[Fedora-directory-users] Admin Server Port
Rob Crittenden
rcritten at redhat.com
Wed Jun 13 17:03:42 UTC 2007
Richard Megginson wrote:
> Steve Rigler wrote:
>> On Wed, 2007-06-13 at 09:21 -0600, Richard Megginson wrote:
>>
>>> Steve Rigler wrote:
>>>
>>>> Is it possible to configure the admin server to use the standard https
>>>> port? The documentation states that reserved ports can't be used, but
>>>> if the admin server runs as root is this really an issue?
>>>>
>>> What version of Fedora DS? Note that the standard Apache used on
>>> most linux platforms will not even allow you to run as root.
>>>
>>
>> This is 1.0.4 on RHEL 4. The issue is that when I try to configure the
>> admin server to use a reserved port I get a dialog stating "inadequate
>> permission. Port is protected."
>>
> Hmm. Not sure why that is. The standard model for most unix/linux
> daemons now is to startup as root, open/bind the low port number, then
> setuid to a non-privileged user.
I think there is code that looks to see if the port is
available/bindable. Since admin server has already dropped priviledges
it can't change the port.
>> Ideally we'd like to be able to use "Directory Server Express" to
>> provide users with the ability to reset their own passwords. Since this
>> should be secure it seems like it would make more sense to run the
>> service on port 443 rather than an unreserved port. I'm just stumbling
>> on actually getting this part to work.
>>
> Why do you need to use 443? The Admin Server can serve https requests
> without having to be on port 443.
You could try setting it manually in
/opt/fedora-ds/admin-serv/config/console.conf
I suspect he wants 443 because it is easier and users don't need to
remember to set a port.
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20070613/63cf2714/attachment.bin>
More information about the Fedora-directory-users
mailing list