Chapter 1 Using the Administration Utility

  Table of Contents

  Glossary

  Index

The Administration utility for Internet Express helps you manage Internet services and the AlphaServer system through a Web browser. Because you use a browser (such as Netscape Navigator or Microsoft Internet Explorer) to perform these tasks, you are not expected to be familiar with Tru64 UNIX.

The Administration utility is a set of CGI programs that use a configured instance of the Secure Web Server (powered by Apache) on port 8081. You access the Administration utility by entering the following URL in a Web browser running on a local system:

http://host.domain.name:8081/

The Administration utility server is password-protected. You must provide a user name (admin by default) and a password (which is set during installation).

Using the Administration utility, you can perform the following types of tasks:

  • Manage user accounts — You can create various types of user accounts to provide access to Internet services. By default, an administrator can manage user accounts only from the local system (that is, the system on which Internet Express software is installed). However, you can use Web Server Administration functions to allow access from remote systems. See Chapter 3 for more information.

  • Administer Internet services — You configure Internet services (such as anonymous FTP, the Squid proxy/caching server, and InterNetNews) to operate within your environment, view log files to determine how users are making use of the Internet services you provide, and link to the sysman utility to shut down and reboot the system, manage local printers, and perform other system management

  • Access online documentation — The Documentation Bookshelf allows you to:

    • Access the complete set of Internet Express documentation in HTML, and PDF formats. The documentation includes links to third-party Web sites for the Internet components that ship with the product, as well as links to HP Web sites offering information of interest to AlphaServer administrators.

    • Search the reference pages included with the Internet Express software. This document also provides links to these reference pages.

    • Search the Tru64 UNIX Web site. Of particular interest to AlphaServer administrators is the Technical Information page (http://h30097.www3.hp.com/technical.html).

  • Display the copyrights of the third-party Internet components shipped with Internet Express.

See Section : Using the Administration Utility Main Menu for more information on using the Administration utility Main Menu and how to register your installation.

For information on the various administration servers available through the Administration utility and how to access these servers, see Section : Accessing Administration Servers.

For information on the iass login account, see Section : Accessing the Internet Express Login Account.

For information on accessing and managing the Internet Monitor, see Section : Accessing and Managing the Internet Monitor.

For information on managing Internet Express in a TruCluster environment, see Section : Managing Internet Express in a TruCluster Environment.

For information on installing and removing components, see Section : Installing and Removing Components.

For information on Web-based system administration and kernel tuning, see Section : Accessing Web-Based System Management Tools.

Using the Administration Utility Main Menu

Figure 1-1 shows the Administration utility for Internet Express Main Menu.

Figure 1-1 Administration Utility Main Menu

Administration Utility Main Menu

Table 1-1 shows which selection to make From the Administration utility Main menu, depending on the task you want to perform.

Note:

The availability of certain administration tasks depends on the Internet Express components installed on your system. For example, if the security components Denial of Service Tools, FireScreen, and TCP Wrapper are not installed on your system, the Network Security category does not appear on the Manage Components menu.

Table 1-1 Administration Utility Menu Options and Tasks

Menu OptionsTasks
Manage ComponentsUser Administration, including user account management (Chapter 3) and user authentication management (Chapter 4), which includes managing the LDAP Module for System Authentication for identifying and authenticating individual users (Section ).
 Mail delivery administration, including the Sendmail Server, Majordomo, Mailman, and Bogofilter (Chapter 5)
 Mail access administration, including POP, IMAP, and IMP Webmail (Chapter 6)
 Web services administration, including the Secure Web Server, and the ht://Dig search tool (Chapter 7)
 XML components administration (Chapter 8)
 Network security administration, including TCP Wrapper, Denial of Service tools, FireScreen, and FreeRADIUS (Chapter 9).
 Proxy services administration, including the Squid Proxy/Caching Server and Dante SOCKS server (Chapter 10)
 Directory services administration, which includes the Lightweight Directory Access Protocol (LDAP) server (Chapter 11)
 OpenSLP administration (Chapter 12)
 FTP Server administration (Chapter 13)
 Samba File and Print Server administration (Chapter 14)
 InterNetNews (INN) administration (Chapter 15)
 Internet Relay Chat (IRC) Server administration (Chapter 16)
  PostgreSQL account administration (Chapter 17)
 BIND domain name server (Chapter 18)
Install/Remove ComponentsInstall or remove components (Section : Installing and Removing Components).
DocumentationAccess the Internet Express documentation (Section : Reading the Documentation).
Register OnlineRegister your installation online (Section : Registering Your Internet Express Installation).

 

Registering Your Internet Express Installation

The Register Online option From the Administration utility Main menu allows you to register your installation of Internet Express. After you fill out the HP registration form, you will receive information on future releases. After you complete the online registration form, the Register Online option will no longer appear on the main menu.

Navigating the Administration Utility

To navigate the Administration utility, select specific menu options listed on each screen. As you proceed through the screen hierarchy, a navigation bar appears directly under the Internet Express banner at the top of the screen. These links allow you to go back one level or several levels, as follows:

  • Return to the Main menu

  • Return to the Main menu for the current menu (for example, the Manage Components menu)

  • Return to the menu for the current task (for example, Manage Sendmail Server)

Using Administration Utility Forms

Most of the tasks you perform using the Administration utility require you to complete a form to provide the information needed to complete the task. Figure 1-2 shows a sample Administration utility form.

Figure 1-2 Sample Administration Utility Form

Sample Administration Utility Form

Every Administration utility form has the following properties:

  • A navigation bar at the top of the form (Section : Navigating the Administration Utility)

  • The name of the form (in Figure 1-2, Create Generic User Accounts)

  • Text fields, list boxes, buttons, and other input fields for collecting data and transmitting it to the Administration utility

  • Submit, Reset, or Clear buttons (separated from the data area by a short horizontal rule):

    • The Submit button transmits the data you specified on the form to the Administration utility

    • The Reset button (not shown in Figure 1-2) erases the data you specified and restores the default values (if any)

    • The Clear button erases the data in all fields

Some forms have additional links at the bottom of the form (for example, the form for managing the Secure Web Server provides a link to the Apache documentation on the Apache Web site).

To complete the form shown in Figure 1-2, follow these steps:

  1. Enter a name in the Login Name field.

  2. Enter a number in the Number of Users field.

  3. Click on one or more of the groups in the Secondary Groups list box. (On this form, this step is optional.) To clear a selection, click on it again.

    Use the scroll bar at any time to display additional groups.

  4. Click on Submit.

Accessing Administration Servers

Internet Express provides the following administration servers for managing Internet services:

  • Administration Utility —A set of CGI programs that use a configured instance of the Secure Web Server listening on port 8081 (and port 8089, for backward compatibility with previous releases).

  • Internet Monitor administration — The Internet Express installation script installs the Internet Monitor Administration Server on port 8086.

The administration servers installed are password protected. When you attempt to access one of these servers, you must provide the user name (admin by default) and password (which is set during installation). To change the password for the Internet Express Administration utility, see Chapter 7.

Note:

The Secure Web Server is initially configured to allow access to the Internet Express Administration utility from the local system only. To allow access from remote systems, see the Secure Web Server Administration Guide.

Table 1-2 summarizes the ports on which the administration accounts are installed by default, and shows the URLs for accessing these accounts. In the URLs shown in Table 1-2, host.domain.name represents the fully qualified host name of the local system (the system on which Internet Express is installed).

Table 1-2 Internet Express Accounts and Ports

Port NumberDescriptionURL
8081Internet Express
http://host.domain.name:8081/
8086Internet Monitor
http://host.domain.name:8086/

 You access the administration servers from an HTML-based Web browser (such as Netscape). For Internet Express, use Netscape Navigator Version 4.5 or later, or Microsoft Internet Explorer Version 4.0 or later. Enter the appropriate URL, as shown in Table 1-2.

Note:

A user who accesses the Administration utility is granted the ability to access privileged files and perform system management tasks until exiting from the browser. The user retains privileges even when browsing files that are not part of Internet Express.

Do not leave an Administration session unattended. Also, limit access to the admin account to those individuals authorized to perform Internet system management tasks.

Accessing the Internet Express Login Account

The Internet Express installation procedure creates the iass login account, which you can use to view the names and passwords for Internet Express captive accounts you have created using the Administration utility (Chapter 3).

The iass account receives mail when:

  • You create a captive user account (named or generic).

  • Statistics for the InterNetNews (INN) server are generated. (A nightly report is mailed to the iass account.)

  • The news server is down.

During installation, you can specify a forwarding address for the iass account to have this mail sent to a more convenient e-mail address.

You can access the iass account using two methods:

  • By logging in from the Tru64 UNIX command line. The password for the iass account is set during installation.

  • By using the Manage iass Account menu item from the Manage Users menu (see Section : Managing the iass Account).

Note:

If the locker account exists from a previously installed version of Internet Express, the iass account is set up as an alias for the locker account.

Accessing and Managing the Internet Monitor

The HP Internet Monitor software allows administrators to monitor Internet services running on a Tru64 UNIX system. The Internet Monitor product can be accessed directly or from the Administration utility for Internet Express.

To access the Internet Monitor from the Administration utility:

  1. Choose Manage Components from the Internet Express main menu.

  2. In the Manage Components table, click on Internet Monitor under Quality of Service. The Internet Services Administration server prompts for your user ID and password, then lets you proceed.

To enable or disable the Internet Monitor from running, you use the Start/Stop the Internet Monitor menu option from the Administration utility. For details, see the Internet Monitor Administrator's Guide.

To configure the Internet Monitor components, see the Internet Monitor Administrator's Guide.

Managing Internet Express in a TruCluster Environment

TruCluster Server software provides high availability for Tru64 UNIX systems. This chapter describes the special considerations to administer Internet Express running in a cluster running TruCluster Server Version 5.0 and higher software.

Using Internet Express Services in a Cluster

If you are running Internet Express in a cluster, be aware of the following considerations:

  • For all services, use the cluster alias to access the service to provide highest availability. All services have been configured to allow the cluster alias to be used.

  • InterNetNews, Squid, Internet Relay Chat, OpenLDAP, and Tomcat run as single-instance servers. Only one instance of these servers will be run within the cluster. The/sbin/init.d scripts have been modified to use Cluster Application Availability (CAA) for these services. The service names are innd, squid, ircd, and slapd respectively.

  • The Secure Web Servers and the sendmail daemon run on all cluster members concurrently. Connections are distributed amongst the cluster members based on how the cluster alias has been configured. See cluamgr(8).

  • All other services use inetd to make connections and start server processes. Connections are also distributed for these services among the cluster members.

TruCluster Impact on Internet Express Administration

There are some specific variations of the Administration utility user interface if you are running Internet Express in a TruCluster Server cluster environment. These variations include the following:

  • Depending on the type of service, the active status of the service for each member where it may run is displayed.

  • Starting and stopping a service applies to the entire cluster. If more than one instance of a service is running in the cluster, all are affected.

  • Some information is specific to each member in the cluster. In these cases, a listbox is displayed at the top of the page, indicating which member is being affected. The listbox contains all cluster member names; selecting a different member will cause the display and subsequent actions to affect the selected member. The instances where this is the case include the following:

    • Tuning the kernel for Internet services

    • Installing and managing FireScreen

    • Displaying the mail log file

    • Shutting down or rebooting the operating system

Installing and Removing Components

You can use the Administration utility to add new Internet components or remove previously installed components, as well as include your own component on the Manage Components menu.

To add or remove Internet components, follow these steps:

  1. From the Administration utility Main menu, choose Install/Remove Components.

  2. If the information from a recent Internet Express installation exists in the /tmp directory, the Subset Selection form is displayed. Otherwise, the Administration utility prompts you for the mount point and the CD-ROM device name before displaying the Subset Selection Form.

    The Subset Selection form lists each Internet Express subset, identifies those that are mandatory, and indicates whether each optional subset has already been installed.

  3. On the Subset Selection form:

    • To install a component, click on Install.

    • To remove a component, click on Remove. (You cannot remove a mandatory subset.)

  4. Scroll to the bottom of the form and click on Submit.

To include your own component on the Administration Utility Manage Components menu (Figure 1-3), create a file in the /usr/internet/httpd/admin/htdocs/osis/components directory, one line per file, that includes fields with the table category name, component title and description, and URL link. Each field must be separated by a semi-colon to ensure the file is correctly parsed for display in the Manage Components table. The category name can be the same as an existing category or a completely new category.

The following example is the menu configuration file for the IMP Webmail component. (The IMP Webmail component is part of the Mail category in the Manage Components table.)

Mail;IMP Webmail;/mail/manage_imp.php

If the new component requires a URL that includes the hostname and cluster alias, the following keywords (Table 1-3) will be substituted with the appropriate value when the keywords appear in the URL that you provide in the menu configuration file:

Table 1-3 Keywords for URL Line

KeywordSubstituted Value
httpThe current protocol (http or https).
HTTP_HOSTThe current Web server (hostname or cluster alias, and port).
HOSTNAMEThe hostname of the local host.
PORTThe port number from the current Web server.
 

Figure 1-3 shows the manage components with the major Internet Express components grouped by category.

Figure 1-3 Manage Components Menu

Manage Components Menu

Accessing Web-Based System Management Tools

This section describes the system management options available from the Internet Express Administration utility. From the Administration utility Manage Components menu, you can:

Performing Web-Based System Management

From the Administration utility Manage Components menu, you can link to the sysman Web-based management utility to perform a variety of system management tasks such as shutting down and rebooting the system, and managing local printers. Follow these steps to access the sysman Web-based management utility:

  1. Under System on the Manage Components menu, choose Web-Based Management.

  2. From the Web-Based Management menu, click on the link for the sysman utility. From the sysman Main menu, you can select the type of management function you want to perform.

Tuning Kernel Attribute Values

By tuning attribute values in the following kernel subsystems, you can optimize the Internet-related services running on your AlphaServer system for various process loads, system configurations, network topologies, and other conditions:

  • Generic subsystem (generic)

  • Internet subsystem (inet)

  • Network subsystem (net)

  • Process subsystem (proc)

  • Socket subsystem (socket)

  • Virtual memory subsystem (vm)

For detailed information on how each kernel subsystem attribute affects the performance of Internet services on an AlphaServer system, see Tuning Compaq Tru64 UNIX for Internet Services, available at the following URL:

http://h30097.www3.hp.com/docs/internet/TITLE.HTM

To use the Administration utility to tune Internet-related kernel subsystem attributes, follow these steps:

  1. Ensure that JavaScript is enabled in your browser preferences.

  2. From the Administration utility Main menu, choose Manage Components.

  3. From the Manage Components menu, under System, choose Tune the Kernel for Internet Services.

    The Administration utility queries the running kernel (using the sysconfig -q command) and the system configuration file (using the sysconfigdb -l command) to obtain the values to display in the Run-Time Value and Boot-Time Value text fields, respectively.

    If any messages occurred while the Administration utility was building the Tune the Kernel for Internet Services form, a link appears at the top of the form. Click on this link for details.

  4. Use either of the following methods to tune the values in these text fields:

    • Type a value in the Run-Time Value field to change the value in the running kernel.

      Type a value in the Boot-Time Value field to replace the value in the /etc/sysconfigtab file.

    • Click on one of the following buttons in the Suggested Values column:

      • Recommended—Sets both the Run-Time Value and the Boot-Time Value to the optimized value recommended for AlphaServer systems with average loads, under normal conditions, and typical server hardware and network configurations.

        Note:

        Because AlphaServer configurations differ, and a recommended value might not provide optimal performance for all configurations, exercise caution when modifying attribute values.

      • Current—Sets both the Run-Time Value and Boot-Time Value to the run-time value the attribute had when the form was initially displayed.

      • Default—Sets both the Run-Time Value and the Boot-Time Value to the default setting for the attribute.

  5. To set the attribute values as shown on the form, click on Submit. To discard any changes you made, click on Reset.

    Run-Time Value changes are set in the running kernel and take effect immediately.

    Boot-Time Value changes are set in the system configuration file (/etc/sysconfigtab) and take effect the next time you boot the system.

  6. After you submit the form, it is redisplayed and shows the attribute value changes that you made. Reboot the operating system for these changes to take effect. When you reboot, the boot-time attribute values become the run-time attribute values and the run-time values you previously set are lost.