Completing SKIP Setup on the Administration Station

You complete this installation by establishing encrypted communication between the Administration Station and the Screen. This step involves enabling SunScreen SKIP on the remote Administration Station. In this procedure, you tell the Administration Station which encryption algorithms to use when communicating with the Screen. For more information regarding SunScreen SKIP for Solaris, see the SunScreen SKIP 1.5.1 User's Guide.

Requirements

To configure the Administration Station to communicate with the Screen, you must know:

• Which access control list (ACL) parameters to set to match the Screen's encryption settings.

• The Screen's certificate ID.

• This is where you use the command obtained from the AdminSetup.readme file in "To Display the AdminSetup.readme File."

  ---

  Note -

  Instructions for using SKIP from the command line are in "Command Line Installation."

  ---

To Set Up SKIP on the Administration Station

1. Open a terminal window and become root.

2. Launch the skiptool GUI by typing:

   # skiptool

   ---

   Note -

   You may need to use skiptool -i name_of_interface (such as qe3) if you wish to set SKIP parameters on a network interface other than the default interface.

   ---

The main window of the skiptool GUI appears (as shown in the following figure).

Figure 4-14 skiptool GUI Main Window

Next, you add a default ACL to talk unencrypted to all hosts.

1. Click the Add button, and under Host, choose the Off security option.

   The Add Host properties window opens (as shown in the following figure).

   Figure 4-15 Skiptool With Add Host Properties Window Completed

   
   

2. Type `default' as the Hostname and click Apply.

   Next, you add an ACL entry for the Screen.

3. Click the Add button, and under Host, choose the SKIP security option.

   The Add SKIP host properties window appears (as shown in the following figure).

   Figure 4-16 Add SKIP Host Properties Window

   
   

   Use the information contained in the AdminSetup.readme file (see "To Display the AdminSetup.readme File") to complete the fields.

4. Type the name of the Screen in the Hostname field.

5. In the Secure field, select Whole Packet from the pull-down menu.

6. In the Remote Key ID, make the appropriate selection from the pull-down menu.

   Refer to the AdminSetup.readme file to select the correct Remote Key ID. For self-generated certificates on the Administration Station, select MD5 (DH Public Value). For issued certificates, select IPv4. See the following figure for a sample of the Add SKIP Host Properties window completed.

   Figure 4-17 Add SKIP Host Properties Completed

   
   

7. In the Local Key ID, make the appropriate selection from the pull-down menu.

   Refer to the AdminSetup.readme file to select the correct Local Key ID. For self-generated certificates on the Administration Station, select MD5 (DH Public Value). For issued certificates, select IPv4. The ID value is filled in automatically.

8. Turn SKIP on. From the pull-down menu for "Access control is:," located at the top of the skiptool window, select `enabled.'

   ---

   Note -

   When you select enabled from the pull-down menu, a window appears when you save the configuration. Click Cancel to prevent these required systems, which are part of the default configuration, from showing up in the Authorized Systems window

   ---

9. Select Save from the File pull-down menu.

   ---

   Note -

   After configuring SKIP, check that the encryption parameters and the certificate ID (MKID) values match on both the Administration Station and the Screen.

   ---