Other Configuration Files

Sun ONE Application Server 7 Administrator's Configuration File Reference

Chapter 5
Other Configuration Files

This chapter summarizes the Purpose, Location, and Contents or Syntax of important configuration files not discussed in other chapters, then briefly describes all directives or parameters allowed in each file (if any) in a table. Cross references are listed after See Also headings when other chapters or manuals describe some of the directives or parameters in more detail. Configuration files that should never be modified are not listed in this chapter.

The following configuration files are described in alphabetical order:

dbswitch.conf

Deployment Descriptors

generated.instance.acl

nsfc.conf

password.conf

server.policy

dbswitch.conf

Purpose

Specifies the LDAP directory that Sun ONE Application Server uses.

Note

The dbswitch.conf interface is Unstable. An unstable interface may be experimental or transitional, and hence may change incompatibly, be removed, or be replaced by a more stable interface in the next release.

Location

instance_dir/config

Syntax

directory name LDAP_URL
name:property1 [value1]
name:property2 [value2]
...

The default contents of this file are as follows:

directory default null:///none

Edit the file as follows for anonymous binding over SSL:

directory default ldaps://directory.sun.com:636:/dc%3Dcom

Edit the file as follows for anonymous binding not over SSL:

directory default ldap://directory.sun.com:389:/dc%3Dcom

See Also

"User Database Selection"

The following table describes properties in the dbswitch.conf file. The left column lists the property names. The second column from the left lists allowed values. The third column from the left lists default values. The right column lists property descriptions.

Table 5-1  dbswitch.conf

Property

Allowed Values

Default Value

Description

nsessions

A positive integer

8

The number of LDAP connections for the database.

dyngroups

off, on, recursive

on

Determines how dynamic groups are handled. If off, dynamic groups are not supported. If on, dynamic groups are supported. If recursive, dynamic groups can contain other groups.

binddn

A valid DN

The DN used for connecting to the database. If both binddn and bindpw are not present, binding is anonymous.

bindpw

The password used for connecting to the database. If both binddn and bindpw are not present, binding is anonymous.

dcsuffix

A valid DN (relative to the LDAP URL)

none

If present, the default value of the base DN for the request’s virtual server is determined by a DC tree lookup, starting at the dcsuffix DN, of the virtual server’s hosts attribute that matches the client-supplied Host header. If no hosts attribute matches, the server-name attribute of the parent http-listener is used.

If not present, the default value of the base DN is the base DN value in the LDAP URL.

The basedn attribute of an auth-db element in the server.xml file overrides this value.

digestauth

off, on

off

Specifies whether the database can do digest authentication. If on, a special Directory Server plugin is required. For information about how to install this plugin, see the Sun ONE Application Server Administrator’s Guide.

If an LDAP database is schema compliant, the base DN of the access is computed using a DC tree lookup of the virtual-server element’s hosts attribute that matches the client-supplied Host header. If no hosts attribute matches, the server-name attribute of the parent http-listener is used. The result must contain an inetDomainBaseDN attribute that contains the base DN. This base DN is taken as is and is not relative to any of the base DN values.

Deployment Descriptors

Purpose

Configures features specific to the Sun ONE Application Server for deployed modules and applications.

Location

The META-INF or WEB-INF directory of a module or application.

See Also

The following table shows where to find more information about Sun ONE Application Server deployment descriptors. The left column lists the deployment descriptors, and the right column lists where to find more information about those descriptors.

Table 5-2  Sun ONE Application Server Descriptors

Deployment Descriptor

Where to Find More Information

sun-application.xml

Sun ONE Application Server Developer’s Guide

sun-web.xml

Sun ONE Application Server Developer’s Guide to Web Applications

sun-ejb-jar.xml and sun-cmp-mapping.xml

Sun ONE Application Server Developer’s Guide to Enterprise JavaBeans Technology

sun-application-client.xml and sun-acc.xml

Sun ONE Application Server Developer’s Guide to Clients

sun-ra.xml

Sun ONE J2EE CA Service Provider Implementation Administrator’s Guide

generated.instance.acl

Purpose

Sets permissions for access to the server instance. This is the default ACL file; you can create and use others.

Note

The ACL file interface is Unstable. An unstable interface may be experimental or transitional, and hence may change incompatibly, be removed, or be replaced by a more stable interface in the next release.

Location

instance_dir/config

See Also

Sun ONE Application Server Administrator’s Guide to Security

nsfc.conf

Purpose

Sets file cache parameters. This file is present only if file cache parameters have been changed from their defaults.

Note

The nsfc.conf interface is Unstable. An unstable interface may be experimental or transitional, and hence may change incompatibly, be removed, or be replaced by a more stable interface in the next release.

Location

instance_dir/config

Syntax

parameter=value

See Also

Sun ONE Application Server Performance Tuning, Sizing, and Scaling Guide

The following table describes parameters in the nsfc.conf file. The left column lists the parameter names. The second column from the left lists allowed values. The third column from the left lists default values. The right column lists parameter descriptions.

Table 5-3  nsfc.conf

Parameter

Allowed Values

Default Value

Description

FileCacheEnable

on, off

on

Enables the file cache.

CacheFileContent

on, off

on

Enables caching of file contents as well as file information for files smaller than MediumFileSizeLimit (smaller than SmallFileSizeLimit if TransmitFiles is on).

MaxAge

Number of seconds

30

The maximum age of a valid cache entry. This setting controls how long cached information is used once a file has been cached. An entry older than MaxAge is replaced by a new entry for the same file.

MediumFileSizeLimit

Limited by available memory

537600 (525K)

(UNIX only) Maximum size of a file that can be cached as a memory-mapped file (if TransmitFiles is off).

MediumFileSpace

Limited by available memory

10485760
(10 M)

Total size of all files that are cached as memory-mapped files (if TransmitFiles is off).

SmallFileSizeLimit

Limited by available memory

2048 (2K)

(UNIX only) Maximum size of a file that can be read into memory.

SmallFileSpace

Limited by available memory

1048576 (UNIX, 1 M),
0 (Windows)

Total size of all files that are read into memory.

TransmitFiles

on, off

on (Windows),
off (UNIX)

Enables use of the TransmitFile system call. Not supported on IRIX, Compaq, or Linux.

MaxFiles

1024

Maximum number of files in the file cache.

HashInitSize

Limited by available memory

0

Initial number of hash buckets. If 0, the number of hash buckets is dynamically determined as 2 * MaxFiles + 1.

CopyFiles

on, off

on

(Windows only) Prevents sharing violations by copying files to a temporary directory.

TempDir

A path

system_temp/instance

Specifies a temporary directory for the file cache if CopyFiles is on.

password.conf

Purpose

By default, the application server prompts the administrator for the SSL key database password before starting up. If you want the application server to be able to restart unattended, you need to save the password in a password.conf file. Be sure that your system is adequately protected so that this file and the key databases are not compromised.

Location

instance_dir/config

This file is not present by default. You must create it if you need it.

Syntax

PKCS#11_module_name:password

If you are using the internal PKCS#11 software encryption module that comes with the server, type the following:

internal:password

If you are using a different PKCS#11 module, for example for hardware encryption or hardware accelerators, you will need to specify the name of the PKCS#11 module, followed by the password, for example:

internal:password

See Also

Sun ONE Application Server Administrator’s Guide

server.policy

Purpose

Controls what access applications have to resources. This is the standard J2SE policy file.

Location

instance_dir/config

Syntax

grant [codeBase "path"] {
  permission permission_class "package", "permission_type";
  ...
};

See Also

Sun ONE Application Server Developer’s Guide

http://java.sun.com/docs/books/tutorial/security1.2/tour2/index.html

Previous      Contents      Index      Next

Copyright 2003 Sun Microsystems, Inc. All rights reserved.


Note	The dbswitch.conf interface is Unstable. An unstable interface may be experimental or transitional, and hence may change incompatibly, be removed, or be replaced by a more stable interface in the next release.

Property	Allowed Values	Default Value	Description
nsessions	A positive integer	8	The number of LDAP connections for the database.
dyngroups	off, on, recursive	on	Determines how dynamic groups are handled. If off, dynamic groups are not supported. If on, dynamic groups are supported. If recursive, dynamic groups can contain other groups.
binddn	A valid DN		The DN used for connecting to the database. If both binddn and bindpw are not present, binding is anonymous.
bindpw			The password used for connecting to the database. If both binddn and bindpw are not present, binding is anonymous.
dcsuffix	A valid DN (relative to the LDAP URL)	none	If present, the default value of the base DN for the request’s virtual server is determined by a DC tree lookup, starting at the dcsuffix DN, of the virtual server’s hosts attribute that matches the client-supplied Host header. If no hosts attribute matches, the server-name attribute of the parent http-listener is used. If not present, the default value of the base DN is the base DN value in the LDAP URL. The basedn attribute of an auth-db element in the server.xml file overrides this value.
digestauth	off, on	off	Specifies whether the database can do digest authentication. If on, a special Directory Server plugin is required. For information about how to install this plugin, see the Sun ONE Application Server Administrator’s Guide.

Deployment Descriptor	Where to Find More Information
sun-application.xml	Sun ONE Application Server Developer’s Guide
sun-web.xml	Sun ONE Application Server Developer’s Guide to Web Applications
sun-ejb-jar.xml and sun-cmp-mapping.xml	Sun ONE Application Server Developer’s Guide to Enterprise JavaBeans Technology
sun-application-client.xml and sun-acc.xml	Sun ONE Application Server Developer’s Guide to Clients
sun-ra.xml	Sun ONE J2EE CA Service Provider Implementation Administrator’s Guide


Note	The ACL file interface is Unstable. An unstable interface may be experimental or transitional, and hence may change incompatibly, be removed, or be replaced by a more stable interface in the next release.


Note	The nsfc.conf interface is Unstable. An unstable interface may be experimental or transitional, and hence may change incompatibly, be removed, or be replaced by a more stable interface in the next release.

Parameter	Allowed Values	Default Value	Description
FileCacheEnable	on, off	on	Enables the file cache.
CacheFileContent	on, off	on	Enables caching of file contents as well as file information for files smaller than MediumFileSizeLimit (smaller than SmallFileSizeLimit if TransmitFiles is on).
MaxAge	Number of seconds	30	The maximum age of a valid cache entry. This setting controls how long cached information is used once a file has been cached. An entry older than MaxAge is replaced by a new entry for the same file.
MediumFileSizeLimit	Limited by available memory	537600 (525K)	(UNIX only) Maximum size of a file that can be cached as a memory-mapped file (if TransmitFiles is off).
MediumFileSpace	Limited by available memory	10485760 (10 M)	Total size of all files that are cached as memory-mapped files (if TransmitFiles is off).
SmallFileSizeLimit	Limited by available memory	2048 (2K)	(UNIX only) Maximum size of a file that can be read into memory.
SmallFileSpace	Limited by available memory	1048576 (UNIX, 1 M), 0 (Windows)	Total size of all files that are read into memory.
TransmitFiles	on, off	on (Windows), off (UNIX)	Enables use of the TransmitFile system call. Not supported on IRIX, Compaq, or Linux.
MaxFiles		1024	Maximum number of files in the file cache.
HashInitSize	Limited by available memory	0	Initial number of hash buckets. If 0, the number of hash buckets is dynamically determined as 2 * MaxFiles + 1.
CopyFiles	on, off	on	(Windows only) Prevents sharing violations by copying files to a temporary directory.
TempDir	A path	system_temp/instance	Specifies a temporary directory for the file cache if CopyFiles is on.

Chapter 5 Other Configuration Files

dbswitch.conf

Purpose

Location

Syntax

See Also

Deployment Descriptors

Purpose

Location

See Also

generated.instance.acl

Purpose

Location

See Also

nsfc.conf

Purpose

Location

Syntax

See Also

password.conf

Purpose

Location

Syntax

See Also

server.policy

Purpose

Location

Syntax

See Also

Chapter 5
Other Configuration Files