Hi, Yes that example would fit. The background to this is that at the
moment we use iChain to protect lots of internal applications and we have
always used eamil address rather that UID for login credentials. I am
evaluating NAM as a replacement and a requirement would be to continue to
use email address.

Using AM to secure a site with smartcards. Everything works fine exept
when users use a long time (+5min) to enter information inn a web form on
the site. In the LAG logs i se the POST being re-directed for re-
authentication and the POST data is lost. The user ends up in the same
form but with no data inn it.

Where can i set the timeout for re-authentication ? This is only a
problem with POST method.

I'm having a strange problem that I think may be a bug.

I've setup a typical LAG proxy: https://www.sitename.com >> reverse
proxy >> http://www.othername.com - this works just fine. I'm
SSLiszing the http connection without any problem.

BUT

whenever I enable SSL from the LAG to the back-end website, I get the
following error:

Your request cannot be processed for this multi-homed web site because
the specified host could not be located.

Status Description: 500 Internal Server Error

Other related tidbits:

*The URLs for the Embedded Service Provider (Metadata, Health-Check,
Logout) also produce the Error 500.

*I've imported the various certificates for the back-end web server

*in /var/log/ics_dyn.log - there's this error: "No matching
accelerator child"

*In the proxy console/configured addresses and services it shows:

We have access manager up and running for testing as a reverse proxy with
all parts running on one server. It works well when we configure an
accelerator with a single backend web server but as soon as we add a second
backend web sever to load balance we cannot get the accelerator to work.
The browser reports a redirect error and in the LAG log it shows 'Redirect
(Redirecting to LAG Broker url)' for all requests to the accelerator with a
302 error. We cannot find any information on this 'LAG Broker url' in the
documentation or anywhere else.

Any help would be much appreciated.

Guy Flaherty

On Wed, 03 Jan 2007 17:32:34 GMT, "Jared Jennings"
SPAMmyrealbox.com> wrote:

I know. And they've said, at least here at NIU, that SP1 (around
December 2006) would have some kind of replacement for this
functionality, likely based on some kind of Kerberos thing.

Now, I'm just waiting to see code I can try. The rest of AM looks pretty
slick.

Finally, I've got a solution.

I managed to get the pwm (Password Management) solution off of the
forge. (http://forge.novell.com/modules/xfmod/project/?pwm)

This is a really clean solution and integrates nicely with AM. It does
require Java JDK 5 and tomcat 4 or 5. It won't run on Netware because
JDK 5 isn't available for Netware.

I built a SLES 10 box with JDK 5 and tomcat5 to run it on -- an
adventure in its own right -- and it works perfectly.

My last little glitch is getting tomcat 5 to start as a daemon at
boot. Put the working script into init.d, pointed to it from rc3.d,
but it doesn't start.

Oh, well.

Thanks all,

Don

In article prv-forum2.provo.novell.com>,
jaredljenningsNO@SPAMmyrealbox.com says...

Oh, no biggie for me. I'm just curiuos now is all. I still have to
setup the SLES 10 box anyway for User Application, so it's not wasted
time.

:)

Don Horsfall,

Have you seen Novells Password Self Service?
http://www.novell.com/documentation/password_management/index.html?page=/documen...

Although, maybe you are just wanting to know the url to the password self
service so that users can change their password.....

The On-box Identity Server (Identity Server on the Access Gateway) - There's
not much documentation on this feature, other than the fact that it's "not
currently supported in production environments". What's the story with
this? Is it it something that's going to be supported in the long-run?
Does it work? What are the disadvantages?

We're a school district who wishes to use access-manager. The load on NAM
would not be very much. It seems easy enough to use/configure, and we would
get it for a good price through SLA. If at all possible, we would like to
keep the number of servers required to a minimum, making the on-box IDS
somewhat attractive. My next option would be virtualization.

Hi all,

Does Anybody know how to apply the solution for using NAM+token to
work with the terminal service? The criteria need to apply those 2 things:
1. Anyone who sits in front of the server , doesn't need to use token to
login to the server, just need only the user and password. Or he can use his
own machine to login as the terminal client and using only with the user and
password ,too if he sit inside the server room.
2. But anyone outside the server room, they need to use both password and
token for authentication to the terminal server.

Please guide me. God bless you.

Thip