Articles and Tips: article
01 Jul 1996
Novell Directory Services Q & A
Q. Many of the NDS functions such as NWDSRead(), NWDSList(), and NWDSSearch()take a parameter called Iteration Handle. What is the Iteration Handle used for?
A. The Novell Directory Services back-end engine uses the Iteration Handle as a place marker to ensure that its reply does not overrun the local buffer allocated by the requesting client. The client must call the NWDS function until the Iteration Handle is set to -1 to retrieve all data relevant to the request.
Q. Does the Iteration Handle consume resources on the NetWare Server?
A. Yes. The Iteration Handle consumes resources from the NDS engine until all iterations of a request are completed.
Q. Is it possible to abort an NDS request before the NDS engine sets the Iteration Handle to -1, signaling the completion of the request?
A. Yes. Use the function NWDSCloseIteration(). Calling this function will free the resources allocated by the NDS engine to govern the data transfer to the client.
Q. Is there an NWDS function call that will update DS.NLM?
A. Yes. NWDSReloadDS(). Rename the current DS.NLM in the SYS:SYSTEM directory of a NetWare 4.x server and copy the updated version of DS.NLM to the SYS:SYSTEM directory. Then, issue this function call.
Q. Is it possible to get a connection to an NDS server by providing the NDS name of the server (CN=ServerName.OU= Engineering.O=ACME)?
A. Yes. The function NWDSOpenConnToNDSServer()provides this capability.
Figure 1 shows an example of how this function can be used. The connection handle to the specified server is returned in connHandle.
Figure 1: Connecting to a server by providing the NDS name of the server.
cCode = NWDSOpenConnToNDSServer( /* context handle */ dContext, /* server name */ "CN=ServerName.OU=Engineering.O=ACME", /* conn handle */ &connHandle& );
Q. When I make the call to NWDSCreateContext()or NWDSCreateContextHandle(), how is the default value of DCK_NAME_CONTEXTvariable determined?
A. The NWDS library obtains this value from the NET.CFG (for VLM and Client 32 for DOS/Windows) or from the system registry (for Client 32 for Windows 95 and the NetWare Requester for NT) Name Context variable. If this variable is not set, then the Name Context variable is set to [Root].
Karl Bunnell is a Developer Support Engineer with expertise in NDS and transport protocols. He has worked at Novell for five years. In his spare time, Karl enjoys playing the guitar and web surfing.
Novell, Compaq To Deliver SMP Pentium Pro-Based Enterprise Solutions: Industry Leaders Join Forces To Assure Customers Smooth Integration to ProLiant 5000
Novell has announced the optimization and integration of NetWare 4.1, NetWare 4.1 Symmetrical Multiprocessing (SMP), and ManageWise software products with Compaq Computer Corporations new ProLiant 5000 servers, which are based on the Intel Pentium Pro processor.
Novell completed the integration, optimization, and testing work as part of the Pacesetter 96 Program sponsored by Compaq and Intel. The resulting enterprise network software provides Novell customers with a clear upgrade path to the ProLiant 5000 server family and Pentium Pro technology.
The integration of Novell network software with Compaqs ProLiant 5000 servers provides a solution that delivers the performance, reliability, and scalability of more costly proprietary systems at about one-half of the cost.
Novell tuned its NetWare 4.1 and NetWare 4.1 SMP software to provide users with full access to the high-performance Pentium Pro processors included in each ProLiant 5000 server.
Users can create advanced networking solutions by leveraging Novell network services, such as Novell Directory Services, to simplify the creation of distributed enterprise networks.
The scalable power of NetWare SMP builds on this NetWare platform to meet enterprise needs for critical network services such as database management, messaging, Internet access, and intranet services.
With the addition of Novells NetWare Web Server and InnerWeb Publisher to the Compaq-Novell solution, customers can readily adapt their LANs and WANs into intranets supporting the heaviest user traffic.
These networks benefit from the inclusion of ManageWise, the leading heterogeneous PC network management suite, to provide end-to-end network administration.
Compaq and Novell have been working together since 1983 to address the evolving needs of network computing customers. Through the Enterprise Computing Partnership, Compaq and Novell are helping companies migrate business-critical applications to industry-standard solutions and simplify the integration, operation, and maintenance of networked computing environments.
For more information, call 1-800-NETWARE or visit Novells home page at http://www.novell.com.
Novell Announces Internet Manager Certification for Internet/Intranet
Novell has announced the expansion of its worldwide programs for certified education of technical support professionals to include a new series of courses and certifications focused on the Internet and intranets. The Novell Internet Manager certification and associated courses will train and certify individuals in job skills needed to leverage the full business opportunity of the Internet and intranets, giving their businesses a competitive edge.
Novells Internet Manager certification program prepares those commonly referred to as "webmasters" to manage the overall technical project of running an Internet or intranet site. Sample job tasks covered in the certification program include providing support, managing security, performing capacity planning, and installing client/server applications for the site, as well as a host of HTML tasks, including reading/writing HTML and converting documents into HTML. Core Novell technologies and solutions such as Novell Directory Services (NDS) and the Novell Web Server are also covered.
The Novell Internet Manager consists of six courses and five examinations. Four of the courses, including new Internet/intranet-specific courses 652 Understanding and Applying Internet Concepts and 654 Web Publishing and Authoring, are already available through Novell Authorized Education Centers (NAECs) around the world.
Courses 656 Web Manager and 658 Advanced Web Manager are scheduled to be available in the fall. Rounding out the curriculum are two core Novell courses, 520 NetWare 4 Administration and 605 NetWare TCP/IP Transport, which will prepare Novell Internet Managers to link the Novell Web Server with NDS and will provide them with an understanding of connectivity options and issues.
Two of the five certification examinations are already available for certification candidates. The additional examinations are scheduled to be available by early fall.
As with Novells Certified Novell Administrator (CNA), CNE, Master CNE, and Certified Novell Instructor (CNI) programs, all Novell Internet Manager examinations will be offered worldwide at Sylvan Prometric testing centers.
For more information on the Novell Internet Manager program or the upcoming Internet/intranet opportunities for CNEs, customers within North America can call 1-800-233-EDUC, visit their local NAEC, or consult Novell Educations Web page at http://education.novell.com.
For testing information, customers within North America can contact Sylvan Prometric at 1-800-RED-EXAM.
Novell Announces Global Service Partner Program: New Program To Expand Service Expertise on Multivendor Environments for Novell Customers Worldwide
Novell has introduced the Global Service Partner program, which expands Novells technical support coverage for multivendor networking systems to its customers worldwide.
Novell is pursuing a limited number of companies known for worldwide support capabilities, expertise in supporting complex, multivendor environments, and a reputation for high-quality technical support to participate as Global Service Partners. Partners will improve the delivery of Novells technical knowledge, product support, and training information worldwide to its extensive channel of partners.
Initially, Hewlett-Packard and IBM plan to participate in the Global Service Partner program. As Global Service Partners, they will have the highest priority direct access to Novells worldwide technical support organization to ensure that they can provide customers with solutions from support sites around the world.
Novell expects additional partners who meet the criteria of the Global Service Partner program to join the program by the end of the year.
Global Service Partner Benefits
Global Service Partners benefit from the highest priority direct connection to Novells technical support organization.
With a current installed base of more than 55 million users (which comprises more than 61 percent of the network operating system market share), Novell provides Global Service Partners with a strong base of potential customers.
Novell also participates in joint services marketing opportunities with Global Service Partners, promoting their abilities to provide quality service for Novell products in multivendor environments.
Novell and the Global Service Partners will actively seek ways to involve other Novell partners in marketing and delivering Novell-related support to customers.
Novells large, global customers benefit from the availability of support through Global Service Partners at sites around the world. These customers typically have complex support requirements. The Global Service Partners expertise in providing technical service for multivendor systems will benefit these customers tremendously.
Technical Insights: Escaping 0xFF Characters in a Data Set Scan Name
When using NWSMTSScanDataSetBegin()or NWSMTSScanNextDataSet()to scan for a data set (file) that contains a 0xff character in the name, a failure is returned.
SMS has two scanning functions for finding data sets through a TSA: NWSMTSScanDataSetBegin()and NWSMTSScanNextDataSet(). These use a structure that contains a list of data set names and/or search patterns to scan for. This structure, NWSM_SELECTION_LIST, is set up when NWSMTSScanDataSetBegin() is called and is subsequently used by NWSMTSScanNextDataSet().
For information about the usage of the structure and the list, see "Data Set Selection Options" on page 1-40 of the Target Service API Reference (TSAPI) manual as well as appendix B, page B-14.
The name field in the selection list contains a data set name and/or search pattern to scan for. If the name/pattern in the name field contains a 0xff character, it must be "escaped" by preceding it with a 0xff character as shown below:
name: 07 53 61 6D FF 4F 6E 65 "Sam.One"
would have to be changed to
name: 08 53 61 6D FF FF 4F 6E 65 "Sam..One"
name: 08 50 61 6D FF FF 54 77 6F "Pam..Two"
would have to be changed to
name: 0A 50 61 6D FF FF FF FF 54 77 6F "Pam....Two"
PINSTALL Does Not Allow Remote Installation
Q. Can products be installed remotely, from a CD-ROM located on a remote server? The customer indicates that because we use PINSTALL, it restricts the capability of installing the product remotely? Is there any way to do this?
Engineering offered the following response to this question about PINSTALL:
A. You can't specify a remote file system from PINSTALL. You must install from a local CD-ROM drive, or you can always simply XCOPY the complete CD-ROM contents to somewhere on the server and install from there instead (the files on the CD-ROM really don't take up that much space).
Error 89ee with MW Distribute Install
When you install MW Distribute 4.0 beta 12, after you insert the license diskette, it gives the error:
"Distribution server setup did not complete. Please check the log file c:\nninst.log for possible explanations."
Figure 2 shows that the error 89ee appears in the NNINST.LOG.
Figure 2: Error 89ee shown in NNINST.LOG
Created database error file. (NNINSTDL.DLL) Mon Feb 12 08:53:02 1996 Create Queue NWSD_DIST_JOB_QUEUE failed. Error: 89ee (NNINSTDL.DLL) Mon Feb 12 08:53:02 1996 Failed to define DS Job Queue (NNINSTDL.DLL) Mon Feb 12 08:53:02 1996 Create Queue NWSD_DIST_FDBK_QUEUE failed. Error: 89ee (NNINSTDL.DLL) Mon Feb 12 08:53:02 1996 Failed to create queue: NWSD_DIST_FDBK_QUEUE (NNINSTDL.DLL) Mon Feb 12 08:53:03 1996 Create DS queues failed, the selected Console user BEN may not be able to run Console after the installation. (NNINSTDL.DLL) Mon Feb 12 08:54:03 1996 End of Setup
Error code 89ee means OBJECT ALREADY EXISTS. Check for another Distribution server in the tree. In this case, a Distribution server already existed in the NDS tree. NDS doesn't support two distribution servers in the same tree.
To solve this problem, install the distribution server in an NDS tree that does not already have a distribution server.
Downloading PSCAN.EXE with Patched PSCAN.NLM for ManageWise 2.0
To find and download the Intel PSCAN.EXE that contains a patched PSCAN.NLM for the LANDesk virus protect portion of ManageWise 2.0 referred to in TID1006903 and TID1002239, use the following instructions:
Dial in to the Intel BBS: (503) 645-6275
After logging in, select the following options:
1 (Products for end users)
4 (File Downloads)
1 (Network Products)
1 (LANDesk Products)
3 (LANDesk Family of Products)
2 (Interim Release Software)
Type the file name: PSCAN.EXE
Select the download protocol.
Error Loading ManageWise 2.0 on ThinkPad/Docking Station Combo
A customer was having trouble loading ManageWise 2.0 on a IBM Think Pad/Docking station combo. When the customer tried to load MW 2.0 Console on D: and Windows on C:, the following error was encountered:
WBT32 caused a protection fault in module <unknown> II GI30D7:B2E8WBT32_Will close.
The customer wanted Windows installation on the laptop and ManageWise Console installation on the docking station. ManageWise defaults to installation on the C: drive. The customer changed the installation to D: drive. This change created a conflict between Windows and ManageWise file and path locations.
The issue was resolved by loading a version of Windows on the laptop and on the docking station, setting the BIOS on the docking station to boot with the D: drive, and installing the console on D: drive.
When using the ManageWise Console, change the docking station's BIOS to boot from the D: drive.When using the laptop as the primary station, change the BIOS back.
Incorrect NET.CFG File in DOS Path Causes ManageWise Console Problems
When double-clicking the ManageWise Console, the following message appears:
DLL: c:\MW\NMS\BIN\N-DIASRV.DLL cannot be loaded successfully: Increase the number of IPX sockets (see NET.CFG file, IPX Sockets = 30) Do you want to continue?
The customer increased the IPX Sockets from 60 to 99, but this did not solve the problem.
The problem was caused by an incorrect NET.CFG file in the DOS path. To resolve this problem, use the Windows File Manager file search function to find all existing NET.CFG files. Then, rename or delete all NET.CFG files except the one you wish to use. The one created or edited by the VLM install or the NMS install is generally the correct one and is placed in the same directory as your VLM files.
Setting Up Image Maps on the NetWare Web Server
This document teaches some basics of setting up image maps on NetWare Web Server. It is not meant to be a comprehensive tutorial for HTML or any part of the HTML specification. For details on some of the topics covered in this document, visit the following Web pages:
http://hoohoo.ncsa.uiuc.edu/docs http://www.w3.org/pub/WWW/MarkUp/Wilbur/ http://home.netscape.com/assist/net_sites/html_extensions_3.html
Image maps are images with defined regions. Clicking on the image returns a set of coordinates. If the coordinates fall within one of the defined regions, the browser loads another URL. This is a way of embedding multiple hotlinks within a single image.
There are two ways to handle the image's coordinate-to-URL translation. First, the original and more common method is a server-based translation. This usually requires that the server knows what URLs should be translated as image maps, that the server has the capability of translating the image map, and that a separate image map file be created. The second method is client-based translation. This method was originally designed as an enhancement to the HTML 3.0 specification and the capability was added to Netscape Navigator 2.0 and above. Now that it is officially adopted as an HTML standard (under the newly released HTML 3.2 specification), it will grow in popularity as more browsers adopt it. Some of its benefits are as follows:
It doesn't require the server to do any translation or parsing of a map file (freeing resources on the server).
It doesn't require that the document be transferred over HTTP (it works for local files as well as remotely accessed HTML documents).
It doesn't require maintaining a separate map file in a different directory (alleviating administration problems).
However, until the HTML 3.2 standard is adopted into all common browsers, a webmaster or HTML author may want to consider implementing both methods when using image maps. On a NetWare Web Server, you set up the following:
Server-Side Image Map Translation
Server-side image map translation, as described above, requires that the server knows which URLs to parse. This is done by defining a MapAlias directory, or directories, in the server's SYS:\WEB\CONFIG\SRM.CFG file. There can be more than one MapAlias directive. In fact, it is recommended that you have at least two:
MapAlias /maps/ /maps MapAlias /MAPS/ /maps
With these two lines, the server will know that URLs that begin with either "maps" or "MAPS" refer to image maps and need to be parsed. Because the server's default SRM.CFG only has the lower case "maps", you should add the other line. Remember that whenever a change is made to one of the server's configuration files, you must restart the HTTP.NLM server. Do this by issuing a UNISTOPfollowed by UNISTARTat the server's console.
Unlike some HTTP servers, NetWare Web Server does not require a separate executable to handle image map translation. It is designed into the HTTP.NLM. So the MapAlias statements are all you need to configure the server.
Image Map files
The image map file syntax is the same as it is with any other server. Popular utilities (Lview, Mapedit, and so on) can help you create the map files. Reference your HTML documentation for the file syntax.
HTML Document Elements
To tell the server what map file to use and that the file is an image map that needs to be translated, the image element <IMG>needs to be surrounded by an anchor element <A>. The anchor element needs to include an HREF attribute that references the map file. The reference to the map file needs to include a MapAlias. Because the anchor element is a container element, the end needs to be defined with a </A>.
Also, it is necessary to tell the client that the image is an image map so it will return coordinates as part of the URL. This is done by adding the ISMAPattribute to the <IMG>element. For example:
<a href="/maps/family.map"><img src= "family.gif" ISMAP></a>
Note: The server sees the MapAlias portion of the returned URL as case sensitive, so watch that the case matches the case in the MapAlias in the SRM.CFG file. The rest of the HTML in this example is not case sensitive.
Once this is done, the image map should function. The server is doing all the work of translating; it is taking the coordinates received by the client and determining what URL to return.
Client-Side Image Map Translation
Client-side image map translation, as mentioned above, is a new specification (relative to this TID's authoring date). It was officially adopted by the World Wide Web Consortium (W3C) in May 1996 as HTML 3.2 (an extension to HTML 3.0 adopted in March 1995). Because it is so new, not all browsers have adopted this functionality. You will want to use a browser that is HTML 3.2 compatible, such as Netscape Navigator 2.0.
With the client-side image map translation, all the work is done on the client and all the map information can be included in the same HTML file as the <IMG>itself, or in a different file. To tell the client to process the image locally, a USEMAPattribute is added to the <IMG>element. The syntax for the USEMAPattribute is that same syntax you use when specifying a target anchor in an <A>element (where a #' is used to define the target name). See examples below.
The map information (shapes, defining coordinates, hypertext reference, and so on) are defined within the <MAP> container element. The <MAP> element has a NAME attribute (just like the target <A> anchor in a source-target anchor pair). Within the <MAP> container (that is, between <MAP> and </MAP>) you place multiple <AREA> elements defining the various areas of the image map and what they link to. Figure 3 shows an example of the syntax.
Figure 3: Syntax for and explanation of map information.
<MAP NAME="targetname"> <AREA [SHAPE="areashape"] COORDS="x,y,..." [HREF=" reference "] [NOHREF]> </MAP>
"targetname" is the name used in the
<IMG...USEMAP="file#targetname"> and "areashape" is a valid shape; RECT, POLY, CIRCLE, or DEFAULT. If the SHAPE attribute is omitted, RECT is assumed.
COORDS provides the defining image based coordinates for the shape in pixels, starting with 0. In other words, if an image is 100x by 200y, the coordinates for x are 0-99 and the coordinates for y are 0-199. For a given shape, the syntax is as follows:
RECT left, top, right, bottom POLY x,y,x,y,x,y,.... CIRCLE center-x, center-y, radius
HREF is the same syntax as in the <A> element, where
"reference" is a URL.
NOHREF tells the client not to do anything if this region is clicked.
If multiple AREA elements overlap, the first overlapping AREA is used.
Combining Server- and Client-Side Translations
You can combine the two image map translation methods. Figure 4 shows an example of how to combine the two methods.
Figure 4: Combining client- and server-based translation
<a href="/maps/family.map"><img src="family.gif" usemap="#family_map" ISMAP></a> <map name="family_map"> <area shape="poly" href="heather.htm" coords="37,321,40,228,61,176,85,164,89,120,111,106,134,111,125, 41,101,13,53,45,26,105,1,179,6,290"> <area shape="poly" href="daniel.htm" coords="43,363,115,348,144,302,142,217,160,188,143,171,148,126, 130,113,103,114,92,124,89,163,61,186,43,232"> <area shape="rect" nohref coords="0,0,300,300"> </map>
Note: Notice that the last area doesn't do anything. It includes NOHREF, but includes the entire area of the gif. That way, any click outside one of the two defined polygons will fall within the rectangle that doesn't do anything.
Is NetWare Application Launcher Required?
Q. Must you use the NetWare Application Launcher to use NDS Application objects?
A. No, but you must have some launcher application to use Application objects. You can write your own using the APIs published in the NetWare SDK.
NetWare Updates Will Ease Transition to Year 2000
Recently there has been a lot of concern over how the turn of the century will affect computer systems. For example, many programs will crash when their internal calendars attempt to turn to 2000. Novell has worked to ensure that NetWare easily handles this transition to the next century.
Novell's four major network operating system products that will require the ability to properly roll over to the year 2000 are NetWare 3.11, NetWare 3.12, NetWare 4.1, and all subsequent NetWare releases, starting with Green River.
Novell has already completed the necessary updates for NetWare 3.11, NetWare 3.12, and NetWare 4.1. Each of these updates is expected to be available by the end of 1996 after Novell completes comprehensive testing. The next release of NetWarecode-named Green Riverwill correctly handle the year 2000 (starting with the beta refresh build), as will all future releases of the NetWare operating system.
Map File Problem Resolved by Adding MapAlias Statement
A customer had moved his files from a different manufacturer's Web server to a NetWare Web Server 2.1. The documents included map files. The customer verified that all the map files were in the proper directory, and that the HTML documents were in the proper directories as well. The customer had verified that the references within the map file were correct as well.
Or so it seemed on the surface. He could browse to the URLs specified in the map file without any problems. But, when he clicked on the image, he would get the following error, which is similar to 404 Not Found:
The requested URL: /MAPS/mapfile.map was not found on this server.
However, the sample map file that ships with NetWare Web Server worked just fine.
In the HTML document containing the reference to the map file, he had the following element:
This element references the /MAPS/ (uppercase) directory. But in the SRM.CFG, there is only a MapAliasstatement for /maps/(lowercase). To solve this problem, add a second MapAlias line to handle instances where /MAPS/is referenced as well as /maps/, as shown below:
MapAlias /maps/ maps/ MapAlias /MAPS/ maps/
Establishing Group Level Access Control to a Directory
This document explains how to establish access control to a directory at a group level (a group consisting of one or more users). This is the best way to give access to a directory to many users.
Group level access control can be set for a given directory using one of two methods: NDS authentication or basic authentication. The NDS authentication uses NetWare's Directory Service to verify that the user name and password passed to the server from the browser actually match. With basic authentication, the HTTP.NLM checks text files to verify whether a user name and password passed to the server from the browser match.
NDS Authentication Group Access
Create a group and add to that group the users that will be granted access to the directory you are limiting access to.
Edit the SYS:\WEB\CONFIG\ACCESS.CFG file and modify the appropriate <Directory> area.
After the <Directory>element, but before the <Limit> element for the directory, add the following lines:
AuthType Basic AuthName #text# AuthUserMethod nds #context# AuthGroupMethod nds #context#
Replace the #text# with a string of text that you would like displayed as part of the authentication dialog box that pops up on the client browser. For example, a #text# value of "a user in the mktg.acme_toys context" on server 22.214.171.124 would appear as
"Enter a username for a user in the mktg.acme_toys context at 126.96.36.199:"
Replace #context#on the AuthUserMethod line with the appropriate base context for user authentication. The context should be the full context, including a leading period (that is the container that the users are all located under, such as ".mktg.acme_toys"
Replace #context# on the AuthGroupMethod line with the full context where the group can be found (a leading period may also be required here).
If users are in different contexts, use the lowest common context that they all fall under. If the lowest common context is the organization level (top level) then you can leave #context# portion blank.
I would recommend that the #text# message provide some information on how to enter the correct user name. If the #context# specified is not the full context that the user object resides in, then the users will have to enter their full context name when authenticating (including a leading period):
After the <Limit> element but before </Limit> is where you specify the group requirement as follows:
Require group #groupname#
Where #groupname# is the full context name of the group (including the leading period, as in ".northwest.mkth.acme_toys"). There can be more than one "Require group"statement.
Save the ACCESS.CFG file and restart the server by issuing a UNISTOP and a UNISTARTon the server console.
Basic Authentication Group Access
Basic authentication is established by creating two text files, generating a third file, and modifying the SYS:\WEB\CONFIG\ACCESS.CFG file.
Create a text file in the SYS:\WEB directory that is a list of user names and passwords. The syntax is:
Each user name is on a separate line and the password is separated from the user name by a colon (:). Be careful NOT to insert extra spaces. Figure 5 shows an example file.
Figure 5: Example of SYS:\WEB\PASSWD ... the text version of the encrypted shadow file used for the actual basic authentication.
tom:barbie mary:mary1 jeff:tester toy_man:play pat:here sam:free terri:open mark:marcus sally:shells george:vii slide_way:whee
Create a text file in the SYS:\WEB directory that is a list of group names and the associated users. The syntax is:
groupname: user1 user2 user3 ...
It is the groupname, followed by a colon, followed by <space>username. <space>username may be repeated as necessary. Be careful not to embed a carriage return in the middle of a list of users. Figure 6 shows a file listing the groupnames and associated users.
Figure 6: Example of SYS:\WEB\GROUP (a text file used in the group basic authentication example).
dolls: tom, mary, jeff, toy_man sporting: pat, sam, terri infant: mark, sally, george playground: tom, toy_man, slide_ways
Generate an encrypted form of the user text file by using the SYS:\PUBLIC\PWGEN utility. The syntax is:
pwgen infile outfile
The infile is the user text file you created in step 1 above. The outfile is the file you want to create that will contain the passwords in an encrypted form. Figure 7 shows a file of encrypted passwords.
Figure 7: Example SYS:\WEB\SHADOW file ... generated by executing \PUBLIC\PWGEN PASSWD SHADOW.
tom:Gu8KYu2EuxZZiasy8LpWwg== mary:L4mo4UIAhOlBY2cXx1wkTQ== jeff:9dEnjoEJ7dlOHkGX4EhzuQ== toy_man:o7NMCHHcL9Ue7FVZto9wnQ== pat:bJIoX6bT6CexmNEg6jrGdA== sam:qi1uT1eOsM+rojvu92whlA== terri:fO+Kc0hVd3wqnQyvQmZuaQ== mark:ScFn181m3GSkdMJhhgulDw== sally:bK2htSec9k7EhcCN5NFPUw== george:RLftbIKXtvJpyLhysP1iZg== slide_way:aMqwzV+e3kiwLzjypLye+g==
I recommend that the infile and outfile have the same file name, but with different extensions. I like to call my user text file "passwd.txt" and the encrypted version "passwd". Some may like to stick with a more UNIX SVR4-type naming convention and call the user text file "passwd" and the encrypted version "shadow".
Edit the SYS:\WEB\CONFIG\ACCESS.CFG file and modify the appropriate <Directory>area.
After the <Directory> element, but before the <Limit> element for the directory, add the following lines:
AuthType Basic AuthName #text# AuthUserFile #userfile# AuthGroupFile #groupfile#
Replace the #text# with a string of text that you would like displayed as part of the authentication dialog box that pops up on the client browser. For example, a #text#value of "the Marketing page" on server 188.8.131.52 would appear as "Enter a username for the Marketing page at 184.108.40.206:"
The #userfile# is the name of the encrypted user file you created in step 3 above. Don't include a path to the file, just the filename (the file is assumed to be located in SYS:\WEB).
The #groupfile# is the group text file you created in step 2 above. Again, don't include the path to the file.
After the <Limit>element but before </Limit> is where you specify the group requirement as follows:
Require group #groupname#
#groupname# is the name of the group defined in the group text file. There can be more than one "Require group" statement.
Figures 8 shows the modified ACCESS.CFG file.
Figure 8: Example SYS:\WEB\CONFIG\ACCESS.CFG
#The docs/mktg directory is limited through NDS to members of four marketing groups #The groups and their members are defined in NDS <Directory docs/mktg> Options Indexes FollowSymLinks IndexOptions FancyIndexing IconsAreLinks AllowOverride All AuthType Basic AuthName #text# AuthUserMethod nds .mktg.acme_toys AuthGroupMethod nds .mktg.acme_toys <Limit GET> Require group .northwest.mktg.acme_toys Require group .southwest.mktg.acme_toys Require group .central.mktg.acme.toys Require group .east.mktg.acme.toys </Limit> </Directory> #The docs/oem directory is limited to members of groups defined in the group file. #The users are defined in a user file...examples of the groups and user files follow. <Directory docs/oem> Options Indexes FollowSymLinks IndexOptions FancyIndexing IconsAreLinks AllowOverride All AuthType Basic AuthName #text# AuthUserFile shadow AuthGroupMethod group <Limit GET> Require group dolls Require group sporting Require group infant Require group playground </Limit> </Directory>
The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.