Could we get this up as a HOWTO soonish? Jay sent some extra info which I'll also forward on. _Please_ warn of the dangers of setting a wide ValidFrom range and of the inherent risks of external manager access. Sorry, bugzilla over a three second delay is just impossible. Thanks, Gordon ----- Forwarded message from Gordon Rowell ----- From: Gordon Rowell To: Charlie Brady Cc: Justin Funke , 'Dan Brown' , devinfo@lists.e-smith.org Subject: [e-smith-devinfo] External HTTPS access to manager/password in 5.0 (was Re: [e-smith-devinfo] user password change, which way to go?) Date: Wed, 29 Aug 2001 13:07:13 +1000 Mail-Followup-To: Gordon Rowell , Charlie Brady , Justin Funke , 'Dan Brown' , devinfo@lists.e-smith.org Organization: e-smith, inc. On Mon, Aug 27, 2001 at 05:47:11PM -0400, Charlie Brady wrote: > > On Mon, 27 Aug 2001, Justin Funke wrote: > > [...] > > This would still open up the servers to brute force attacks from the > > Internet. If it is going to be able to be "enabled" on the public side as a > > feature, I would hope for it to be shipped as "disabled" by default. > > More than just the default, we don't include any support for changing the > default. > > I'm sure that it won't take you folks long to work out a tweak to allow > external access, or, better, external access from a limited range of > addresses. > [...] And to save everyone hunting around: /sbin/e-smith/db configuration setprop httpd-admin ValidFrom a.b.c.d /sbin/e-smith/events/actions/conf-httpd-admin /sbin/e-smith/events/actions/reload-httpd-admin [ or /sbin/e-smith/signal-event console-save ] A few notes: - HTTPS access to the manager and password panel are available from all configured local networks. Extra external IPs and/or networks/masks, can be added through the ValidFrom property. - External HTTP access is _never_ allowed. - There is no manager option to set the ValidFrom property at this stage. - No special port numbers are required https://{servername}/server-manager (and e-smith-manager) https://{servername}/user-password (and e-smith-password) - The "ValidFrom" property affects both the password panel and the manager. As has been raised here, it would be good to have two properties, but that isn't in 5.0 Gordon -- Gordon Rowell gordonr@e-smith.com VP Engineering Network Server Solutions Group http://www.e-smith.com Mitel Networks Corporation http://www.mitel.com -- Please report bugs to bugs@e-smith.com Please mail security@e-smith.com (only) to discuss security issues Support for registered customers and partners to support@e-smith.com To unsubscribe, e-mail: devinfo-unsubscribe@lists.e-smith.org For additional commands, e-mail: devinfo-help@lists.e-smith.org Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org ----- End forwarded message ----- Gordon Rowell gordonr@e-smith.com VP Engineering Network Server Solutions Group http://www.e-smith.com Mitel Networks Corporation http://www.mitel.com