot access the server through OES Remote Manager.

 

Deny access to all LUM-enabled eDirectory users, including the Admin user and Admin-equivalent users.

Set the nolum option in the /etc/opt/novell/httpstkd.conf file and edit the /etc/pam.d/httpstkd file.

Remove these lines:

auth     sufficient  pam_nam.so
account  sufficient  pam_nam.so
password sufficient  pam_nam.so
session  optional    pam_nam.so

When the nolum option is set, no LUM-enabled eDirectory user can access the server via OES Remote Manager, including the Admin user and Admin-equivalent user. By default, non-LUM-enabled eDirectory users continue to be denied access. Only the root user has full management access to OES Remote Manager.

Restrict access for all LUM-enabled eDirectory users, except the Admin user and users with rights equivalent to Admin.

Deny access to all non-LUM-enabled eDirectory users.

Set the supervisoronly option in the /etc/opt/novell/httpstkd.conf file.

When the supervisoronly option is set, the Admin user and Admin-equivalent users are the only LUM-enabled eDirectory users that can log in to OES Remote Manager. They can view the file systems that they have the eDirectory rights and file system rights to see. By default, non-LUM-enabled eDirectory users continue to be denied access. Only the root user has full management access to OES Remote Manager.

Restrict access to specific workstations or a range of IP address

Set the filteraddr and filtersubnet options in the /etc/opt/novell/httpstkd.conf file.

Remove access to the utility for all users

Stop the HTTPSTKD daemon.

Starting or Stopping HTTPSTKD.