Configuring the Default ESMAC User

Setting the default ESMAC user

When starting a secure enterprise server region or instance, the system authenticates the credentials of a specific user ID when doing so. This user ID is known as the default ESMAC user, and has a setting of mfuser. You may change this user ID by setting the environment variable ES_USR_DFLT_ESMAC in the Directory Server (MFDS) in the [ES-Environment] tag in Configuration Information.

If you change the credentials of the default ESMAC user ID, then you must ensure that it has the correct privileges to start a region. Failure to set these privileges means that you will be unable to start a region. See Make the User an MSS System Administrator for more details.

Note: In legacy security only, creating an mfuser secures your enterprise servers.

Disabling the default ESMAC user

You can disable the ESMAC default user in order to increase the security of your region. To do this, set the environment variable ES_ESM_DISABLE_DFLTUSER_ESMAC in the Directory Server (MFDS) in the [ES-Environment] tag in Configuration Information. This disables the DEFAULT button on the logon screen so that users must always enter a valid userid and password.