[Fedora-directory-users] Admin Server Port

[Rob Crittenden]

Richard Megginson wrote:
> Steve Rigler wrote:
>> On Wed, 2007-06-13 at 09:21 -0600, Richard Megginson wrote:
>>  
>>> Steve Rigler wrote:
>>>    
>>>> Is it possible to configure the admin server to use the standard https
>>>> port?  The documentation states that reserved ports can't be used, but
>>>> if the admin server runs as root is this really an issue?
>>>>         
>>> What version of Fedora DS?  Note that the standard Apache used on 
>>> most linux platforms will not even allow you to run as root.
>>>     
>>
>> This is 1.0.4 on RHEL 4.  The issue is that when I try to configure the
>> admin server to use a reserved port I get a dialog stating "inadequate
>> permission. Port is protected."
>>   
> Hmm.  Not sure why that is.  The standard model for most unix/linux 
> daemons now is to startup as root, open/bind the low port number, then 
> setuid to a non-privileged user.

I think there is code that looks to see if the port is 
available/bindable. Since admin server has already dropped priviledges 
it can't change the port.

>> Ideally we'd like to be able to use "Directory Server Express" to
>> provide users with the ability to reset their own passwords.  Since this
>> should be secure it seems like it would make more sense to run the
>> service on port 443 rather than an unreserved port.  I'm just stumbling
>> on actually getting this part to work.
>>   
> Why do you need to use 443?  The Admin Server can serve https requests 
> without having to be on port 443.


You could try setting it manually in 
/opt/fedora-ds/admin-serv/config/console.conf

I suspect he wants 443 because it is easier and users don't need to 
remember to set a port.

rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20070613/63cf2714/attachment.bin>