Members of the admin-role role have unlimited access to EAServer through the Management Console. Initially, the admin@system user is the only member of this role. For additional security, you can enable operating system authentication.
Administration You must establish an administrative password for the administrative user on each server—see “Setting the password for the administrative user”. The administrative user can:
Access EAServer through the Management Console
Set or reset the admin@system password
Enable and disable user authentication
Enabling OS authentication If defined, OS authentication maps EAServer client users to operating system user names and passwords. You must supply a user name and password that is valid for the machine where EAServer is running. For example, for UNIX, you would use network information service (NIS) passwords, and for Windows, you would use your Windows domain password. Windows users can provide a domain name as part of their user name; for example, \\domain_name\username.
Enabling OS authentication on UNIX
Configure an effective user name and group for the server to run as—see “Security tab”.
Enabling OS authentication on Windows 2000
Users who run EAServer must belong to the Administrators Group on your Windows machine. Add users and groups who will start EAServer to the Administrators Group.
Select Start | Settings | Control Panel.
Double-click Administrative Tools.
Double-click Local Security Settings.
In the left pane, click Local Policies.
Select and open User Rights Assignment.
Double-click Act as Part of the Operating System.
Click Add in the new pop-up window to add the desired users. This provides the required privileges to EAServer to authenticate a user by querying the underlying operating system.
Log out, then log back in to your Windows 2000 system to enable authentication.
Set the login method for each security domain that will use OS authentication:
In the Management Console, expand the Security icon, then expand Domains, and select the security domain.
On the General tab, select “os-auth” for the Login Method. Select Apply.
Enabling OS authentication on Windows XP
Users who run EAServer must belong to the Administrators Group on your Windows machine. Add users and groups who will start EAServer to the Administrators Group:
Select Start | Settings | Control Panel.
If your Control Panel is in category view, select Performance and Maintenance.
Select Administrative Tools.
Double-click Local Security Policy.
Expand the Local Policies folder, then select User Rights Assignment.
Double-click Act as Part of the Operating System.
In the new dialog box, click Add User or Group to add users.
In the Select Users or Groups dialog box:
Click Object Types, and select Users.
Click Locations, and select the network domain.
Enter the user names.
This provides the required privileges to EAServer to authenticate a user by querying the underlying operating system.
Log out, then log back in to your Windows XP system to enable authentication.
Set the login method for each security domain that will use OS authentication:
In the Management Console, expand the Security icon, then expand Domains, and select the security domain.
On the General tab, specify “os-auth” as the Login Method. Click Apply.
JAAS To use Java Authentication and Authorization Service (JAAS), see Chapter 8, “Using the JAAS API,” in the EAServer Security Administration and Programming Guide.
