This Readme describes the fixes and known issues in the Access Manager 3.0 Support Pack 4 Interim Release 4 and provides installation instructions.
The following sources provide information about Novell® Access Manager:
The Novell Access Manager 3.0 SP4 IR4 release contains a patch file for upgrading all components from SP4 or SP4 IR3 to SP4 IR4. When you start the upgrade process to SP4 IR4, you need to upgrade all Access Manager components.
The patch consists of one file, which can be downloaded from Novell.
The following table lists the files contained in the patch file:
Table 1 Access Manager 3.0 SP4 IR4 Upgrade Files
All components need to have been upgraded to at least SP4 before you can upgrade to SP4 IR4.
In the Administration Console, click > >
Examine the value of the field to see if it displays a version that is eligible for upgrading to SP4 IR4.
Before you upgrade to this release, you should first back up your current configuration.
The Administration Console should be the first device you upgrade. You can then upgrade the various devices that you have imported into the Administration Console. We highly recommend that you upgrade all members of a cluster before moving to another type of device to upgrade. When you finish upgrading, you should perform a system backup.
For specific installation steps, installation requirements, and overview information, see the Novell Access Manager Installation Guide.
For the Identity Server and the Administration Console, copy the .tar.gz file to the machine where these components are installed. For more information about upgrading the Access Manager components, see “Upgrading Access Manager Components” in the Novell Access Manager Installation Guide.
The Linux Access Gateway file (AM_304_SP4_IR4_lagrpms.tar.gz) must be renamed. In the patch download, it needs to have a version-specific name, but for an upgrade, it needs the generic name. It should be renamed as follows:
AM_304_SP4_IR4_lagrpms.tar.gz renamed to lagrpms.tar.gz
For instructions on upgrading, see “Upgrading the Linux Access Gateway” in the Novell Access Manager Installation Guide.
For instructions on upgrading, see “Upgrading the SSL VPN Server” in the Novell Access Manager Installation Guide.
For information on upgrading to the high bandwidth version, see Section 2.2, Upgrading to the High Bandwidth SSL VPN Server.
For instructions on upgrading the agents, see “Upgrading the J2EE Agents” in the Novell Access Manager J2EE Agent Guide.
When you have finished, use the following procedure to verify that all components have been upgraded to SP4 IR4.
In the Administration Console, click > >
Examine the value of the field to see if it displays the correct version.
The high bandwidth SSL VPN server does not ship with the product because of export laws and restrictions. The high bandwidth version does not have the connection and performance restrictions that are part of the version that ships with the product. Your regular Novell sales channel can determine if the export law allows you to order the high bandwidth version at no extra cost.
After you have ordered the high bandwidth version, log in to the Novell Customer Center and you will see a link that allows you to download the high bandwidth version.
For installation instructions, see “Installing SSL VPN” in the Novell Access Manager Installation Guide.
Fixed security issues with the logout process.
Fixed the issue in using an encoded URL query string in the redirect to the URL policy of the ACL.
Fixed the issue of performing a case sensitive comparison of query parameters when injecting a query string.
Fixed issues that caused the Linux Access Gateway to crash under heavy load.
Fixed a rewriter issue that was causing the range section in the HTTP header to be stripped out.
Fixed issues with URL normalization.
Removed some TCP connect and listen configuration options.
Fixed issues with the tunneling feature.
Fixed an issue that prevented clustered Identity Servers from communicating with each other when separated by a firewall. For the ports that need to be opened in the firewall, see “When a Firewall Separates the Identity Server from a Component”.
Fixed an issue that allowed clustered Identity Servers to randomly lose communication with other cluster members.
Fixed an issue with the minor version information in the SAML 1.0 assertions.
Fixed an issue that caused the Administration Console to crash when accessing overview or Access Gateway information.
Internet Explorer* 7 (latest version) on Windows XP and Vista is now a supported browser for accessing the Administration Console.
The SSL VPN build version number is now in sync with version numbering of other components.
Fixed the OpenVPN authentication error that occurred when clients tried to reconnect.
The option to send alerts to an SNMP server has been removed as a configuration option because it is unsupported.
Fixed issues in converting double byte characters in Linux Access Gateway broker redirection.
Fixed an issue that caused remote desktop sessions to the terminal server across generic TCP tunnel to randomly lose keyboard and mouse control.
Fixed a few reliability issues.
Fixed a memory leak issue that occurred after updating the authorization library.
Fixed an issue that caused the original base64 encoded URL relay state to be changed after the successful authentication.
The IP addresses printed in the logs are now in the correct format.
Fixed a security vulnerability with X.509 certificates. For configuration options, see “Potential X.509 Certificate Vulnerability”.
Health check for LDAP Service. For more information, see TID 700333.
Fixed a token encoding issue which caused Kerberos authentication to fail with NTLM tokens
Fixed an issue that caused SAML 1.0 statistic gathering to fail.
Fixed an issue that caused an X.509 request to fail when it included LDAP attributes.
Fixed a certificate issues that caused certificates to be renewed daily.
Fixed a problem that caused the Linux Access Gateway to fail if the machine had more than 4GB RAM.
Fixed an issue that cause the Linux Access Gateway to fail when the content-type encoding was specified as GZIP but the actual content was plain text.
Fixed an issue with cookie header parsing, which caused the Linux Access Gateway to fail.
Fixed a memory leak issue that resulted in proxy failure.
Fixed a problem that caused Identity Injection to fail when a NetIdentity-based authentication contract was used and the browser requests included an authorization header. When you use the /var/novell/.overwrite_AuthHeader_With_IIData touch file, it overwrites the browser authorization header with the Identity Injection data.
Fixed a problem that caused the Linux Access Gateway to serve client requests from the wrong Web server when the requests from parent and domain-based services were received on the same connection.
Fixed an issue with authentication that caused URLs with double byte characters to be handled incorrectly.
Fixed a delay in sending data from the Web server to the browser.
Fixed a problem with the rewriter, which caused the Linux Access Gateway to rewrite the Web server hostname incorrectly when a domain-based multi-homing service was configured. To enable Linux Access Gateway to rewrite more URLs, use the /var/novell/.incCOSSize touch file.
Fixed an issue with the custom rewriter that caused the rewriter to fail when include URLs were specified.
The rewriter now rewrites more URLs per page.
Fixed a problem with SAML 1.1 federation where the user was redirected to the User Portal application instead of the target URL.
Fixed an issue that caused Form Fill policies to fail when users were moved from one user store to another user store.
Fixed an issue that didn’t clear the Update option when the configuration changes were lost because they weren’t saved and the session was closed.
Fixed the Linux Access Gateway crash that occurred if an error message file did not exist for all the language profiles.
Fixed a protected resource matching issue if the /? character existed in the protected resource. Linux Access Gateway now treats /? as the directory match if it occurs at the end of the URL. Otherwise, it is treated as a query parameter
Fixed an issue in matching protected resources when the URL of protected resources contained encoded characters.
Fixed a Linux Access Gateway memory leak issue.
The URL normalization protection for back-end Web servers can now be disabled with the help of a touch file. However, this touch file is not active for path-based sub-services that are enabled with the option.
Fixed an issue in logging out users in a cluster setup.
Fixed issues in rewriting HTML pages with double-byte characters.
The Linux Access Gateway can now be configured to run the /chroot/lag/opt/novell/bin/postapply.sh script after every apply, so that the settings remain as they were before applying the configuration changes. This script can be edited to add commands.
You can now customize all error messages that are served by the Linux Access Gateway and those that are configured in the Access Control Lists.
Fixed an issue with changing a domain name, which was leading to listener failure.
The rewriter now rewrites all the value tags.
Fixed issues with the LAG character profile rewriter by changing the algorithm used for search and replace.
Fixed an issue with service selection in the path-based multi-homing service. With this fix, the Linux Access Gateway selects the best match from the configured services.
Modified two statistic strings to clarify that they were gathering information about LDAP queries (Number of SAML Attribute Queries and Number of SAML-2 Attribute Queries)
Fixed an issue with the user store health check so that it is refreshed when the user selects and when periodic health checks are performed.
Fixed an issue that limited top-level domain names to six characters.
Fixed an issue with the RSA SecurID Login Method.
Fixed an issue with the hidden target parameter for the login page.
Fixed an issue with reading the content length that caused login to fail.
Fixed an issue that caused a cluster member to assume an inactive state when it was configured with multiple IP addresses.
Fixed an issue with SAML2 metadata and certificates.
Fixed an issue with the LDAP search filters that caused slow performance.
Fixed an issue that caused configuration changes to report an HTTP 404 error.
Fixed the SSL VPN Mac client so that it updates the DNS entries after logout.
Fixed issues in detecting forward proxy through the automatic configuration script settings of the Internet Explorer* when using the ActiveX* client.
Ensure that you synchronize the correct date, time, and time zone settings between the Identity Servers and Access Gateways servers. You must synchronize your servers to within one minute of each other. Otherwise, you encounter federation and session time-out errors. It is recommended that you use NTP for time synchronization.
Ensure that DNS names can be resolved.
Enable (allow) browser pop-ups for the Administration Console (administration server).
Network Address Translation routers cannot be placed between Access Manager components. All Access Manager components must be on the same side of a NAT router.
This release does not support installation of the Administration Console, Identity Server, Linux Access Gateway, and SSL VPN on a single machine.
This section discusses known issues for the Administration Console.
If you are having problems keeping the Administration Console running because eDirectory™ and Tomcat stop working, your configuration might be triggering a known issue with eDirectory 8.8.1.
Try the following workaround:
Create a link in the etc directory for the nici.cfg file.
Enter the following commands:
cd /etc ln -sf /etc/opt/novell/nici.cfg nici.cfg
Restart eDirectory:
/etc/init.d/ndsd start
Restart Tomcat:
/etc/init.d/novell-tomcat4 restart
If this does not solve the problem, contact Novell. This issue is fixed in Access Manager 3.1 SP1.
If you are running Access Manager in a VMware* ESX Server environment (ESX Server 3.0.2) and your Access Gateway configuration contains a path-based multi-homing reverse proxy with over 200 protected resources, you might experience an extended delay (five minutes or more) when viewing the configuration page for the proxy. This issue is fixed in Access Manager 3.1 SP1.
If you set up Access Manager to use an auditing server other than the one installed on the Administration Console, devices that are imported after this configuration do not receive the IP address of the auditing server. When the device is rebooted, it tries to send auditing events to the auditing server on the Administration Console.
To work around this issue after importing new devices, configure the auditing server to use the IP address of the Administration Console, then click . This saves the configuration to the Administration Console. Return to the Auditing page, reset the IP address to the address of the auditing server you want to use, then apply the configuration to all the devices imported into the Administration Console (use the links). After the configuration has been applied to the devices, reboot the devices.
For more information on how to change the IP address of the auditing server, see “Specifying the Logging Server and Events” in the Novell Access Manager Administration Guide
This issue is fixed in Access Manager 3.1 SP1.
The following issues apply to the Identity Server:
Currently, you can change the name of a contract when it is being used to protect an Access Gateway resource. When you change the name of such a contract, subsequent updates to the Access Gateway fail with an XML validation error. For instructions on fixing this error, see Modifying a Configuration That References a Removed Object in the Novell Access Manager Administration Guide.
To avoid this problem, make sure the contract is not being used to protect a resource before changing the name. This rename problem is fixed in Access Manager 3.1 SP1.
When users are within the grace login limit, and a password expiration servlet is specified on a Name/Password or Secure Name/Password (form-based) authentication contract, users are redirected to the password expiration servlet to change their passwords. If a user does not update the password correctly, or escapes out of the page for any reason, the account is locked.
If there are already values in the LDAP attribute for X509 Subject Name mapping and you enable for the X509 authentication class, the LDAP attribute values are overwritten with the client certificate subject name.
This section discusses the known issues that apply to the current release of the Linux Access Gateway.
Issues with Health Check While Reimporting a Linux Access Gateway with Initial Configuration
Issues with the Audit Server While Importing a Linux Access Gateway Configuration
Upgrading the Linux Access Gateway Randomly Halts the Embedded Service Provider
The Linux Access Gateway Version Is Incorrectly Displayed on the Administration Console
Accelerating Web Servers That Do Not Support TLS and Do Not Fall Back to SSLV3
Rewriter Does Not Handle the [oa] Option in Search and Replace
Form Fill Does Not Work if the Web Page Contains an Apostrophe
Form Fill Fails If the Web Server Does Not Send the Content Type
The kernel in the Linux Access Gateway can recognize only 4 GB of memory. If you install more that 4 GB of RAM, the memory above the limit is ignored. This problem has been fixed in the Linux Access Gateway in Access Manager 3.1.
On a new installation when you first enable Novell Auditing (click > > > ) and select audit events, they are not generated and sent to the Audit Server.
To solve the problem, restart the Linux Access Gateway. Use the option on the Access Gateways page or use the following command:
/etc/init.d/novell-vmc restart
If you have clustered the Access Gateways, restart each Access Gateway in the cluster.
If you have configured your Access Manager system to use a Novell Sentinel™ or Novell Audit server for auditing, the Novell Audit client sometimes disconnects from the auditing server. This usually happens when communication problems exist on the network. When this happens, the Linux Access Gateway might crash. It can also prevent the successful completion of any Linux Access Gateway configuration changes.
To solve this problem, make sure that no communication problems exist between the auditing client on the Linux Access Gateway and the auditing server.
When reimporting a Linux Access Gateway with the initial configuration option, the health status displays the health of the previous configuration. You must apply changes from the Administration Console for health status to display the new configuration. Alternatively, you can enter the /etc/init.d/novell-vmc restart command from the command line to restart the Access Gateway. This issue does not happen when you reimport the proxy with the current configuration option.
With Internet Explorer 7, if the Linux Access Gateway redirects the first request after authentication to a secure site. If the certificates are not present in the browser, the browser is not redirected to the proper site.
When importing a Linux Access Gateway configuration, it is possible that the imported configuration contains an Audit server IP address that is different from the Audit server IP address that has been configured in the Administration Console. Updating the Linux Access Gateway configuration does not correct this address problem. As long as the addresses differ, the Access Gateway can hang during subsequent updates or restarts because the Novell Audit Agent of the Access Gateway cannot connect to its configured Audit server.
You must force the Linux Access Gateway to change its Audit server settings.
In the Administration Console, click > .
Specify a different IP address for the Secure Logging Server, then click .
Click , specify the correct IP address for the Secure Logging Server, then click .
Update the Linux Access Gateway.
Reboot every Access Manager machine, starting with the Administration Console.
If you have already configured the other Access Manager machines to use the correct IP address of the Secure Logging Server, rebooting the Linux Access Gateway should be sufficient.
After upgrading, the embedded service provider sometimes halts at the end of the upgrade process. When this happens, restart the Linux Access Gateway. In the Administration Console, click > , select the Access Gateway, then click .
After the installation of the Linux Access Gateway, the wrong version of the product is displayed on the Administration Console. To get the correct version of the product, select or specify the following command from a Linux Access Gateway machine:
cat /etc/issue
YaST becomes non-responsive if you click after adding, deleting, or modifying a partition. To work around this problem, click , then click instead of clicking.
During installation, if you configure the hostname as linux, the Linux Access Gateway is not imported.
The Linux Access Gateway requires both the server certificate and the root CA to be present in the trusted roots imported from Web servers. If the trusted root imported from the Web server displays only the server certificate, select the option from the drop-down list when you are configuring SSL between the Proxy Service and Web servers. For more information, see “Configuring SSL between the Proxy Service and the Web Servers” in the Novell Access Manager Administration Guide.
The Linux Access Gateway uses the TLS protocol by default. However, some Web servers that do not support the TLS protocol abort the SSL handshake because they do not fall back to SSLV3.
To work around this problem, create the /var/novell/.doNotUseTLS touch file and restart the Linux Access Gateway. When this touch file is set, the Linux Access Gateway tries the SSLV3 protocol by default, instead of the TLS protocol.
The character rewriter profile does not support the [oa] option to search and replace plain words and strings.
The option does not work. For example, if you add https://www.mygroup.com, it is not excluded from the list. You must provide only the DNS name, such as www.mygroup.com.
A Form Fill auto-submit fails when an input field in an HTML page contains name="submit".
The Linux Access Gateway Form Fill does not work if the Web page contains the apostrophe character.
Form Fill does not process the page if the Web server does not send the content type. Form Fill processes the following content types:
"text/html" "text/xml" "text/css" "text/javascript” "application/javascript" "application/x-javascript"
The NetWare Access Gateway embeds NetWare 6.5 SP6. The following topics are known issues for this operating system and the Access Gateway:
When you upgrade to Access Manager 3.0 SP1, the upgrade process disables mutual SSL between the proxy service and the Web servers.
To re-enable mutual SSL, select the on the Web Servers page. Click > > > > > .
The NetWare Access Gateway does not cache Form Fill data. Therefore, if you assign a Form Fill policy to a protected resource that uses a wildcard (*) in the URL path, the NetWare Access Gateway queries the Identity Server for Form Fill data each time a user accesses any page that matches the protected resource. It is strongly recommended that you specify a specific page when you assign a Form Fill policy to a protected resource.
The NetWare Access Gateway does cache Identity Injection and Authorization policy information for the lifetime of the user’s session, so the protected resources for these policies can use wildcards in their URL paths.
You can push commands from the secondary Administration Console, but any commands dealing with the Certificate Authority fail, unless you move the Certificate Authority to the secondary server.
Do not begin an Access Gateway server DNS name with a number.
In order to transfer files to and from the NetWare Access Gateway server when the SSH client that you are using for the transfer has the Secure File Transfer Protocol (SFTP) enabled, you must load ncpip.nlm and enable NCP™ for the SFTP.
WARNING:Enabling NCPIP is a security risk because it opens a listener on port 524 on all bound addresses.
To set up and configure NCPIP, add the following to the tune.ncf file:
load ncpip.old SET NCP Exclude Addresses = ALL SET NCP Include Addresses = 127.0.0.1
In the BIOS you can specify the modes to use for the IDEATA.HAM driver to work with a SATA controller. (Legacy, Compatible, or Enhanced mode.) You do not need to manipulate the driver or OS.
The IDESATA.HAM driver works with all AHCI controllers in pure AHCI mode, which is the recommended mode because it is the fastest. This driver is invoked instead of IDEATA.HAM only when the BIOS setting for the particular chip set is set to AHCI.
If you set up an X.509 contract and use it to authenticate from the NetWare Access Gateway, you might see an error generated in the Identity Server log for certificate or SSL mutual authentication. This occurs during SSL re-negotiation between Tomcat and the Internet Explorer browser, and is possibly an IE bug. This error does not occur with Firefox*. The Access Gateway can cause the error at the Identity Server by requesting the certificate authentication from the Identity Server, but it is not the only device that can cause the error. Any device requiring or requesting certificate authentication from the Identity Server, including the Identity Server itself, can cause the error. It is cosmetic.
NetWare abends can occur when Novell Remote Manager Group Operations are used on a NetWare Access Gateway. We recommend that you do not use Novell Remote Manager on a NetWare Access Gateway.
The following sections divide the known issues into general issues that apply to both the Enterprise mode and Kiosk mode and issues that apply only to the Enterprise mode and only to the Kiosk mode:
SSL VPN Session Running on JRE 1.4 Disconnects after Approximately 10 Hours
SSL VPN Server Goes Down When More Than 50 Roles Are Associated to a Single Traffic Rule
SSL VPN Connection on Windows Through a Forward Proxy Fails When Authentication Is Enabled
SSL VPN Statistics Displayed in the Administration Console Are Not in Order
SSL VPN Client Randomly Displays the Nonsecure Items Dialog Box
HTTP Applications Cannot be Accessed When an SSL VPN Connection Is Made through the Forward Proxy
UDP Traffic Throughput through the SSL VPN Encrypted Tunnel Is Low
The SSL VPN client sessions running on JRE* 1.4 are disconnected after being in use for approximately 10 hours. To work around this problem, use JRE 1.5 or later.
The SSL VPN server might go down when you create a traffic rules with more than 50 roles for each traffic rule.
When authentication is enabled in a forward proxy, the SSL VPN connection fails on a Windows client.
You must use the command line to restart an SSL VPN server. The and buttons in the Administration Console are not functional for this release. To restart the SSL VPN server, specify the following commands from the command line:
/etc/init.d/novell-sslvpn stop /etc/init.d/novell-sslvpn start
The SSL VPN connection statistics that are displayed in the Administration Console are not in any order.
If the user does not have a traffic policy defined for the role, the user is denied access to the resources. However, the logout page is not displayed when user clicks the button.
In Internet Explorer, the SSL VPN client randomly displays the dialog box after the connection is established. Click to close the dialog box. If you do not click , SSL VPN disconnects. You can also follow the steps given below to resolve the problem if you are planning to use SSL VPN for a long session.
Open the Internet Explorer browser.
Select .
Select the tab.
Select , then click the button.
Select for the option.
Click .
If a client uses an HTTP forward proxy to establish the SSL VPN session, no HTTP application can be accessed over this SSL VPN connection because the browser is configured to use the forward proxy server for HTTP requests.
The throughput of UDP traffic through the SSL VPN encrypted tunnel is low when compared to the TCP traffic.
If you are a non-admin user using Internet Explorer to establish an SSL VPN connection for the first time, the ActiveX download fails. This happens because you must have admin rights to download ActiveX. This issue might also occur if you have upgraded from an older version. If you want to access SSL VPN by using the Internet Explorer, you must add the forcejre=true command to the end of the URL. For more information, see “Configuring SSL VPN to Download the Applet on Internet Explorer” in the Novell Access Manager Administration Guide.
You can use Firefox to connect to SSL VPN in Kiosk mode.
Firefox randomly becomes non-responsive when multiple clients are running in Windows Kiosk mode.
The SSL VPN logout page is not displayed after you click the button when you use the Internet Explorer 6.0 browser on a Windows 2000 machine to access SSL VPN in Kiosk mode. This issue does not occur when you access SSL VPN in Enterprise mode.
When a user attempts to disconnect the Citrix* server connection established through SSL VPN, the SSL VPN connection is refreshed. The attempts to reconnect to the SSL VPN server fail because the previous connection is not disconnected or terminated. Close the browser to terminate the process.
If you are a non-admin user who used SSL VPN in the Enterprise mode, and if you are trying to access SSL VPN through the Internet Explorer browser on the same machine, the dialog box prompting you to specify the administrator username and password is not displayed. The SSL VPN connection is established in the Kiosk mode. If you are a non-admin user and want to access SSL VPN by using the Internet Explorer, you must add the forcejre=true command to the end of the URL.
For more information, see “Configuring SSL VPN to Download the Applet on Internet Explorer” in the Novell Access Manager Administration Guide.
If you use 64-bit machines, you can access SSL VPN only in Enterprise mode. Accessing SSL VPN in Kiosk mode is not supported.
If you upgrade to the Novell Access Manager 3.0 SP2 version, then roll back to the SP1 release, SSL listeners are not created because there is a difference in the NICI versions used. To work around the problem, do the following in SP1:
Untar lagrpms.tar.gz.
Remove the nici-<version>.rpm from the lagrpms directory.
Re-tar the lagrpms directory as lagrpms.tar.gz.
Use the new lagrpms.tar.gz for upgrading.
The Macintosh* Tiger* OS client does not support GroupWise® 7.0.
In Linux, you cannot access protected HTTP traffic on the Firefox browser during the first SSL VPN connection, but subsequent connections work without problems.
To work around this problem, you can use another browser to access the protected resource as follows:
Establish an SSL VPN connection in the Kiosk mode.
Create a shortcut or launcher for Firefox on the desktop.
Click .
Log out of the SSL VPN.
Launch Firefox by using the SSL VPN-enabled shortcut.
The Firefox browser launches even though there is no SSL VPN connection.
Establish an SSL VPN connection in the Kiosk mode.
New tabs and new instances of the Firefox browser now tunnel HTTP traffic.
The Intlclock toolbar application running on the SUSE® Linux Enterprise Desktop (SLED) 10 SP1 crashes when an SSL VPN connection is established or disconnected.
In Linux, applications listed in the Program Menu are not SSLized.
Domain name search does not work in the Kiosk mode in Macintosh.
In SSL VPN Kiosk mode, the active mode of FTP is not supported.
The Enterprise mode connection might occasionally be disconnected after being in use for approximately five hours, if the openVPN component stops responding.
SSL VPN does not support 64-bit browsers to establish the initial login session.
SSL VPN certificate names can contain only alphanumeric characters, space, underscore (_), hyphen (-), the at symbol @, and the dot (.).
On Windows 2000 machines, if a non-admin user tries to establish an SSL VPN connection in the Enterprise mode and specifies the wrong credentials for the admin user, no error messages are displayed. However, the user is denied access after trying to establish the connection.
When a user reconnects to the SSL VPN server, the 1701:OpenVPN Connection Failed error is displayed.
In Macintosh, the SSL VPN connection fails if you log in as a root user and there is no password set for the root user. When there is no password set for the root user, the user can log in as an admin user, by using the credentials of the admin user.
In some combinations of Linux and Firefox, you might see the button display incorrectly in the Import Private/Public Keypair window. This does not affect functionality.
In this documentation, a greater-than symbol (>) is used to separate actions within a step and items in a cross-reference path.
A trademark symbol (®, ™, etc.) denotes a Novell trademark; an asterisk (*) denotes a third-party trademark
Novell, Inc., makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc., reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes.
Further, Novell, Inc., makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc., reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.
Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classification to export, re-export or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. See the Novell International Trade Services Web page for more information on exporting Novell software. Novell assumes no responsibility for your failure to obtain any necessary export approvals.
Copyright © 2007-2009 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.
Novell, Inc., has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed on the Novell Legal Patents Web page and one or more additional patents or pending patent applications in the U.S. and in other countries.
For Novell trademarks, see the Novell Trademark and Service Mark list.
All third-party trademarks are the property of their respective owners.