Sun Java System Web Proxy Server 4.0.2 2005Q4 Administration Guide

Changing Superuser Settings

Superuser access can be configured for the Administration Server. These settings affect only the superuser account. If the Administration Server uses distributed administration, additional access controls must be configured for the permitted administrators.


Caution – Caution –

If Sun JavaTM System Directory Server is used to manage users and groups, the superuser entry must be updated in the directory before changing the superuser user name or password. If you do not update the directory first, you will not be able to access the Users and Groups interface in the Administration Server. To fix this, you must either access the Administration Server with an administrator account that does have access to the directory, or update the directory using the Directory Server’s console or configuration files.


ProcedureTo change superuser settings for the Administration Server

Steps
  1. Access the Administration Server and click the Preferences tab.

  2. Click the Control Superuser Access link.

  3. Make the desired changes and click OK. For more information about specific fields, see the online Help.

    The superuser’s user name and password are kept in a file called admpw, located in server_root/proxy-admserv/config. The file has the format username:password. You can view this file to obtain the user name, but the password is encrypted and unreadable. If you forget the password, you can edit the admpw file and simply delete the encrypted password. You can then do the following:

  4. Access the Administration Server with the user name and no password.

  5. Click the Preferences tab.

  6. Click the Control Superuser Access link.

  7. Provide a new password and click OK.


    Caution – Caution –

    Because the admpw file can be edited, it is very important that the server computer be kept in a secure place and that access to its file system be restricted.

    On UNIX and Linux systems, consider changing file ownership so that it is writable only by root or whatever system user runs the Administration Server daemon. On Windows systems, restrict file ownership to the user account used by the Administration Server.