COMMAND
BorderManager
SYSTEMS AFFECTED
Novell BorderManager
PROBLEM
Robert Macdonald found following. While granting users permission
to use BorderManager proxy service, I noticed that the
BorderManager snapin will grant user access through the proxy
system with a blank password, by viewing the 'Proxy
Authentication' tab and without attempting to assign a password -
even if you cancel, you still grant full permission to use the
proxy system. Only those who run nwadmin with the BorderManager
snapin will be able to see the additional 3 BM tabs, including the
above.
Under normal admin circumstances, you would load nwadmin with
the BorderManager snapin (only the Win95 version will handle the
snapin at this time?). Find the user object and go into details.
Click on the 'Proxy Authenication' tab and assign a password.
This is the password that you need to supply, along with the
username when the browser prompts you. While adding users, you'll
notice that there wasn't any check box, etc to activate the
account, only the 'Allow user to change password' and 'Force
password change every...' check boxes and a change password
button. So, if you decide to just click cancel without making
any changes following will occur. Run browser (IE or Netscape)
and you'll be prompted for username and password. When you type
in the username and no password you'll get out.
SOLUTION
If you have 'looked' at the Proxy Authenication tab, then change
password to some sort of garbage to 'deactivate' the proxy
account. This really isn't a fix, and you have to remember to do
this, or you open up a doorway to the world for those who you
thought could not get there. You still have logging (don't you?)
to tell you who is accessing thru the proxy server. Any user can
use anothers 'signon', since these signons/objects are not tied
together as one in NDS - BM v3.0 will change this.