Applying Security Using Netscape Enterprise 3.0 || |
Netscape servers allow you to restrict access to files
located on the web server to particular users that you can
define using the Netscape Server Administrator program.
Using this mechanism, you can limit access for an individual
or group of individuals to the ProblemTracker
functions appropriate to their job.
- Add a User
- Start the Netscape Admin Server interface, it has the title
"Netscape Server Administration"
- Under the section labeled General Administration, locate the
button labeled "Users & Groups" and click on it.
- Create the user you wish to allow access to a resource. For
example if you wish to restrict access to the ProblemTracker
Admin pages, enter a user with a User ID of "pt_admin".
When you are done entering values, click on the Create User
- Locate the button labeled "Server Administration" in the upper
right hand corner and click on it.
- Restrict Access to the User
Start the Netscape Admin Server interface, it has the title
"Netscape Server Administration"
- Under the section labeled "Servers Supporting General
Administration:", locate the server you wish to administer
and click on the button with the name of the server.
this should take you to the Netscape Enterprise Server 3.6
- The Server On/Off page should be displayed. If the server
is off, then turn it on by clicking on the "Server On"
- Locate the button labeled "Server Preferences" in the row of
buttons along the top and click on it.
- In the left column, locate the button labeled "Restrict Access"
and click on it. This should take you to a page labeled
"Access Control List Management"
- Under step "A.Pick a resource", click on the Wildcard button
and enter the resource you'd like to protect. For example
to protect the ProblemTracker Admin pages, enter
then click on the "Edit Access Control" button located
- Check the box labeled "Access control is on", a row should
appear. If not, click on the "New Line" button.
- In the row that appears make sure it has the following
If it does not, click on the link that is different and
set the values so it is the same.
- Now click on the New Line button. A new row should
appear (number 2). In the Action column, click on the
Deny link and change the action to Allow (press the
Update button in the dialog below to make this change).
- In the new row, click on the Users/Groups link,
a dialog appears below labeled User/Group. In this dialog
"Authenticated people only" and "Only the following
people". then under "User" enter the user you created
earlier (pt_admin from our example). Make sure the
Authentication method is set to Default, and the
Authentication Database is set to Default. Then press
the "Update" button.
- The display should now look like this:
If it does, then click on the Submit button.
- Repeat these steps to protect other resources. For
example, the ProblemTracker program file associated
with the admin pages would be:
- Refer to the
in the Web Server Security Overview section to determine which
content directories and program files
you would like to protect based upon function. Then repeat the
process described here for each.
When correctly configured, a dialog box appears from the browser
requesting a user name and password when a protected page