test

TotalNET Advanced Server 5.2 Administration Guide

5.2.11 Configuring Security

Follow these steps to configure NetWare file authentication:

  1. Follow these links:

    • NetWare Realm->Manage File Services

      The List of NetWare File Services screen appears.

  2. From the list, select the file service for which you want to configure authentication.

  3. Click Administer.

    The NetWare File Service servicename screen appears.

  4. Click Authentication and Service Mode Options.

    The Authentication Mode screen appears:

    Graphic

  5. Select one of the following options:

    • Local authentication -- Authentication by a file server in the NetWare realm. If the server cannot verify a client's user ID and password, it refuses the connection. If the realm uses local authentication, it does not consult a proxy server. You may choose open authentication or secure authentication. With open authentication, client and server exchange clear-text passwords. With secure authentication, client and server exchange a series of messages that allows the server to verify that the client knows the correct password, without transmitting the password or any representation of it.

    • Authentication proxy servers -- Authentication by another NetWare-compatible server. If this other, proxy server cannot verify a client's user ID and password, it refuses the connection. If it accepts the connection, the local server looks up the user name in the local database--either /etc/passwd or NIS--to get the user's UNIX ID.

  6. Click Submit.

    If you selected Local authentication, the Update Local Authentication for servicename screen appears. Select or enter values for the following attributes, as needed:

    • Password encryption -- The option to keep passwords from transmitting across the network. Without password encryption, any UNIX user can potentially connect to the server. In this open authentication environment, client and server exchange clear-text passwords. Password encryption, the secure authentication method, provides improved security, but you must maintain a separate user-password database for it. When you enable password encryption and secure authentication, only users added via Passwords can connect. With secure authentication, client and server exchange a series of messages that allows the server to verify that the client knows the correct password, without transmitting the password or any representation of it.

    • Username map -- The option to allow file services to validate clients by mapping them to valid UNIX users. You must define username maps before selecting this option (see "4.2 Administering Username Maps").

    • Allow null passwords -- The option to allow UNIX users without passwords to access the server. By default, TAS denies such users access to the server, for better security. This option has no effect if you enable Password encryption or Authentication proxy servers.

    • User restrictions -- The option to restrict the users who can connect to this service. Select it by selecting Allow or Deny and entering the names of the users in the adjacent Users field. If you enter no user names, TAS ignores this attribute. Separate user names with commas.

    • DCE authentication -- The option to cause this service to use DCE rather than the native UNIX password facility for authentication. If this service uses Password encryption or Share mode or if you defined Authentication proxy servers, this other authentication method takes precedence. This option appears only if you have TAS-DCE, and it does not control the acquisition of DCE credentials. DCE-enabled host systems always require appropriate DCE credentials, if possible. See TAS-DCE Guide.

      If you selected Authentication proxy servers the Update Authentication Proxy Server for servicename screen appears. Enter or select values for the following attributes, as needed:

    • Authentication proxy servers -- The list of servers TAS will contact as a proxy server, each in turn, until one of them responds. Separate servers with commas.

    • Username map -- The option to allow file services to validate clients by mapping them to valid UNIX users. You must define username maps before selecting this option (see "4.2 Administering Username Maps").

    • Allow null passwords -- The option to allow UNIX users without passwords to access the server. By default, TAS denies such users access to the server, for better security. This option has no effect if you enable Password encryption or Authentication proxy servers.

    • User restrictions -- The option to restrict the users who can connect to this service. Select it by selecting either Allow or Deny and entering the names of the users in the adjacent Users field. If you enter no user names, TAS ignores this attribute. Separate user names with commas.

  7. Click Submit.

    The Update Local Authentication for servicename screen or the Update Authentication Proxy Server for servicename screen appears.

  8. Click OK.

    To configure security from the UNIX command line, use the tnservice command.