Domain cookies can give your
tokenholders an extra level of convenience, but the feature
should be used carefully. Because domain cookies disregard each
machines client activations in the ACE/Server databases, a
tokenholder carrying a domain cookie might gain access to
information she is usually not allowed to see.
For example, suppose you would like to post Jane Smiths job performance statistics in a confidential directory on Web server Sales. If you enable the Domain Cookies feature on Sales and do not restrict the user access permissions on the confidential directory, a tokenholder with a domain cookie issued on server Customer will be able to access the confidential directory. To prevent this from happening, assign UNIX Read permission only to Jane Smith.
By using UNIX file permissions, in conjunction with the ACE/Servers group and client activation capabilities, you can enable the Domain Cookies feature without diminishing the level of security on highly sensitive directories. Consult your UNIX operating system documentation and the ACE/Server Administration Manual for more information about these additional security precautions.
To enable the Domain Cookies feature:
1. Copy the WebID Domain Secret into the aceagent.cfg file of the Web servers that will have the Domain Cookies feature enabled.
2. Start the ACE/Agent Administration applet.
3. Mark the Enable Domain Cookies checkbox.
Note: If you enable the Domain
Cookies feature, do not use shortcuts when referencing links to
other servers in the domain. In order for the Domain Cookies
feature to work, you must use the fully qualified DNS domain name
in your URLs.
3. In the Domain Name field, enter the DNS name of the domain over which you will distribute domain cookies (e.g., widgetsinc.com).
4. Click OK.