7.5 Securing the Messenger System

7.5.1 Configuring Remember Passwords

Messenger can be configured to remember passwords for the client login. However, this can cause security concerns. If a workstation is left unlocked, anyone can log in as that user if the Remember Password setting is selected. In addition, some third-party software packages, such as Gaim, might store the passwords in plain text.

For security reasons, the ability to remember passwords should be disabled. For information on how to disable the Remember Password option, see Section 3.4.3, Customizing Messenger Client Features.

7.5.2 Understanding History and Save Conversation Security

History Security

When the history option is enabled, the history files are stored on the client workstation in the following locations by default:

Table 7-6 Default History File Locations

Operating System

Location

Windows

C:\Documents and Settings\username\Local Settings\Application Data\Novell\Messenger\history

Linux

/home/username/.novell//messenger/history

Macintosh

/User/username/.novell/messenger/history

The history files are stored as XML files, so anyone with access to the machine can view the files. For maximum security, the History option should be disabled. For information on how to disable the History option, see Section 3.4.3, Customizing Messenger Client Features.

Saved Conversation Security

A saved conversation is stored as a text file, so anyone with access to the machine can view the file. For maximum security, the ability to save conversations should be disabled. For information on how to do this, see Section 3.4.3, Customizing Messenger Client Features.

7.5.3 Using Scopes as Security

When the Messenger system is created, a default scope profile is created, and you are prompted for the location of users to add to the default scope profile. You can also create custom scope profiles. Users can only see users in contexts defined by their scope profiles. Multiple scope profiles can be created with different ranges of contexts. These scope profiles can be assigned to users to limit the other users they can see. For example, many companies create a separate scope profile for executives, to allow them to use Messenger but not be seen or accessed by other users. This could also be used for different departments or business units.

To create a new Messenger scope profile:

  1. In ConsoleOne, browse to and expand the Messenger Service object.

  2. Right-click the Scope Container object, then click New > Object.

  3. Select nnmScopeProfile, then click OK.

  4. Specify the name of the scope profile, then select Define additional properties.

  5. Click OK.

  6. Click Add.

  7. Specify the context for the users to be added to the new scope, then select Include sub-contexts to include sub-contexts if desired.

  8. Click OK twice.

  9. Right-click a User object to add a user, or click a Policy object to add a group of users assigned to a policy, then click Properties.

  10. Click the Novell Messenger > General.

  11. In the Scope profile box, specify the new scope profile, then click OK.

  12. Restart the Messenger agents.