Manualshelf

Installation guide

ManualsBrandsRed Hat ManualsComputer equipmentNETSCAPE DIRECTORY SERVER 6.02 - ADMINISTRATOR
11121314151617181920
Configuration Decisions
14 Netscape Directory Server Installation Guide • May 2002
Deciding the User and Group for Your Netscape
Servers (UNIX only)
For security reasons, it is alw ays best to run UNIX-based production servers with
normal user privileges. That is, you do n ot want to run Directory Server with root
privileges. However, you will have to run Directory Server with root privileges if
you are using the default Directory Server ports. If Directory Server is to be started
by Administration Server, Administration Server must run ei ther as root or as the
same us er as Directory S erver.
Youmustthereforedecidewhatuseraccountsyouwilluseforthefollowing
purposes:
The us er and group under which you will run Directory Server.
If you will not be running the Directory Server as root, it is strongly
recommended that y ou create a user account for all Netscape servers. You
should not use any existing operating system account, and must not use the
nobody account. Also y ou sho uld create a common group for the directory
server files; again, you must not use the
nobody group.
The us er and group under which you will run Administration Server.
Forinstallations that use the defau lt port numbers, this m ust be root.However,
if you use ports over 1024, then you should create a user account for all
Netscape servers, and run Administration Server as this account.
As a security precaution, when Administ ration Server is being run as root, i t
should be shut it down when it is not in use.
You shoul d use a comm on group for all Netscape servers, such as
gid Netscape,
to ensure that files can be shared between servers when necessary.
Before y ou can install Directory Server and Admi nis tration S erver, you must make
sure that the user and group accounts you will use exist on your system.
Defining Authentication Entities
As you install Directory Server and Administration Server, you will be asked for
various user names, distinguished names (DN), and passwords. This list of login
and bind entities will differ depending on the type of installation that you are
performing: