Novell CLIENT FOR LINUX 2.0 SP1 - ADMINISTRATION Скачать руководство пользователя страница 40 | Manualshive

Страница: 40 / 89

background image

40

Novell Client 2.0 SP1 for Linux Administration Guide

n

ov

do

cx (e

n)

11
Ju

ly 20

08

5.2 Known Security Threats

The following section provides a list of known security threats for the Novell Client for Linux, an
indication of how difficult it would be to exploit the threat, and what the consequences would be for
a customer.

Table 5-2

Known Security Threats

5.3 Security Characteristics

Section 5.3.1, “Identification and Authentication,” on page 41

Section 5.3.2, “Authorization and Access Control,” on page 41

Section 5.3.3, “Roles,” on page 41

Section 5.3.4, “Security Auditing,” on page 41

Passwords, keys, and any other
authentication materials are stored
encrypted

Yes

Passwords and other authentication materials
in temporary storage are encrypted to prevent
in-memory scanners.

Security is on by default

Yes

There are no configuration options to enable
or disable with the exception of packet
signing. Packet signing is enabled by default.

FIPS 140-2 compliant

No

This product currently uses the ATB
(authentication toolbox) instead of the Novell
NICI product. Therefore, this product is not
FIPS 140-2 compliant because ATB itself is
not FIPS-compliant.

Description

Consequence

Likelihood

Difficulty

Repetitive password cracking
attempts

Intruder detection lockout

Low

Hard

“Stale” passwords

Password expiration, grace login
enforcement

High

Hard

Attempted access out-of-hours or
from unauthorized locations

Date/Time and Location restrictions at login Medium

Easy

Port scanners

Unsuccessful pass of Nessus* scans;
possible port hijacking

Medium

Possible

Man-in-the-middle attacks

NCP request sequencing, packet signing

Low

Hard

Wire frame examination and
manipulation

Same protections as with other Novell
products utilizing NCP and RSA-based
authentication

Low

Hard

Memory scanning for sensitive
data

All buffers containing sensitive data
(passwords) are short-term in nature and
are zeroed and/or freed immediately after
use.

Low

Hard

Feature

Yes/No

Details

«
...
38
39
40
41
42
...
»

Содержание CLIENT FOR LINUX 2.0 SP1 - ADMINISTRATION

Страница 1: ...Novell www novell com novdocx en 11 July 2008 AUTHORIZED DOCUMENTATION Novell Client 2 0 SP1 for Linux Administration Guide ClientTM for Linux 2 0 SP1 August 2008 Administration Guide...

Страница 2: ...t or re export to entities on the current U S export exclusion lists or to any embargoed or terrorist countries as specified in the U S export laws You agree to not use deliverables for prohibited nuc...

Страница 3: ...Trademarks For Novell trademarks see the Novell Trademark and Service Mark list http www novell com company legal trademarks tmlist html Third Party Materials All third party trademarks are the prope...

Страница 4: ...novdocx en 11 July 2008...

Страница 5: ...Settings 18 2 1 5 Configuring File Browser Settings 18 2 1 6 Configuring OpenSLP Settings 20 2 2 Using Configuration Files to Preconfigure the Novell Client 21 3 Managing Login 23 3 1 Setting Up Inte...

Страница 6: ...ing the Novell Client Virtual File System Kernel Module 46 A 2 1 Compiling the Novell Client Virtual File System Kernel Module After a Kernel Update 46 A 2 2 Compiling the Novell Client Virtual File S...

Страница 7: ...ation included with this product Please use the User Comments feature at the bottom of each page of the online documentation or go to www novell com documentation feedback html and enter your comments...

Страница 8: ...8 Novell Client 2 0 SP1 for Linux Administration Guide novdocx en 11 July 2008...

Страница 9: ...Novell Client for Linux differs in a few ways from using the Novell Client for Windows For users and network administrators who are familiar with the Novell Client for Windows knowing these difference...

Страница 10: ...ne Utilities on page 49 and Appendix C Novell Client for Linux Man Pages on page 53 1 1 4 Login Scripts Novell has ported the vast majority of login script functionality to the Linux platform This mea...

Страница 11: ...atible with the Linux kernel version on your workstation However when later shipping versions of SUSE Linux Enterprise Desktop are provided by Novell the Novell Client Virtual File System Kernel Modul...

Страница 12: ...12 Novell Client 2 0 SP1 for Linux Administration Guide novdocx en 11 July 2008...

Страница 13: ...ing Configuration Files to Preconfigure the Novell Client page 21 2 1 Using the Novell Client Configuration Wizard The Novell Client for Linux includes a Novell Client Configuration Wizard to simplify...

Страница 14: ...ocol Settings page or the Service Location Protocol OpenSLP Settings page you must reboot the machine for those changes to take effect Any changes you make to the Novell Client settings are written to...

Страница 15: ...rator and cannot be overridden by the user Display Integrated Login Results When this option is disabled all login scripts are run silently and the script results window is not displayed but login scr...

Страница 16: ...create symbolic links in the user s home directory First Network Drive Select the first letter for Map to use when creating symbolic links to network resources This setting is used in commands such a...

Страница 17: ...includes the use of a message digest algorithm and a per connection per request session state The values are as follows 0 Disabled 1 Enabled but not preferred 2 Preferred 3 Required Changing the valu...

Страница 18: ...ray Application Select this option to automatically launch the Novell Client Tray Application Tray Application Menu Options Enables or disables the options available to users on the Tray Application m...

Страница 19: ...le in a file manager File and Folder Information Enables or disables the File Information and Folder Information tabs on the File and Folder Properties pages available when users right click a Novell...

Страница 20: ...sts or registering or the scopes that a directory agent DA must support Directory Agent List Specify the specific DAs that UA and SA agents must use If this setting is not used dynamic DA discovery is...

Страница 21: ...data bu01sei html hn62kppa in the Novell Client for Windows Installation and Administration Guide for more information Preconfiguring the Novell Client for Linux requires the novell client conf spec f...

Страница 22: ...ovell Client using YaST Add the location of the newly created novell client conf version_number platform rpm to the list of installation sources in YaST add a local directory in the Installation Sourc...

Страница 23: ...es not work if a workstation is set up to not ask for a password in the display manager greeter For integrated login to work the Novell Common Authentication Services Adapter CASA must be installed an...

Страница 24: ...the YaST Control Center GNOME Click Computer More Applications System YaST KDE Click the menu button System YaST 2 Click Security and Users in the left column then click CASA in the right column 3 Cl...

Страница 25: ...our SUSE Linux workstation you also automatically log into the Novell server specified in Step 3 3 1 3 Managing System Wide Integrated Login Settings 1 Launch the Novell Client Configuration Wizard by...

Страница 26: ...scripts see the Novell Login Scripts Guide 3 3 Setting Up Login Restrictions Login restrictions are limitations on user accounts that control access to the network These restrictions can be set by an...

Страница 27: ...e Restrictions tab or drop down list depending on the browser you are using The following options appear They open pages that display various properties Password Restrictions Login Restrictions Time R...

Страница 28: ...applications on your workstation require more advanced settings you can modify the etc slp conf file to set advanced settings For more information on advanced SLP configuration see the OpenSLP Web sit...

Страница 29: ...vell Client Configuration Wizard 5 Restart the workstation 3 4 2 Troubleshooting SLP Configuration If users cannot see a list of available trees contexts and servers when they use the Novell Client fo...

Страница 30: ...Firewall on page 30 Adding SLP Daemon Rules for External or DMZ Firewall Zones on page 31 Changing Your LAN Interface Definition to Internal on page 31 Turning Off the SUSE Firewall 1 Launch the YaST...

Страница 31: ...d Users in the left column then click Firewall in the right column 3 Click Allowed Services in the left column to open the Firewall Configuration Allowed Services screen 4 Select SLP Daemon from the S...

Страница 32: ...32 Novell Client 2 0 SP1 for Linux Administration Guide novdocx en 11 July 2008...

Страница 33: ...ther by using any method other than NCOPY at the command terminal For more information on the specific rights on NetWare and OES servers see File Services http www novell com documentation oes implgde...

Страница 34: ...receive rights in a number of ways such as explicit trustee assignments inheritance and security equivalence see eDirectory Rights Concepts http www novell com documentation edir88 edir88 data fbachi...

Страница 35: ...and write to the file Erase Grants the right to delete the directory or file Create For a directory grants the right to create new files and directories in the directory For a file grants the right t...

Страница 36: ...ants the right to change the attributes or name of the directory or file but does not grant the right to change its contents changing the contents requires the Write right File Scan Grants the right t...

Страница 37: ...s to Kim and Nancy you would select Combine Multiple Trustees The following would then be true Kim has Read and File Scan rights to both FILEA and FILEB Her Access Control right is lost because the co...

Страница 38: ...38 Novell Client 2 0 SP1 for Linux Administration Guide novdocx en 11 July 2008...

Страница 39: ...upported via SSL and Simple Bind protocol Servers devices and or services are authenticated Yes Connections to servers are authenticated via user supplied credentials No device authentication is suppo...

Страница 40: ...of packet signing Packet signing is enabled by default FIPS 140 2 compliant No This product currently uses the ATB authentication toolbox instead of the Novell NICI product Therefore this product is...

Страница 41: ...together to compare ACLs for a given file system path or object retrieved from eDirectory to the identity and session scope established for the identity that owns a given connection The VFS acts as a...

Страница 42: ...configuration file All fields in the Novell Login dialog box except the password are stored in this file HOME novell ncl MapDrives conf This user configuration file specifies the drive mapping to run...

Страница 43: ...startup for ncl_autologin HOME gnome2 session manual X GNOME startup for ncl_autologin opt novell ncl bin ncl_autologin X Validates and runs nwlogin or gnwlogin opt novell ncl bin nwlogin This existin...

Страница 44: ...be compromised For example if a malicious entity gets root access it might be able to steal user credentials and authenticate to the network with those credentials File New Modified Description opt n...

Страница 45: ...on failed you do not need to repeat this step 3 Compile the Novell Client Virtual File System Kernel Module See Section A 2 Compiling the Novell Client Virtual File System Kernel Module on page 46 4 R...

Страница 46: ...een installed click Close to close the YaST Control Center A 2 Compiling the Novell Client Virtual File System Kernel Module Depending on whether or not you have a standard kernel that has been update...

Страница 47: ...tom kernel 1 In a terminal log in as root 2 Unpack the proc config gz file and copy the resulting config to the new name usr src linux config 3 In the usr src linux directory enter the following comma...

Страница 48: ...48 Novell Client 2 0 SP1 for Linux Administration Guide novdocx en 11 July 2008...

Страница 49: ...located in the opt novell ncl bin directory and include the following Section B 1 Shell Commands on page 49 Section B 2 GUI Utilities on page 50 B 1 Shell Commands Table B 1 The Novell Client for Lin...

Страница 50: ...entering the following ncl_man utility_name For example ncl_man ncl_tray map Creates a mapping mount from a local file system to a remote file system on a Novell file server map d drive s server v vol...

Страница 51: ...and End keys to move between the beginning and the end of a document To exit a man page press q You can learn more about the man command by entering man man in a terminal window You can also enter uti...

Страница 52: ...52 Novell Client 2 0 SP1 for Linux Administration Guide novdocx en 11 July 2008...

Страница 53: ...9 ncl_control 8 on page 61 ncl_install 8 on page 62 ncl_man 1 on page 64 ncl_tray 1 on page 65 nwconnections 1 on page 66 nwcopy 1 on page 67 nwflag 1 on page 69 nwlogin 1 on page 72 nwlogout 1 on pag...

Страница 54: ...ons c context context context Specifies the context that the user is logging in to This value is required u name user name Specifies the user s eDirectory username This value is required s server serv...

Страница 55: ...n script There are four n variables that can be specified during login 2 3 4 and 5 The utility then substitutes these parameters for the n variables in the login script The variables are replaced in t...

Страница 56: ...es in the login script The variables are replaced in the order specified by selecting 2 3 4 or 5 clearconn Clears existing server connections before logging in to the current server ignore_rest Ignore...

Страница 57: ...ow_Integrated_Login true or false Globally enables or disables automatic login for the workstation Allow_Integrated_LoginGUI true or false If authentication fails calls gnwlogin so the user can reente...

Страница 58: ...y 2008 Clear_Username true Allow_Integrated_Login false Default_Tree mycompany Default_Context marketing Authors Copyright 2005 2007 Novell Inc All rights reserved http www novell com To report proble...

Страница 59: ...assword at desktop startup Usage Each entry occupies a single line in the file Lines that are blank or that start with a pound sign are ignored home steve Desktop Q Location and name of drive link Use...

Страница 60: ...erence life span 192 n4u nds inactivity synchronization interval 60 n4u nds synchronization restrictions off n4u nds janitor interval 2 n4u nds backlink interval 7 Authors Copyright 2005 2007 Novell I...

Страница 61: ...on modules stop Stops all Novell Client for Linux daemon modules restart Stops and then reloads all Novell Client for Linux daemon modules status Verifies that the Novell Client for Linux daemon modul...

Страница 62: ...to run this utility Options install Installs all Novell Client for Linux packages install force Forces the installation of all Novell Client for Linux packages upgrade Upgrades all Novell Client for L...

Страница 63: ...or Linux Man Pages 63 novdocx en 11 July 2008 Authors Copyright 2005 2007 Novell Inc All rights reserved http www novell com To report problems with this software or its documentation visit http bugzi...

Страница 64: ...ing error is displayed No manual entry for Novell Client man page name Entering ncl_man Novell Client man page name adds the Novell Client man path to the MANPATH and launches man which displays the s...

Страница 65: ...apping drives and many other functions It requires the X Windows System to be running because it is a GUI application Options Basic Options waitfortray integer Wait for tray value required author Show...

Страница 66: ...s for the currently logged in user Use the nwmap utility to detach from listed connections Options ignore_rest Ignores the rest of the labeled arguments following this flag v Displays the version for...

Страница 67: ...te if it is supported s subdir Traverses the subdirectories t string target string Specifies the target path where you want the files copied to p string source string Specifies the source path of the...

Страница 68: ...py f p my_vol t your_vol Copies all files or directories from my_vol to your_vol and rewrites the existing targets Authors Copyright 2005 2007 Novell Inc All rights reserved http www novell com To rep...

Страница 69: ...the attributes of files or directories Type Displays or sets either the attributes or the owner flag information a attributes Displays or sets attribute flags n owner Displays or sets owner flags Opt...

Страница 70: ...ion on flags See http www novell com documentation oes stor_filesys data bs3fih1 html o Read only w Read write c Compressed h Hidden y System k Can t Compress p Purge a Archive Needed m Migrated d Del...

Страница 71: ...ed and Immediate Compress nwflag n e s f adam cont org Makes user ADAM the owner of the files in the current directory and subdirectories nwflag n w s f MYSERVER USER grep i adam cont org Lists all fi...

Страница 72: ...ies the context that the user is logging in to This value is required t string tree string Specifies the tree that the user is logging in to This value is required p string password string Specifies t...

Страница 73: ...d in the order specified by selecting 2 3 4 or 5 4 string variable4 string Allows an additional parameter to be entered that the login utility passes to the login script There are four n variables tha...

Страница 74: ...tration Guide novdocx en 11 July 2008 Authors Copyright 2005 2007 Novell Inc All rights reserved http www novell com See Also nwlogout 1 nwconnections 1 To report problems with this software or its do...

Страница 75: ...of This value is required if either the tree or closeall option is not used t string tree string Specifies the tree that the user will be logged out of This value is required if either the server or c...

Страница 76: ...Administration Guide novdocx en 11 July 2008 Authors Copyright 2005 2007 Novell Inc All rights reserved http www novell com See Also nwlogin 1 To report problems with this software or its documentati...

Страница 77: ...ou are mapping to The path can be in the following forms server volume path server volume server volume path directory_object_name fully_distiguished_eDirectory_path such as a cluster volume for examp...

Страница 78: ...OOT This does not function in Linux It is included for script compatibility only C or CHANGE This does not function in Linux It is included for script compatibility only P or PHYSICAL This does not fu...

Страница 79: ...p target_path Specifies the source path of the files you want to purge a path Purges all the files at the specified source path c path Purges all the files at the specified source path as well as all...

Страница 80: ...n a Novell server Rights can be given directly or through inherited rights filters Options r rights Allows you to add or delete specified rights to or from the rights list The rights are s Supervisor...

Страница 81: ...2008 p network path Specifies the network path to the file h Displays the help strings Authors Copyright 2005 2007 Novell Inc All rights reserved http www novell com To report problems with this softw...

Страница 82: ...systems Options p string Specifies the source path of the files you want to salvage a string Salvages all the files at the specified source path c string Salvages all the files at the specified sourc...

Страница 83: ...s to users or groups who are currently connected to a Novell server or allows you to send a message to the server console Options c message Sends a message to the server console s server_name Specifie...

Страница 84: ...ree the user is logging in to This line is required Context context The location of the User object in the eDirectory tree This line is required Server server name The name or IP address of the server...

Страница 85: ...ional parameters can be entered that the LOGIN utility passes to the login script The utility then substitutes these parameters for any n variables in the login script These variables are replaced in...

Страница 86: ...tration Guide novdocx en 11 July 2008 Variable2 Variable3 Variable4 Variable5 Authors Copyright 2007 Novell Inc All rights reserved http www novell com To report problems with this software or its doc...

Страница 87: ...p startup Usage Each entry occupies a single line in the file Lines that are blank or that start with a pound sign are ignored home username Desktop drive_link Location and name of drive link UserName...

Страница 88: ...d mycompany sys home mycompany Desktop pub UserName admin novell Tree MYCOMPANY_TREE Context Mapped mycompany SYS PUBLIC Authors Copyright 2007 Novell Inc All rights reserved http www novell com To re...

Страница 89: ...ent changes made in this guide since the initial release of the Novell ClientTM for Linux The information will help you keep current on updates to the documentation The documentation was updated on th...

Отзывы:

Нет отзывов

Похожие инструкции для CLIENT FOR LINUX 2.0 SP1 - ADMINISTRATION

DL385 - ProLiant - G5

Бренд: XenSource Страницы: 313

Бренд: Samsung Страницы: 11

PM1D Manager V2

Бренд: Yamaha Страницы: 24

COLFUSION MX 7 - INSTALLING AND USING COLDFUSION...

Бренд: MACROMEDIA Страницы: 72

ZENworks Application Virtualization 8.0.1

Бренд: Novell Страницы: 105

Бренд: Primera Страницы: 19

Бренд: Avaya Страницы: 286

PlateRunner P24 Processor

Бренд: Xante Страницы: 6

Бренд: Lucent Technologies Страницы: 198

Sun GlassFish EnterpriseServer v3 Prelude

Бренд: Sun Microsystems Страницы: 48

Sun StorEdge Availability Suite 3.2

Бренд: Sun Microsystems Страницы: 52

Бренд: Gallo Страницы: 9

One Stop Vocal Processing Plug-in Vocalstrip

Бренд: Solid State Logic Страницы: 21

Бренд: Z3 Technology Страницы: 8

Бренд: Yamaha Страницы: 24

Бренд: Qlogic Страницы: 174

SANsurfer FC HBA Manager Application

Бренд: Qlogic Страницы: 218

7C03 MMAC SmartSWITCH

Бренд: Cabletron Systems Страницы: 150

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды