The NetWare® Access Gateway is installed with two user accounts: config and admin. The config user has no assigned password and the admin user is given the password of novell.
IMPORTANT:Before your Access Gateways is placed in a production environment, you need to assign a password for the config user, and you need to change the password for the admin user. For instructions, see Section 15.7.3, Setting the Password for the admin and config Users.
Intruder detection lockout has been set up for these accounts. The config and admin users are allowed 5 attempts to log in successfully. If the user fails on the fifth attempt, the account is locked for 15 minutes.
Before you enable any of the following protocols, you need to be aware of their security issues:
Telnet: Opens a clear text communication channel and sends passwords in clear text.
FTP: Opens a clear text communication channel and sends passwords in clear text.
SSH: Requires a LDAPS listener on port 636, on all IP addresses configured for the NetWare Access Gateway. It cannot be restricted to a single IP address.
SFTP: Requires the NCPIP.NLM to be loaded with a listener on port 524.
If you enable any of these protocols, the NetWare Access Gateway needs to be installed behind a firewall appliance, and the firewall needs to block the following ports:
21 for FTP
23 for Telnet
524 for SFTP
636 for SSH
For more information about installing the Access Gateway behind a firewall, see Setting Up Firewalls
in the Novell Access Manager 3.0 SP4 Setup Guide.