Manuals / Brands / Computer Equipment / Software / HP / Computer Equipment / Software

HP UX Direry Server 2.8.4 Creating a password file for the Admin Server, token, password, internal, 10.Click Save, password.conf, authentication, Create a password file named

1 68

Download 68 pages, 1.59 Mb

9.Set whether to require client authentication to the Admin Server. Client authentication means that the server checks that the client's certificate has been issued by a trusted CA.

10.Click Save.

2.8.4 Creating a password file for the Admin Server

Normally, if SSL is enabled, the server prompts for a security password when the Admin Server is restarted:

Starting dirsrv-admin

Please enter password for "internal" token:

The Admin Server can use a password file when TLS/SSL is enabled so that the server restarts silently, without prompting for the security password.

WARNING!

This password is stored in clear text within the password file, so its use represents a significant security risk. Do not use a password file if the server is running in an unsecured environment.

1.Open the Admin Server configuration directory. cd /etc/opt/dirsrv/admin-serv

2.Create a password file named password.conf. The file should include a line with the token name and password, in the form token:password. For example:

internal:secret

For the NSS software crypto module (the default software database), the token is always called internal.

The password file should be owned by the Admin Server user and set to read-only by the Admin Server user, with no access to any other user (mode 0400).

2.8 Working with SSL

29

Contents

HP-UXDirectory Server Version Page Table of Contents Glossary Index 1 Introduction to HP-UXDirectory Server SSL TLS NOTE: 2 Admin Server configuration 2.1 Directory Server file locations 2.2 Starting and stopping the Admin Server 2.2.1Starting and stopping Admin Server from the console 2.2.2 Starting and stopping Admin Server from the command Line 2.3 Opening the Admin Server console Figure 2-1Login box TIP: Open 2.4 Viewing logs 2.4.1Viewing the logs through the console 2.4.2 Viewing logs in the command line 2.4.3 Changing the log name in the console 2.4.4 Changing the log location in the command line 2.5Changing the port number 2.5.1Changing the port number in the console 2.5.2Changing the port number in the command line 2.6Setting host restrictions 2.6.1Setting host restrictions in the console 2.6.2 Setting host restrictions in the command line 2.7Changing the admin user's name and password 2.8Working with SSL 2.8.1 Requesting and installing a server certificate •Server Name IMPORTANT: •Organization •Organizational Unit (Optional) A descriptive name for the organization within the company Request Submission Copy to Clipboard Save to File Install In this local file In the following encoded text block 2.8.2 Installing a CA certificate CA Certs Next •Accepting connections from clients (Client Authentication) •Accepting connections to other servers (Server Authentication) 2.8.3Enabling SSL 4.Select the Enable SSL for this server checkbox 5.Select the Use this cipher family: RSA checkbox Internal (Software-based) Settings 2.8.4 Creating a password file for the Admin Server 2.9 Changing Directory Server settings 2.9.1 Changing the configuration directory host or port 2.9.2Changing the user directory host or port Use Default User Directory Set User Directory LDAP Host and Port Give the User Directory Subtree 3 Admin express 3.1 Managing servers in Admin Express 3.1.1Opening Admin Express 3.1.2 Starting and stopping servers 3.1.3 Viewing server logs 3.1.4 Viewing server information 3.1.5 Monitoring replication from Admin Express supplier consumer nobody grep \^User /etc/opt/dirsrv/admin-serv/console.conf chmod 0400 filename Figure 3-4Viewing replication status Figure 3-5Viewing replication status 3.2 Configuring Admin Express 3.2.1 Admin Express file locations 3.2.2 Admin Express configuration files 3.2.2.1 Files for the Admin Server welcome page Figure 3-6Intro page elements directive The text files themselves have inline formatting for the inserted table rows 3.2.2.2 Files for the replication status appearance 3.2.2.3 Files for the server information page 3.2.2.4 Files for the server logs page 3.2.3 Admin Express directives Table 3-2Admin Express directives (continued) Page 4 Admin Server command-linetools 4.1 sec-activate 4.2 modutil task “Task commands for modutil” option “Options for modutil” Tasks and options Table 4-1Task commands for modutil (continued) Table 4-2Options for modutil Table 4-2Options for modutil (continued) JAR information file JAR (Java Archive) is a platform-independent file format that aggregates many files into one. JAR files are used by •“Enabling a slot” •“Enabling FIPS compliance” •“Adding a cryptographic module” •“Changing the password on a token” Creating database files modutil -fipstrue FIPS mode enabled Adding a cryptographic module Module "Cryptorific Module" added to database Changing the password on a token 5 Support and other resources 5.1 Contacting HP 5.1.1 Information to collect before contacting HP 5.1.2How to contact HP technical support 5.1.3HP authorized resellers 5.2.2 HP-UXdocumentation set 5.2.3Troubleshooting resources 5.3 Typographic conventions Page Glossary bind See bind DN bind DN bind rule branch entry CoS definition entry affects CoS template Contains a list of the shared attribute values file type extension (for example, .GIF or .HTML) filter filtered role role LDAP and across multiple platforms LDAP client Software used to request and view LDAP entries from an LDAP Directory Server See also browser determine which server holds the most recent version multiplexor n + 1 directory problem resulting in increased hardware and personnel costs presence index Allows searches for entries that contain a specific indexed attribute protocol A set of rules that describes how devices on a network exchange information protocol data unit SASL Simple Authentication and Security Layer schema access the directory may be unable to display the proper results superuser privileges to all files on the machine. Also called root servers supplier server called a supplier for that replica Page Index