The NetCrusader screen allows you to set some NetCrusader security options for your web server.
NOTE: If you are changing these NetCrusader settings, you must be logged into as either cell_admin or a user who is a member of the NetCrusader group acct-admin. For information on users and groups, see the NetCrusader Commander online help.
Principal name
Displays the principal name for this web server. By default, principal names for instances of the web server take the form: wcsecad/<hostname>. The principal name that you specify will automatically be added to the wc-filters group in the registry.
If this is the first instance of the Security Adapter to be configured into your security domain, the configuration wizard will first create the wc-filters group and then create the principal and add it to the group.
NOTE: For the configuration wizard to create principals, you must be logged in as user cell_admin or as a user who is a member of the NetCrusader Account administration group acct-admin.
Delegation Group
When the UUL (Universal User Library) creates a delegatable login context to be used in association with a web user request, this login context includes the members of the Delegation Group as the list of allowed delegates. The request cannot be accepted by an entity (such as another server) that does not appear in this list.
Identity Mapping Group
The name of the group that has privileges to map user identities to NetCrusader principals. You can customize the mapping group, and assign different groups for different servers. The default for this group is wc-filters.
Timeout (seconds)
Specifies the number of seconds that an idle login context remains valid before the Security Adapter deletes it and obtains a set of fresh credentials from the Security Server.
If you are writing web server extensions that use the UUL, you might need to check some of these options. Netscape web servers do not pass the HTTP_AUTHORIZATION header beyond the authentication phase.
If you are writing web server extensions that need to access this header to use the UUL to obtain a user’s delegatable context, you must check the appropriate option. If your web server extension will be used with both Netscape and Microsoft servers, checking this option on both servers will allow you to use the same extension on both servers. (For portability, you must also use certain I/O classes. See the toolkit samples and the NetCrusader Programmer’s Guide for more information.)
Include user principal name in authorization header
If selected, when the Security Adapter creates an Authorization header it will add the NetCrusader principal name of the user after the UserDN= field, separated by a single space. The format of this name is NetCPrincipal=<name>. Use this option when using applications that do not export nonstandard headers. Use this option with the Oracle web extension. The Authorization header is available as the HTTP_AUTHORIZATION environment variable to CGI programs.
Export user authorization header as NetC-User-Identity header
If selected, the Security Adapter will create a header called NetC-User-Identity whose value is the same as the Authorization header. Use this option when using Netscape web servers which do not export the Authorization header. The NetC-User-Identity header is available as the HTTP_NETC_USER_IDENTITY environment variable to CGI programs.
Export user principal name as NetC-Principal header
If selected, the Security Adapter will create a header called NetC-Principal whose value is the principal name of the requesting user. Use this option when a CGI program, extension, or plug-in needs to know the user principal name and can see all HTTP variables.
The NetC-Principal header is available as the HTTP_NETC_PRINCIPAL environment variable to CGI programs.