test

Oracle Solaris Trusted Extensions Administrator's Procedures

ProcedureHow to Remotely Administer Systems by Using the Solaris Management Console From an Unlabeled System

In this procedure, you run the Solaris Management Console client and server on the remote system, and display the Console on the local system.

Before You Begin

The Trusted Extensions system must have assigned the label ADMIN_LOW to the local system.

Note –

A system that is not running the CIPSO protocol, such as a Trusted Solaris system, is an unlabeled system from the viewpoint of a Trusted Extensions system.

The Solaris Management Console server on the remote system must be configured to accept the remote connection. For the procedure, see Enable the Solaris Management Console to Accept Network Communications in Oracle Solaris Trusted Extensions Configuration Guide.

Both systems must have the same user who is assigned the same role that can use the Solaris Management Console. The user can have the normal user's label range, but the role must have the range from ADMIN_LOW to ADMIN_HIGH.

You must be in an administrative role in the global zone.

  1. Enable the local X server to display the remote Solaris Management Console.


    # xhost + TX-SMC-Server
# echo $DISPLAY
:n.n

  2. On the local system, become the user who can assume a role for the Solaris Management Console.


    # su - same-username-on-both-systems

  3. As that user, log in to the remote server as the role.


    $ rlogin -l same-rolename-on-both-systems TX-SMC-Server

  4. Make sure that the environment variables that the Solaris Management Console uses have the correct values.

    1. Set the value of the DISPLAY variable.


      $ DISPLAY=local:n.n
$ export DISPLAY=local:n.n

    2. Set the value of the LOGNAME variable to the user name.


      $ LOGNAME=same-username-on-both-systems
$ export LOGNAME=same-username-on-both-systems

    3. Set the value of the USER variable to the role name.


      $ USER=same-rolename-on-both-systems
$ export USER=same-rolename-on-both-systems

  5. In the role, start the Solaris Management Console from the command line.


    $ /usr/sbin/smc &

  6. Select a tool under System Configuration.

    When you select a tool such as User, a dialog box displays the Solaris Management Console server name, your user name, your role name, and a place to type the role's password. Make sure that the entries are correct.

  7. As the role, log in to the server.

    Type the role's password and press Login as Role. You can now use the Solaris Management Console to manage the system.

    Note –

    When you try to access network database information from a system that is not the LDAP server, the operation fails. The Console allows you to log in to the remote host and open the toolbox. However, when you try to access or change information, the following error message indicates that you have selected Scope=LDAP on a system that is not the LDAP server:


    Management server cannot perform the operation requested.
...
Error extracting the value-from-tool.
The keys received from the client were machine, domain, Scope.
Problem with Scope.