Chapter 3 Setting Administration Preferences

This chapter describes how to configure administration preferences using the Administration Server. Cookies must be enabled in your browser to run the CGI programs necessary for configuring your server.

Creating and Managing Listen Sockets

Before the server can process a request, the request must be accepted by a listen socket and then directed to the correct server. When the Proxy Server is installed, one listen socket (ls1) is created automatically. This listen socket uses the IP address 0.0.0.0 and the port number specified as the Administration Server port number during installation.

Listen sockets are added, edited, and deleted using the Administration Server’s Edit Listen Sockets page. You must have at least one listen socket with which to access the server. You cannot delete a listen socket if it is the only one listed.

Adding Listen Sockets

Editing Listen Sockets

Deleting Listen Sockets

Adding Listen Sockets

To add listen sockets

Access the Administration Server and click the Preferences tab.

Click the Edit Listen Sockets link.

Click the New button.

Specify the settings and click OK. For more information about specific fields, see the online Help.

Editing Listen Sockets

To edit listen sockets

Access the Administration Server and click the Preferences tab.

Click the Edit Listen Sockets link.

Click the link for the listen socket you want to edit, make the desired changes, and then click OK.

Deleting Listen Sockets

To delete listen sockets

Access the Administration Server and click the Preferences tab.

Click the Edit Listen Sockets link.

Select the checkbox next to the listen socket you want to delete and click OK. You will be prompted to confirm deletion. You must have at least one listen socket with which to access the server. You cannot delete the listen socket if it is the only one listed.

Changing Superuser Settings

Superuser access can be configured for the Administration Server. These settings affect only the superuser account. If the Administration Server uses distributed administration, additional access controls must be configured for the permitted administrators.



Caution	If Sun Java^™ System Directory Server is used to manage users and groups, the superuser entry must be updated in the directory before changing the superuser user name or password. If you do not update the directory first, you will not be able to access the Users and Groups interface in the Administration Server. To fix this, you must either access the Administration Server with an administrator account that does have access to the directory, or update the directory using the Directory Server’s console or configuration files.

To change superuser settings for the Administration Server

Access the Administration Server and click the Preferences tab.

Click the Control Superuser Access link.

Make the desired changes and click OK. For more information about specific fields, see the online Help.

The superuser’s user name and password are kept in a file called admpw, located in server_root/proxy-admserv/config. The file has the format username:password. You can view this file to obtain the user name, but the password is encrypted and unreadable. If you forget the password, you can edit the admpw file and simply delete the encrypted password. You can then do the following:

Access the Administration Server with the user name and no password.

Click the Preferences tab.

Click the Control Superuser Access link.

Provide a new password and click OK.



Caution	Because the admpw file can be edited, it is very important that the server computer be kept in a secure place and that access to its file system be restricted. On UNIX and Linux systems, consider changing file ownership so that it is writable only by root or whatever system user runs the Administration Server daemon. On Windows systems, restrict file ownership to the user account used by the Administration Server.

Allowing Multiple Administrators

Multiple administrators can change specific parts of the server through distributed administration. A directory server must be installed before distributed administration can be enabled. The default directory service must be LDAP-based.

There are two levels of users for distributed administration: superuser and administrators.

Superuser is the user listed in server_root/proxy-admserv/config/admpw. This is the user name and password specified during installation. This user has full access to all forms in the Administration Server except the Users and Groups forms, the access for which depends on the superuser having a valid account in an LDAP server.

Administrators go directly to the Server Manager forms for a specific server, including the Administration Server. The forms they see depend on the access control rules configured for them, usually by the superuser. Administrators can perform limited administrative tasks and also make changes that affect other users, such as adding users or changing access control.

To enable distributed administration

Verify that a directory server is installed.

Access the Administration Server.

After a directory server has been installed, you may also need to create an administration group if you have not already done so. To create a group:

Click the Users and Groups tab.

Click the Create Group link.

Create an administrators group in the LDAP directory, and add the names of the users to whom you are granting permission to configure the Administration Server or any of the servers installed in its server root. For more information about specific fields, see the online Help.

All users in the administrators group have full access to the Administration Server, but access control can be used to limit the servers and forms they are allowed to configure.

Once an access control list is created, the distributed administration group is added to that list. If the name of the administrators group is changed, you must manually edit the access control list to change the group it references.

Click the Preferences tab.

Click the Configure Distributed Administration link.

Select Yes, specify the administrator group, and then click OK.

Specifying Log File Options

The Administration Server log files record data about the Administration Server, including the types of errors encountered and information about server access. Viewing these logs allows you to monitor server activity and troubleshoot problems. The type and format of the data recorded in the Administration Server logs is specified using the many options on the Log Preferences pages. You can choose the Common Logfile Format, which provides a fixed amount of information about the server, or you can create a custom log file format that better suits your requirements.

To access the Administration Server Log Preferences pages, click the Preferences tab, then click the Set Access Log Preferences or Set Error Log Preferences link. For detailed information about the log files and setting log file options, see Using Log Files. Also see the online Help.

Viewing Log Files

Administration Server log files are located in server_root/proxy-admserv/logs. You can view both the error and access log through the Proxy Server administration console, or with a text editor.

The Access Log File

The access log file records information about requests to and responses from the server.

To view the access log file

Access the Administration Server and click the Preferences tab.

Click the View Access Log link.

For more information about specific fields, see the online Help. Also see Using Log Files.

The Error Log File

The error log lists all errors the server has encountered since the log file was created. It also contains informational messages about the server, such as when the server was started, and who tried to log in but failed.

To view the error log file

Access the Administration Server and click the Preferences tab.

Click the View Error Log link.

For more information about specific fields, see the online Help. Also see Using Log Files.

Using Directory Services

You can store and manage information such as user names and passwords in a single directory server using LDAP. You can also configure the server to allow users to retrieve directory information from multiple, easily accessible network locations. For more information about using directory services, see Managing Users and Groups.

Restricting Server Access

When the Proxy Server evaluates an incoming request, access is determined based on a hierarchy of rules called access control entries (ACEs), and then matching entries are used to determine if the request should be allowed or denied. Each ACE specifies whether the server should continue to the next ACE in the hierarchy. The collection of ACEs is called an access control list (ACL).

Access control can be configured for access to the Administration Server and to specific resources within a server instance, such as files, directories, and file types. Access control to the Administration Server is configured from the Global Settings tab in the Administration Server. Access control for resources within a server instance is configured from the Preferences tab in the Server Manager. For more information about setting access control, see Controlling Access to Your Server.

SNMP Master Agent Settings

Simple Network Management Protocol (SNMP) is a protocol used to exchange data about network activity. This information is transferred between a network management station and the server through the use of subagents and master agents.

SNMP master agent settings are configured using the Global Settings tab in the Administration Server. The master agent is installed with the Administration Server. For detailed information about SNMP and agent settings, see Monitoring Servers. Also see the online Help for master agent pages on the Global Settings tab in the Administration Server, and for the subagent pages on the Server Status tab in the Server Manager.

Previous Contents Index Next
Sun Java System Web Proxy Server 4.0.1 Administration Guide