Sun Java logo     Previous      Contents      Index      Next     

Sun logo
Sun ONE Web Server 6.1 Administrator's Configuration File Reference 

Chapter 6
Other Server Configuration Files

This chapter summarizes the important configuration files not discussed in other chapters. Configuration files that should never be modified are not listed in this module.

The following configuration files are described in alphabetical order:

certmap.conf

Purpose

Configures how a certificate, designated by name, is mapped to an LDAP entry, designated by issuerDN.

Location

server_root/bin/https/install/misc

server_root/userdb

Syntax

certmap name issuerDN
name:property1 [value1]
name:property2 [value2]
...

The default certificate is named default, and the default issuerDN is also named default. Therefore, the first certmap defined in the file must be as follows:

certmap default default

You can use # at the beginning of a line to indicate a comment.

See Also

Sun ONE Web Server 6.1 Administrator’s Guide

The following table describes properties in the certmap.conf file. The left column lists the property names. The second column from the left lists allowed values. The third column from the left lists default values. The right column lists property descriptions.

certmap.conf properties

Attribute

Allowed Values

Default Value

Description

DNComps

See
Description

Commented out

Used to form the base DN for performing an LDAP search while mapping the certificate to a user entry. Values are as follows:

  • Commented out: takes the user's DN from the certificate as is.
  • Empty: searches the entire LDAP tree (DN == suffix).
  • Comma-separated attributes: forms the DN.

FilterComps

See Description

Commented out

Used to form the filter for performing an LDAP search while mapping the certificate to a user entry. Values are as follows:

  • Commented out or empty: sets the filter to "objectclass=*".
  • Comma-separated attributes: forms the filter.

verifycert

on or off

off
(commented out)

Specifies whether certificates are verified.

CmapLdapAttr

LDAP attribute name

certSubjectDN
(commented out)

Specifies the name of the attribute in the LDAP database that contains the DN of the certificate.

library

Path to shared lib or dll

None

Specifies the library path for custom certificate mapping code.

InitFn

Name of initialization function

None

Specifies the initialization function in the certificate mapping code referenced by library.

dbswitch.conf

Purpose

Specifies the LDAP directory that Sun ONE Web Server uses.

Location

server_root/userdb

Syntax

directory name LDAP_URL
name:property1 [value1]
name:property2 [value2]
...

The default contents of this file are as follows:

directory default null:///none

Edit the file as follows for anonymous binding over SSL:

directory default ldaps://directory.sun.com:636:/dc%3Dcom

Edit the file as follows for anonymous binding not over SSL:

directory default ldap://directory.sun.com:389:/dc%3Dcom

See Also

User Database Selection

The following table describes properties in the dbswitch.conf file. The left column lists the property names. The second column from the left lists allowed values. The third column from the left lists default values. The right column lists property descriptions.

dbswitch.conf properties

Property

Allowed Values

Default Value

Description

nsessions

A positive integer

8

The number of LDAP connections for the database.

dyngroups

off, on, recursive

on

Determines how dynamic groups are handled. If off, dynamic groups are not supported. If on, dynamic groups are supported. If recursive, dynamic groups can contain other groups.

binddn

A valid DN

 

The DN used for connecting to the database. If both binddn and bindpw are not present, binding is anonymous.

bindpw

 

 

The password used for connecting to the database. If both binddn and bindpw are not present, binding is anonymous.

dcsuffix

A valid DN (relative to the LDAP URL)

none

If present, the default value of the base DN for the request’s virtual server is determined by a dc tree search of the connection group’s servername attribute, starting at the dcsuffix DN.

If not present, the default value of the base DN is the base DN value in the LDAP URL.

The basedn attribute of a USERDB element in the server.xml file overrides this value.

digestauth

off, on

off

Specifies whether the database can perform digest authentication. If on, a special Directory Server plugin is required. For information about how to install this plugin, see the Sun ONE Web Server 6.1 Administrator’s Guide.

syntax

keyfile, digest, htaccess

keyfile

Specifies what type of file auth-db will be used

keyfile

 

 

Specifies the path to the keyfile. Required, if syntax is set to keyfile.

digestfile

 

 

Specifies the path to the digestfile. Required, if syntax is set to digestfile.

groupfile

 

 

Path to the AuthGroupFile. If the groupfile is the same as the userfile, this file contains both user and group data, otherwise it contains only group data. Required if syntax is set to htaccess. For more information about the syntax of the AuthGroupFile, see the Sun ONE Web Server 6.1 Administrator’s Guide.

userfile

 

 

Path to the AuthUserFile. If the userfile is the same as the groupfile, this file contains both user and group data, otherwise it contains only user data. Required if syntax is set to htaccess. For more information about the syntax of the AuthUserFile, see the Sun ONE Web Server 6.1 Administrator’s Guide.

Deployment Descriptors

Purpose

Configures features specific to the Sun ONE Web Server for deployed web applications.

Location

The META-INF or WEB-INF directory of a module or application.

See Also

The following table shows where to find more information about Sun ONE Web Server deployment descriptors. The left column lists the deployment descriptors, and the right column lists where to find more information about those descriptors.

Sun ONE Web Server deployment descriptors

Deployment Descriptor

Where to Find More Information

sun-web.xml

Sun ONE Web Server 6.1 Programmer’s Guide to Web Applications.

generated.instance.acl

Purpose

Sets permissions for access to the server instance. This is the default ACL file; you can create and use others.

Location

server_root/config

See Also

Sun ONE Web Server 6.1 Administrator's Guide

login.conf

Purpose

The login module definition configuration file used by the Java Authentication and Authorization Service (JAAS) for client authentication.

Location

server_root/config

nsfc.conf

Purpose

Sets file cache parameters. This file is present only if file cache parameters have been changed from their defaults.

Location

server_root/https-admserv/config

Syntax

parameter=value

See Also

Sun ONE Web Server 6.1 Performance Tuning, Sizing, and Scaling Guide

The following table describes properties in the nsfc.conf file. The left column lists the property names. The second column from the left lists allowed values. The third column from the left lists default values. The right column lists property descriptions.

nsfc.conf properties

Attribute

Allowed Values

Default Value

Description

FileCacheEnable

on, off

on

Enables the file cache.

CacheFileContent

on, off

on

Enables caching of file contents, as well as file information for files smaller than MediumFileSizeLimit (smaller than SmallFileSizeLimit if TransmitFile is on).

MaxAge

Number of seconds

30

The maximum age of a valid cache entry. This setting controls how long cached information is used once a file has been cached. An entry older than MaxAge is replaced by a new entry for the same file.

MediumFileSizeLimit

Limited by available memory

537600 (525K)

(UNIX only) Maximum size of a file that can be cached as a memory-mapped file (if TransmitFile is off).

MediumFileSpace

Limited by available memory

10485760
(10 M)

Total size of all files that are cached as memory-mapped files (if TransmitFile is off).

SmallFileSizeLimit

Limited by available memory

2048 (2K)

(UNIX only) Maximum size of a file that can be read into memory.

SmallFileSpace

Limited by available memory

1048576 (UNIX, 1 M),
0 (Windows)

Total size of all files that are read into memory.

TransmitFile

on, off

on (Windows),
off (UNIX)

Enables use of the TransmitFile system call. Not supported on IRIX, Compaq, Solaris, or Linux.

MaxFiles

 

1024

Maximum number of files in the file cache.

HashInitSize

Limited by available memory

0

Initial number of hash buckets. If 0, the number of hash buckets is dynamically determined as 2 * MaxFiles + 1.

CopyFiles

on, off

on

(Windows only) Prevents sharing violations by copying files to a temporary directory.

TempDir

A path

<TempDir>/<server_id>-file-cache

Specifies a temporary directory for the file cache if CopyFiles is on.

<TempDir> is the value of TempDir in the magnus.conf file. See TempDir.

<server_id> is the server instance id.

password.conf

Purpose

By default, the Sun ONE Web Server prompts the administrator for the SSL key database password before starting up. If you want the Web server to be able to restart unattended, you need to save the password in a password.conf file. Be sure that your system is adequately protected so that this file and the key databases are not compromised.

Location

server_root/config

This file is not present by default. You must create it if you need it.

Syntax

PKCS#11_module_name:password

If you are using the internal PKCS#11 software encryption module that comes with the server, type the following:

internal:password

If you are using a different PKCS#11 module, for example for hardware encryption or hardware accelerators, you will need to specify the name of the PKCS#11 module, followed by the password.

See Also

Sun ONE Web Server 6.1 Administrator's Guide

server.policy

Purpose

Controls what access applications have to resources. This is the standard J2SE policy file. The J2SE SecurityManager is not active by default in Sun ONE Web Server 6.1. The policies granted in this policy file do not have any effect unless the SecurityManager is turned on in server.xml.

If you wish to use the J2SE SecurityManager you can turn it on by adding the following JVM options:

<JVMOPTIONS>-Djava.security.manager</JVMOPTIONS>

<JVMOPTIONS>-Djava.security.policy=server_root/config/server.policy </JVMOPTIONS>

Location

server_root/config

Syntax

grant [codeBase "path"] {

permission permission_class "package", "permission_type";

...

};

See Also

*.clfilter

Purpose

The files obj.conf.clfilter, magnus.conf.clfilter, and server.xml.clfilter contain filter specifications for cluster management operations.

Location

server_root/config



Previous      Contents      Index     Next     

Copyright 2003 Sun Microsystems, Inc. All rights reserved.