82.2 Agent Passwords

Agent passwords facilitate access to remote servers where domains, post office, and document storage areas are located and access to eDirectory for synchronization of user information between GroupWise and eDirectory. They also protect GroupWise Monitor and the agent Web consoles from unauthorized access.

82.2.1 Facilitating Access to Remote Servers

The Windows POA needs user name and password information in order to access a document storage area on a server other than the one where the post office database and directory structure are located. There are two ways to provide this information:

  • Fill in the Remote User Name and Remote Password fields on the Post Office Settings page of the Post Office object in ConsoleOne

  • Add the /user and /password startup switches to the POA startup file to provide a user name and password

Providing passwords in clear text in a startup file might seem like a security risk. However, the servers where the agents run should be kept physically secure. If an unauthorized person did gain physical access, they would not be doing so for the purpose of obtaining these particular passwords. The passwords are encrypted as they pass over the wire between servers, so the security risk is minimal.

82.2.2 Facilitating Access to eDirectory

If you have enabled eDirectory user synchronization, the MTA must be able to log in to eDirectory in order to obtain the updated user information. An eDirectory-enabled MTA should be installed on a server where a local eDirectory replica is located. For more information, see Section 42.4.1, Using eDirectory User Synchronization.

82.2.3 Protecting the Agent Web Consoles

When you install the POA, the MTA, and the GWIA, they are automatically configured with an agent Web console and no password protection is provided. When you install the GWIA, you can choose whether to enable the agent Web console during installation. If you do, you can provide password protection at that time. For WebAccess, you must manually enable its Web console, so you can provide password protection when you enable it.

If you do not want agent Web console status information available to anyone who knows the agent network address and port number, you should set passwords on your agent Web console, as described in the following sections:

If you plan to access the GroupWise Monitor Web consoles, it is most convenient if you use the same password on all agent Web consoles. That way, you can provide the agent Web console password once in GroupWise Monitor, rather than having to provide various passwords as you view the Web consoles for various agents. For information about providing the agent Web console password in GroupWise Monitor, see Section 69.4, Configuring Polling of Monitored Agents.

82.2.4 Protecting the GroupWise Monitor Web Console

Along with the agent Web consoles, you can also provide password protection for the Monitor Web console itself, from which all the agent Web consoles can be accessed. For instructions, see Section 69.8, Configuring Authentication and Intruder Lockout for the Monitor Web Console.