You can install the required SunScreen 3.1 Lite packages on the Screen using pkgadd using the following instructions.
Insert the Solaris Easy Access CD-ROM into the Screen's CD-ROM drive.
For SPARC systems: # pkgadd -d cdrom/Solaris_8/EA/products/SunScreen_3.1_Lite/sparc For Intel systems: # pkgadd -d cdrom/Solaris_8/EA/products/SunScreen_3.1_Lite/i386 |
For SPARC systems, you are prompted with a menu of packages to install:
The following packages are available: 1 NSCPcom Netscape Communicator (sparc) 20.4.70,REV=1999.08.20.17.43 2 SUNWbdc SKIP Bulk Data Crypt (sparc) 1.5.1 3 SUNWbdcx SKIP Bulk Data Crypt (64-bit) (sparc) 1.5.1 4 SUNWdes SKIP DES Crypto Module (sparc) 1.5.1 5 SUNWdesx SKIP DES Crypto Module (64-bit) (sparc) 1.5.1 6 SUNWdthj HotJava Browser for Solaris (sparc) 1.1.5,REV=1998.12.03 7 SUNWdtnsc Netscape Componentization Support for CDE (sparc) 1.0,REV=1999.06.14.15.50 8 SUNWes SKIP End System (sparc) 1.5.1 9 SUNWesx SKIP End System (64-bit) (sparc) 1.5.1 10 SUNWfwcnv SunScreen Firewall conversion (sparc) 3.1 11 SUNWhttp Sun WebServer daemon and supporting binaries (sparc) 2.0 12 SUNWicgSA SunScreen Administration Software (sparc) 3.1 13 SUNWicgSD SunScreen online documentation (sparc) 3.1 14 SUNWicgSM SunScreen man pages (sparc) 3.1 15 SUNWicgSS SunScreen Firewall (sparc) 3.1 16 SUNWkeymg SKIP Key Manager Tools (sparc) 1.5.1 17 SUNWkusup SKIP U-Support module (sparc) 1.5.1 18 SUNWrc2 SKIP RC2 Crypto Module (sparc) 1.5.1 19 SUNWrc4 SKIP RC4 Crypto Module (sparc) 1.5.1 20 SUNWrc4x SKIP RC4 Crypto Module (64-bit) (sparc) 1.5.1 21 SUNWsman SKIP Man Pages (sparc) 1.5.1 |
For Intel systems, you are prompted with a menu of packages to install:
The following packages are available: 1 NSCPcom Netscape Communicator (i386) 20.4.70,REV=1999.08.20.17.56 2 SUNWbdc SKIP Bulk Data Crypt (i386) 1.5.1 3 SUNWdes SKIP DES Crypto Module (i386) 1.5.1 4 SUNWdthj HotJava Browser for Solaris (i386) 1.1.5,REV=1998.12.03 5 SUNWdtnsc Netscape Componentization Support for CDE (i386) 1.0,REV=1999.06.14.15.53 6 SUNWes SKIP End System (i386) 1.5.1 7 SUNWfwcnv SunScreen Firewall conversion (i386) 3.1 8 SUNWhttp Sun WebServer daemon and supporting binaries (i386) 2.0 9 SUNWicgSA SunScreen Administration Software (i386) 3.1 10 SUNWicgSD SunScreen online documentation (i386) 3.1 11 SUNWicgSM SunScreen man pages (i386) 3.1 12 SUNWicgSS SunScreen Firewall (i386) 3.1 13 SUNWkeymg SKIP Key Manager Tools (i386) 1.5.1 14 SUNWkusup SKIP U-Support module (i386) 1.5.1 15 SUNWrc2 SKIP RC2 Crypto Module (i386) 1.5.1 16 SUNWrc4 SKIP RC4 Crypto Module (i386) 1.5.1 17 SUNWsman SKIP Man Pages (i386) 1.5.1 |
For SPARC systems, type: 2-5, 8-9, 11-21. For Intel systems, type: 2-3, 6, 8, 9-17.
Follow the program prompts, answering all the questions with y.
When completed, you return to the same menu of packages.
Type q to quit pkgadd.
Set the PATH and MANPATH by editing your shell initialization file (such as .profile or.login file).
PATH=/opt/SUNWicg/SunScreen/bin:$PATH export PATH MANPATH=$MANPATH:/opt/SUNWicg/SunScreen/man export MANPATH
Eject the CD-ROM from the CD-ROM drive by typing
# eject cdrom0 |
Install any SKIP upgrades (see "Upgrading Cyrptography Modules").
Reboot by typing:
# sync; init 6 |
Open a terminal window and become root, if not already.
Complete the installation by typing:
# ss_install |
Answer the questions that appear. The questions and text are similar to those that appear when installing using the installation wizard. Review the procedures for installing the software on the Screen in "Installing Lite With Local Administration" or "Installing Lite With Remote Administration," if more details are needed.
If you are using issued certificates, you need all of your certificate diskettes.
The SKIP command to run on the Administration Station is displayed at the end. It is contained in the AdminSetup.readme file, found in the directory /etc/opt/SUNWicg/SunScreen. Write this command down for use in the following procedure. If you trust that the network between the Screen and the Administration Station is secure, you can ftp the AdminSetup.readme file from the Screen to the Administration Station. This saves you the task of writing down the information that is required in the next procedure.
Reboot by typing:
# sync; init 6 |
On the Administration Station, open a terminal window and become root.
To enable unencrypted communication from the Administration Station to all hosts other than the Screen, type:
# skiphost -a default |
Add a rule so that encrypted communication is possible between the Administration Station and the Screen by typing:
# skiphost command_from_ss_install |
This command is in the AdminSetup.readme file. The command is in the following form, which has been divided into lines for readability:
skiphost -a name_of_Screen -r NSID_type
-R Screen's_certificate_ID -s NSID_type
-S Administration_Station's_certificate_ID
-k key_encryption_algorithm
-t data_encryption_algorithm -m MAC_algorithm
Turn on SKIP by typing:
If Screen has only one interface: # skiphost -o on If Screen has more than one interface, for each interface: # skiphost -i name_of_interface -o on |
To display the interfaces, type: ifconfig -a
Save the SKIP settings by typing:
# skipif -i all -s |
Restart the SKIP daemon by typing:
# skipd_restart |
Refer to the SunScreen SKIP 1.5.1 User's Guide for more information on operating SKIP, if needed.
After configuring SKIP, check that the encryption parameters and 32-character certificate ID (MKID) values match on both the Administration Station and the Screen.
To configure and manage your Screen from your Administration Station, run a Java-enabled Web browser compliant with JDK 1.1.3 or later, and launch the administration GUI by typing the following URL:
http://Name_of_Screen:3852/ |
See the SunScreen 3.1 Administration Guide for instructions on how to use the administration GUI.