How to disable the unsecure iMonitor (httpstk) port 8028 in eDirectory 8.8

  • 7001377
  • 17-Sep-2008
  • 26-Apr-2012

Environment

Novell eDirectory 8.8 for Solaris
Novell eDirectory 8.8 for Linux

Situation

Sometimes it may be desired to disable the clear-text / unsecure port that eDirectory listens on for iMonitor access.  The port iMonitor listens on by default in versions 8.8.x is 8028.

Resolution

There are a two ways to address this:
 
1. Create a firewall rule or ip filter to block it.

2. There is a parameter that can be created in the nds.conf file that will force redirection to the secure port (normally 8030).:
Add the following parameter to the file if it does not already exist:
http.server.auth-req-tls=1     
 
A value of "1" tells the HTTP server that authentication requires TLS.  This means if a user comes in on clear text port, the traffic will be redirected to TLS port. There will be no communication occurring on this clear text port if this parameter is set to "1" (though the HTTP server will continue to listen on it).