14.3 Security Configuration

The following table provides a summary of the options you can change to allow or limit access to the server through Novell Remote Manager.

Table 14-2 Options for Changing or Limiting Access to a Server Through Novell Remote Manager

Issue/Feature

Recommendation

For More Information

SSL key cipher strength

High (112-bit or greater encryption)

The default setting is ALL, which allows any encryption level.

Section A.9, SSL Key Cipher Strength Command

Let the root user access Novell Remote Manager with full management rights.

Let all LUM-enabled eDirectory users access file system information in Novell Remote Manager.

Deny access to all non-LUM-enabled eDirectory users.

This is the default setting. The root user is the only user with full management rights in Novell Remote Manager.

All non-local user access is controlled by eDirectory and LUM. LUM-enabled eDirectory users can log in and view the file systems that they have the eDirectory rights and file system rights to see. These users (including Admin users and Admin-equivalent users) do not have management rights in Novell Remote Manager.

The eDirectory users that are not LUM enabled cannot access the server through Novell Remote Manager.

We recommend that the root user be the only local user created on the system. However, if local users log in to Novell Remote Manager, their access is limited to viewing the file systems that they have the local rights to see. The management features are not available to non-root local users.

Accessing Novell Remote Manager.

Let the root user access Novell Remote Manager with full management rights.

Deny access to all LUM-enabled eDirectory users, including the Admin user and Admin-equivalent users.

Deny access to all non-LUM-enabled eDirectory users.

By default, only the root user and LUM-enabled eDirectory users can log in to Novell Remote Manager. Non-LUM-enabled eDirectory users cannot access the server through Novell Remote Manager.

Set the nolum option in the /etc/opt/novell/httpstkd.conf file and edit the /etc/pam.d/httpstkd file.

Remove these lines:

auth sufficient /lib/security/pam_nam.so
account sufficient /lib/security/pam_nam.so
password sufficient /lib/security/pam_nam.so
session optional /lib/security/pam_nam.so

When the nolum option is set, no LUM-enabled eDirectory user can access the server via Novell Remote Manager, including the Admin user and Admin-equivalent user. By default, non-LUM-enabled eDirectory users continue to be denied access. Only the root user has full management access to Novell Remote Manager.

Let the root user access Novell Remote Manager with full management rights.

Restrict access for all LUM-enabled eDirectory users, except the Admin user and users with rights equivalent to Admin.

Deny access to all non-LUM-enabled eDirectory users.

By default, only the root user and LUM-enabled eDirectory users can log in to Novell Remote Manager. Non-LUM-enabled eDirectory users cannot access the server through Novell Remote Manager.

Set the supervisoronly option in the /etc/opt/novell/httpstkd.conf file.

When the supervisoronly option is set, the Admin user and Admin-equivalent users are the only LUM-enabled eDirectory users that can log in to Novell Remote Manager. They can view the file systems that they have the eDirectory rights and file system rights to see. By default, non-LUM-enabled eDirectory users continue to be denied access. Only the root user has full management access to Novell Remote Manager.

Restrict access to specific workstations or a range of IP address

Set the filteraddr and filtersubnet options in the /etc/opt/novell/httpstkd.conf file.

Remove access to the utility for all users

Stop the HTTPSTKD daemon.

Starting or Stopping HTTPSTKD.