Sun and OracleChannel SunHow to BuyLog InDeutsch

Sun Enterprise Authentication Mechanism 1.0.2 Guide
  Suchtext Nur in diesem Buch
Suche Hilfe
Nach weiteren Dokumenten suchen
Support-Ressourcen

Chapter 2 Configuring SEAM (Tasks)

This chapter provides configuration and installation procedures network application servers.

Installing SEAM 1.0.2 Packages

The SEAM 1.0.2 release includes the client applications and the server daemons for the remote applications. The release also includes some changes to two configuration files.

How to Install SEAM 1.0.2 Packages

The installation process for the SEAM 1.0.2 packages may change the contents of /etc/inet/inetd.conf and /etc/pam.conf. This procedure uses the following configuration parameters:

  • install administration file = seam-1.0.2/etc/pkgadd-admin-file

  1. Prerequisites for installing the SEAM 1.0.2 packages.

    This procedure requires that Solaris 9 release has been installed.

  2. (Optional) Make backup copies of /etc/inet/inetd.conf and /etc/pam.conf.


    # cp /etc/inet/inetd.conf /etc/inet/inetd.conf.save
# cp /etc/pam.conf /etc/pam.conf.save

  3. Install the software.

    The pkgadd-admin-file includes instructions for the pkgadd command, which causes any previous instance of these packages to be overwritten. You do not need to use the installation administration file if you want to keep older copies of the packages. See the admin(4) man page for more information about installation administration files.


    # pkgadd -a seam-1.0.2/etc/pkgadd-admin-file -d seam-1.0.2/5.9/sparc

  4. (Optional) If required, install non-English language message support.


    # pkgadd -a seam-1.0.2/etc/pkgadd-admin-file -d seam-1.0.2/locale

  5. (Optional) Reactivate inetd.

    The installation of the SUNkr5sv package can generate a message like:


    Adding
<service-name> stream tcp  nowait  root /usr/krb5/lib/<server_program> <server_arguments>
to /etc/inetd.conf

    If this message is generated, then you need to run the following command so that the inetd process can activate the remote application servers.


    # kill -HUP `pgrep inetd`

    This command causes the inetd process to use the new entries in the /etc/inet/inetd.conf file.

Example -- Installing SEAM 1.0.2 Packages


# pkgadd -a seam-1.0.2/etc/pkgadd-admin-file -d seam-1.0.2/5.9/sparc

The following packages are available:
  1  SUNWkr5mn     SEAM Manual Pages
                   (sparc) 5.9.0,REV=02.05.15.19.47
  2  SUNWkr5sv     Kerberized Network Services
                   (sparc) 5.9.0,REV=02.05.15.19.47

Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]: all

Configuring SEAM Network Application Servers

Network application servers are hosts that provide access using one of the following network applications: ftp, rcp, rlogin, rsh, and telnet. Only a few steps are required to enable the SEAM version of these commands on a server.

How to Configure a SEAM Network Application Server

This procedure uses the following configuration parameters:

  • application server = boston

  • admin principle = kws/admin

  • DNS domain name = example.com

  • realm name = EXAMPLE.COM

  1. Prerequisites for configuring an application server.

    This procedure requires that the master KDC has been configured. To fully test the process, several clients must be installed.

  2. Install SEAM remote application software.

    The SEAM 1.0.2 software must be installed. See "How to Install SEAM 1.0.2 Packages" for complete installation instructions.

  3. (Optional) Install NTP client or other clock synchronization mechanism.

    See "Synchronizing Clocks between KDCs and SEAM Clients" in System Administration Guide: Security Services for information about NTP.

  4. Add principals for the new server and update the server's keytab.

    The following command reports the existence of the host principal.


    boston # klist -k |grep host
4 host/boston.example.com@EXAMPLE.COM

    If the command does not return a principal, then create new principals using the following steps.

    Using the SEAM Administration Tool to add a principal is explained in "Administering Principals" in System Administration Guide: Security Services. The example below shows how to add the required principals using the command line. You must log on with one of the admin principal names that you created when configuring the master KDC.


    boston # /usr/sbin/kadmin -p kws/admin
Enter password: <Enter kws/admin password>
kadmin:

    1. Create the server's host principal.


      kadmin: addprinc -randkey host/boston.example.com
Principal "host/boston.example.com" created.
kadmin:

    2. Add the server's host principal to the server's keytab.

      If the kadmin command is not running, restart it with a command like: /usr/sbin/kadmin -p kws/admin 


      kadmin: ktadd host/boston.example.com
kadmin: Entry for principal host/boston.example.com with
  kvno 3, encryption type DES-CBC-CRC added to keytab
  WRFILE:/etc/krb5/krb5.keytab
kadmin: quit

    3. Quit kadmin 


      kadmin: quit