Members of the Admin role have unlimited access to EAServer Manager. Initially, the jagadmin user is the only member of this role. For additional security, you can establish an administration password for the jagadmin user and enable operating system authentication.
To access and configure these properties:
From EAServer Manager, highlight the server you want to configure.
Select File | Properties.
Select the Security tab. The remainder of this section describes how to configure EAServer using the controls on this tab.
Administration You can establish an administrative password for the jagadmin user on each server. The jagadmin user can:
Access EAServer Manager
Set or reset the jagadmin password
Enable and disable user authentication
To set the jagadmin password:
Select Set jagadmin Password.
In the Administrator Password dialog box, enter the old password, the new password twice, and click OK.
Administration password conventions and restrictions are the same as for user passwords for your platform.
Enabling OS authentication If selected, this option maps EAServer client users to operating system user names and passwords. You must supply a user name and password that is valid for the machine where EAServer is running. For example, for UNIX, you would use network information service (NIS) passwords, and for Windows, you would use your Windows domain password. Windows users can provide a domain name as part of their user name; for example, \\domain_name\username.
Enabling OS authentication on UNIX
Select the Enable OS Authentication option on the Security tab.
Enabling OS authentication on Windows 2000
Users who run EAServer must belong to the Administrators Group on your Windows machine. Add users and groups who will start EAServer to the Administrators Group.
Select Start | Settings | Control Panel.
Double-click Administrative Tools.
Double-click Local Security Settings.
In the left pane, click Local Policies.
Select and open User Rights Assignment.
Double-click Act as Part of the Operating System.
Click Add in the new pop-up window to add the desired users. This provides the required privileges to EAServer to authenticate a user by querying the underlying operating system.
Log out, then log back in to your Windows 2000 system to enable authentication.
From EAServer Manager, select Enable OS Authentication on the Server Properties Security tab.
Enabling OS authentication on Windows XP
Users who run EAServer must belong to the Administrators Group on your Windows machine. Add users and groups who will start EAServer to the Administrators Group:
Select Start | Settings | Control Panel.
If your Control Panel is in category view, double-click Performance and Maintenance.
Double-click Administrative Tools.
Double-click Local Security Policy.
Expand the Local Policies folder, then select User Rights Assignment.
Double-click Act as Part of the Operating System.
In the new dialog box, click Add User or Group to add users.
In the Select Users or Groups dialog box:
Click Object Types, and select Users.
Click Locations, and select the network domain.
Enter the user names.
This provides the required privileges to EAServer to authenticate a user by querying the underlying operating system.
Log out, then log back in to your Windows XP system to enable authentication.
From EAServer Manager, select Enable OS Authentication on the Server Properties Security tab.
The
password for the jagadmin account must be defined in EAServer Manager.
Even if jagadmin is defined as an OS user name and OS authentication
is enabled, the password defined in EAServer Manager is required
to log in as jagadmin.
Enable User & Groups Validation If enabled, the user and group names are validated against their operating system user and group name before being added to any of the following folders:
Authorized User
Authorized Group
Excluded User
Excluded Group
To enable user and group validation, select the Enable User and Groups Validation option on the server’s Security tab.
JAAS Configuration File To use Java authentication and authorization service, enter the name of a file that specifies:
One or more authentication modules for an application
The order in which to invoke the authentication modules
Other parameters and options
For complete information about using JAAS, see Chapter 11, “Using the JAAS API,” in the EAServer Security Administration and Programming Guide.
Security Identities Define a user name, password, and SSL session characteristics used by components or servlets that call other components. Identities are also used for inter-server authentication when propagating caller credentials in a call sequence that involves multiple servers. See “Intercomponent authentication for EJBs and servlets” in Chapter 2 of the EAServer Security Administration and Programming Guide.
