Manualshelf

Service manual

ManualsBrandsRed Hat ManualsComputer equipmentNETSCAPE DIRECTORY SERVER 7.0 - DEPLOYMENT
919293949596979899100
Enforcing Basic Security
Chapter 5 Tuning the Operating System 99
Strong Passwords
Usea superuseror Administrator passwordat least 8 characters long that includes
punctuation or other non-alphabetic characters. Using a strong password is
particularly important when running Directory Server on Windows platforms.
If you choose to use longer operating system passwords, it may be necessary to
configure the way passwords are handled bythe system. Refer to the operating
system documentation for instructions.
(Windows) Local Security Policy
Implement a local security policy for the Windows server that locks users out after
bad logon attempts. Activate and configure event logging to manage a log of
appropriate size for the deployment. Also activate audit logging for logon
attempts.Considerrenamingthe Administratoraccount tomakeitharderto guess.
Refer to Windows help for details.
(UNIX Platforms) Users and Groups
Forsecurityreasons,itisrecommendednottorunDirectoryServeror
Administration Server with super user privileges. You may, for example, create a
user andgroupwithoutloginprivileges,and theninstallandrun theserversas this
user and group. If you add the user and group to local files the
/etc/passwd entry
could be, for example:
server:x:61001:Server User:/dev/null:/dev/null
The corresponding /etc/group entry could be, for example:
servers::61001:
To facilitate debugging, you may choose to allow processes running with this user
and group identity to dump core, using utilities such as
coreadm(1M) on Solaris
systems.
If a particular deployment calls for sharing Directory Server fileswith other servers
such as a messaging server, consider running those servers usingthe same user
and group.
If you must run the Administration Server as super user, consider stopping the
service when not using it.