Richard Megginson wrote: > Steve Rigler wrote: >> On Wed, 2007-06-13 at 09:21 -0600, Richard Megginson wrote: >> >>> Steve Rigler wrote: >>> >>>> Is it possible to configure the admin server to use the standard https >>>> port? The documentation states that reserved ports can't be used, but >>>> if the admin server runs as root is this really an issue? >>>> >>> What version of Fedora DS? Note that the standard Apache used on >>> most linux platforms will not even allow you to run as root. >>> >> >> This is 1.0.4 on RHEL 4. The issue is that when I try to configure the >> admin server to use a reserved port I get a dialog stating "inadequate >> permission. Port is protected." >> > Hmm. Not sure why that is. The standard model for most unix/linux > daemons now is to startup as root, open/bind the low port number, then > setuid to a non-privileged user. I think there is code that looks to see if the port is available/bindable. Since admin server has already dropped priviledges it can't change the port. >> Ideally we'd like to be able to use "Directory Server Express" to >> provide users with the ability to reset their own passwords. Since this >> should be secure it seems like it would make more sense to run the >> service on port 443 rather than an unreserved port. I'm just stumbling >> on actually getting this part to work. >> > Why do you need to use 443? The Admin Server can serve https requests > without having to be on port 443. You could try setting it manually in /opt/fedora-ds/admin-serv/config/console.conf I suspect he wants 443 because it is easier and users don't need to remember to set a port. rob -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20070613/63cf2714/attachment.bin
