Configuring Windows 2003 R2 schema
If you are running Authentication Services without a Authentication Services application configuration in your forest and your domain supports Windows 2003 R2, you can enable Management Console for Unix to use the Windows 2003 R2 schema. However, please note, some functionality provided by the Authentication Services application configuration will be unavailable.
To configure Windows 2003 R2 schema
- From the top-level Settings menu, navigate to System settings | Authentication Services.
- Select the Use Windows 2003 R2 schema option.
Management Console for Unix provides different levels of security to protect sensitive information stored on the server and in the Unix systems that you wish to manage. Management Console for Unix protection focuses on the following areas:
- Management Console for Unix server and console
- Active Directory
- Managed Unix hosts
- The database
This section outlines the security features used by Management Console for Unix for each of these areas of protection.
Management Console for Unix server and console
Access to the Management Console for Unix server is controlled by the supervisor account when using the core version; or with Active Directory credentials when the mangement console is configured for Active Directory. When you enable Active Directory log on, you can configure access to the mangement console to allow individual users or members of Active Directory groups to access the mangement console. See Console Roles and Permissions system settings for details on how to enable access for users and groups.
Note: Since Active Directory supports nested groups, a user may be granted access even if they are not a direct member of the nominated group, but are a member of one or more child groups. Care should be taken when using nested groups to ensure that access is not accidentally granted to the wrong users.
When authenticating with Active Directory credentials, you may
Authenticating the supervisor user
When a user logs on as 'supervisor', the password is hashed on the client with a known salt and compared with the stored value in the Management Console for Unix database. The plain text password is never stored on the server. The password encryption is irreversible. As a result, if the supervisor password is lost it cannot be recovered, but may be reset by a user with logon access to the machine where the Management Console for Unix server is running. See Reset the supervisor password for details.