NDS Entry Rights Needed to Perform Security Tasks
Articles and Tips: tip
Novell, Inc.
01 Jul 2001
When installing or upgrading servers, each server, by default, is set up with certificates for SSL (Secure Sockets Layer) security. These certificates are signed by the Organizational CA (Certificate Authority). You must have the following rights to complete the tasks associated with setting up Novell Certificate Server:
- For the first server installed: Supervisor right at the [Root] of the tree.
- For additional servers installed: Supervisor right to the W0 object.
When installing the Organizational CA, you must have the following rights:
- For the first server installed: Supervisor right at the [Root] of the tree.
For installations after the Organizational CA has been created:
-Read right to the attribute NDSPKI:Private Key on the Organizational CA object (located in the Security container) and Supervisor right to the container where the Server object resides.
- For servers with an existing SAS Service object: Supervisor right to the object.
Additionally, the person who is the root administrator can delegate the authority to use the Organizational CA by assigning the following rights to subcontainer administrators so they can correctly install NetWare 6 with SSL security:
- Read right to the NDSPKI:Private Key attribute on the Organizational CA's object (located in the Security container).
- Supervisor right to the W0 object (located in the Security container, inside the KAP object).
These rights are typically granted by placing all administrative users in a Group or Role, and then assigning the above rights to the Group or Role.
For a complete list of required rights to perform specific tasks associated with Novell Certificate Server, refer to the online documentation for Novell Certificate Server in the NetWare 6 online documentation at the following URL:
http://support.novell.com/beta/authorized
* Originally published in Novell AppNotes
Disclaimer
The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.