Manualshelf

Installation guide

ManualsBrandsRed Hat ManualsComputer equipmentNETSCAPE DIRECTORY SERVER 6.02 - DEPLOYMENT
11121314151617181920
Before You Begin Installation
20 Sun ONE Identity Server Policy Agents 2.1 Web Policy Agents Guide April 2005
The agent sets a timeout period on its cache entries. After its end of life, the cache
entry is purged from the agent’s cache. The agent does not refetch the cache data.
The next attempt to access the same entry from cache fails and the agent makes a
round trip to the server and fetches it again to populate the cache. This lazy
methodof cache updating keeps theagentcacheperformingoptimallyand reduces
network traffic.
In a normaldeployment situation, policychanges on theserver are frequent,which
requires sites to accept a certain amount of latency for agents to reflect policy
changes. Each site decides the amount of latency time that is acceptable for the
site’sspecific needs. When settingthe
cacheEntryLifeTime
property,set it the lower
of the two:
The session idle timeout period
Your site’s accepted latency time for policy changes
Not-Enforced URL List
The not-enforced URL list defines the resources that should not have any policies
(neither allow nor deny) associated with them.
By default, the policy agent denies access to all resources on the web server that it
protects. However, various resources available through a web server (such as a
web site or an application) might not need to have any policy enforced. Common
examples of such resources includethe HTMLpages and .gif images foundin the
home pages of web sites. The user should be able to browse such pages without
authenticating. These resources need to be on the not-enforced URL list. The
property com.sun.am.policy.agents.notenforcedList will be used for this
purpose. Wildcards can be used todefine a pattern of URLs. Space isthe separator
between the URLs mentioned in the list.
There can be a reverse scenario when all the resources on the web server, except a
list of URLs, are open to any user. In that case, the property
com.sun.am.policy.agents.reverse_the_meaning_of_notenforcedList
would be used to reverse the meaning of
com.sun.am.policy.agents.notenforcedList. If it is set to true (by default it
is set to false), then the not-enforced URL list would become the enforced list.
NOTE
The notification support is not available:
For Apache 1.3.27 agent on all platforms
For Apache 2.0.47 on Red Hat Linux 9.0
If the Microsoft IIS 5.0 agent is using HTTPS