Installing and configuring Netscape Enterprise Server and Sun ONE

Enterprise Security includes Web server plug-ins for the Netscape Enterprise Server (NES) version 6.1 and the Sun ONE (iPlanet) Web server version 6.1.

Enterprise Security does not include these Web servers. To use the Web server plug-ins, you must first obtain the server software and install it according to the Web server instructions.

StepsSetting up the NES or Sun ONE Web server plug-in on Solaris

  1. After installing the Web server, create a seclib directory under $NETSCAPE/https_servername, where $NETSCAPE is the Web server installation directory, and servername is the name of your machine.

  2. Create a JAGUAR_CLIENT_ROOT variable that points to $JAGUAR.

  3. Create an LD_LIBRARY_PATH variable that includes the following paths:

  4. Set up the Web server to load the plug-in:

    1. Change to $SECURITY/lib.

    2. Unjar plugins.jar.

    3. For Sun ONE, unjar iPlanet.jar; for NES, unjar Netscape.jar.

    4. Copy all .html files from the Netscape folder to $NETSCAPE/docs.

    5. Copy libsybepsecure_ip.so and libcorba_jaguar_combat.so to $NETSCAPE/https_servername/seclib, where servername is the name of the machine.

    6. Copy the sample plug-in configuration file SybSecurityPluginConfig.txt to $NETSCAPE/https_servername.

    7. Create a directory unicode/sec_web/english under $SYBASE/locales.

    8. If the $SYBASE variable is not defined, create it and point it to $JAGUAR.

  5. Copy plugins.lcu to $SYBASE/locales/unicode/sec_web/english.

  6. Open SybSecurityPluginConfig.txt located in $NETSCAPE/https_servername, and edit the file according the instructions in “Configuring the SybSecurityPluginConfig.txt file”.

  7. Go to $NETSCAPE/https_servername/config, open the magnus.conf file in any text editor, and insert the following three lines after the last “Init” directive. Each “Init” directive must be written on a single line.

    Init fn=load-modules shlib=$NETSCAPE/https_servername/seclib/libsybepsecure_ip.so funcs=”initialize_plugin,sec_path_check,sec_login"
    
    Init fn=”initialize_plugin” security_conf_file_path=$NETSCAPE/https_servername/
    SybSecurityPluginConfig.txt 
    
    LateInit=yes
    

    Where $NETSCAPE is the location of the Web server installation. The first directive loads the security plug-in in the Web server process space, and the second directive initializes the plug-in.

  8. In the same directory, open the obj.conf file, and before this line:

    AddLog fn=flex-log name=”access”
    

    Add the service directive:

    Service fn="sec_login" method="(GET|POST)"
    type="magnus-internal/sec-login"
    
  9. Define a new object type in obj.conf as the last object directive in the file:

    <Object path="/*">
    PathCheck fn="sec_path_check"
    </Object>
    
  10. For Sun ONE, add the following line to obj.conf:

    NameTrans fn=”assign-name” from=”/onepage*” name=”EASProxy”
    
  11. Allow digital certificate authentication:

    1. Before the following line in obj.conf:

      PathCeck fn=“sec_path_check”
      

      Add this line:

      PathCheck fn=“get-client-cert” dorequest=“1”
      
    2. Enable Web server SSL—see your Web server documentation for information about how to do this.

  12. Using any text editor, edit mime.types (found in the same Netscape directory as obj.conf). At the end of the file, insert the proprietary MIME type definition:

    type=magnus-internal/sec-login exts=seclogin
    

    You can insert this directive in any order relative to other existing MIME type definitions.

  13. Start your Web server by running the start script in $NETSCAPE/https_servername.

    If you have problems starting the Web server, set the owner of the start and stop scripts in the $NETSCAPE/https_servername directory to “root,” and change the permissions:

    chown root $NETSCAPE/https_servername/start
    chmod 4750 $NETSCAPE/https_servername/start
    chown root $NETSCAPE/https_servername/stop
    chmod 4750 $NETSCAPE/https_servername/stop
    

StepsSetting up the NES or Sun ONE Web server plug-in on Windows

  1. After installing the Web server, create a seclib directory under %NETSCAPE%\https_servername, where %NETSCAPE% is the Web server installation directory, and servername is the name of your machine.

  2. Verify that the PATH environment variable points to:

  3. Create a JAGUAR_CLIENT_ROOT variable that points to the EAServer installation directory.

  4. Set up the Web server to load the plug-in:

    1. Change to %SECURITY%\lib.

    2. Unjar plugins.jar.

    3. For NES, unjar Netscape.jar; for Sun ONE, unjar iPlanet.jar.

    4. Copy all the .html files from the Netscape folder to %NETSCAPE%\docs.

    5. Copy libsybepsecure.dll to %NETSCAPE%\https_servername\seclib, where servername is the name of the machine.

    6. Copy the sample plug-in configuration file SybSecurityPluginConfig.txt to %NETSCAPE%\https_servername.

    7. Create a directory unicode\sec_web\english under %SYBASE%\locales.

      If the SYBASE variable is not defined, create it and point it to %JAGUAR%. You must restart your machine for the setting to take effect.

  5. Copy plugins.lcu to %SYBASE%\locales\unicode\sec_web\english.

  6. Edit the SybSecurityPluginConfig.txt file located in %NETSCAPE%\https_servername, and follow the instructions to update the environment variables described in “Configuring the SybSecurityPluginConfig.txt file”.

    NoteWhen you edit these variables, use “/” instead of “\”.

  7. Go to %NETSCAPE%\https_servername\config, open the magnus.conf file in any text editor, and insert the following three lines after the last “Init” directive. Each “Init” directive must be written on a single line.

    Init fn=load-modules shlib=%NETSCAPE%/https_servername/seclib/libsybepsecure_ip.dll funcs=”initialize_plugin,sec_path_check,sec_login"
    
    Init fn=”initialize_plugin” security_conf_file_path=%NETSCAPE%/https_servername/SybSecurityPluginConfig.txt
    
    LateInit=yes
    

    Where%NETSCAPE% is the location of the Web server installation. The first directive loads the security plug-in in the Web server process space, and the second directive initializes the plug-in.

  8. In the same directory, open the obj.conf file, and before this line:

    AddLog fn=flex-log name=“access”
    

    Add the service directive:

    Service fn="sec_login" method="(GET|POST)"
    type="magnus-internal/sec-login"
    
  9. Define a new object type in obj.conf as the last object directive in the file:

    <Object path="\*">
    PathCheck fn="sec_path_check"
    </Object>
    
  10. Allow digital certificate authentication:

    1. Before the following line in obj.conf:

      PathCeck fn=“sec_path_check”
      

      Add this line:

      PathCheck fn=“get-client-cert” dorequest=“1”
      
    2. Enable Web server SSL—see the Netscape Enterprise Server documentation for information about how to do this.

  11. In the same directory, open the mime.types file, and at the end of the file, insert the proprietary MIME type definition:

    type=magnus-internal/sec-login exts=seclogin
    

    You can insert this directive in any order relative to other existing MIME type definitions.

  12. Restart your machine.

  13. Start the NES or Sun ONE Web server from Start | Control Panel | Services. Locate Netscape Enterprise Server hostname, or Sun ONE hostname, and click Start.