Administration GUI Browser Requirements

You can use any browser that supports Java and is compliant with JDK 1.1 to configure, administer, edit, and manage the Screen. You can use Netscape, the HotJava browser, or Internet Explorer as long as the browser has the required Java support. The only restriction applies to accessing local system resources.

The Netscape Java plug-in provided with Solaris 8 is not compatible with the SunScreen applet. Therefore, in order to save log files and load certificates using Netscape, you must install the required version of the plug-in (as documented in the following sections).

Accessing Local System Resources

Because Netscape Navigator and Internet Explorer do not support the Java mechanism for applet signing, the Administration GUI cannot get access to your system's local resources (browser security mechanisms prevent this type of access.)

The operations that require access to your local system resources are:

• Loading Certificates from a diskette

• Backing up all Policies

• Restoring all Policies

• Saving Log Files

• Loading Jar Signatures

If you do not need to perform any of these operations, you can go to "To Log In to the Administration GUI". If you need to access local system resources, you should read the following sections.

To work around local access limitation you can do one of the following:

• Use the Java plugin.

• Use the Hotjava browser version 1.1.

You can find versions of Netscape and HotJava as well as the required Java Plugin on the SunScreen CD-ROM.

To Install the Java Plugin

In the following procedure, you will install the Java plug-in 1.1.2, save the identitydb.obj file, then set the NPX_PLUGIN_PATH environment variable.

The identitydb.obj file verifies the signature on the Java files and must be installed on the administration station if you are using the Java plug-in.

1. Make sure the SunScreen CD-ROM is still in the CD-ROM drive, then install the Java plug-in by typing:

   $ cd /cdrom/cdrom0/SunScreen/javaplugins $ cp plugin-112i-solsparc.sh /tmp $ cd /tmp $ sh plugin-112i-solsparc.sh

2. Next, save the identitydb.obj file by typing:

   $ cd /opt/SUNWicg/SunScreen/admin/htdocs/plugin/plugins/ $ cp identitydb.obj $HOME $ cd

3. Now, set the environment variable by typing:

   $ NPX_PLUGIN_PATH=$HOME/.netscape/plugins:$NPX_PLUGIN_PATH $ export NPX_PLUGIN_PATH

   or, if using csh:

   % setenv NPX_PLUGIN_PATH $HOME/.netscape/plugins:$NPX_PLUGIN_PATH

To Distribute the identitydb.obj File

After you install the Java plugin, you may want to save the identitydb.obj file for use on other Administration Stations. To save the file:

1. Go to http://localhost:3852/plugin/plugins.

2. Use the right mouse button to save the link as a file. If your browser does not support saving a file with this method, go to /opt/SUNWicg/SunScreen/admin/htdocs/plugin/plugins to access the file identitydb.obj.

3. Save identitydb.obj on a diskette for distribution to all Administration Stations.

Copy the file identitydb.obj from the diskette to one of the following locations if it does not already exist in one of these locations.

• $HOME on Unix systems

• C:\WINDOWS directory for Windows 95 users

• C:\WINDOWS\PROFILESsername for multiuser Windows 95 & 98 systems

• C:\WINNT\PROFILESsername on Windows NT systems

If the file identitydb.obj already exists in these locations, add SunScreen as one of the accepted signers to the file identitydb.obj (see ss_addsigner man page).

To Use HotJava and Set the Default Security Level

1. Make sure the browser's directory (/usr/dt/bin/) is in your path.

2. In a terminal window, open the browser by typing:

   % hotjava &

3. Click the Edit button of the browser to display the menu.

4. Click the arrow on Preferences to display the choice list.

5. Click and highlight Applet Security to display the Applet Security page.

6. Click Medium Security for both signed and unsigned applet windows.

7. Click the Apply button at the bottom of the Applet Security page to set these choices as defaults.

   • The Hotjava Security Violation window may appear when you add certificate IDs or backup or restore a policy.

   • Check Allow reading all files.

   • (Optionally) leave Allow this action checked. (This window will then appear each time you add a certificate ID or restore a backed-up Policy.)

   • Click the OK button on the Security Violation window.