test

SunScreen SKIP User's Guide, Release 1.1

The skiptool Main Window

The skiptool main window has several important features:

File Menu

The file menu has five submenus:

Load--Loads current ACL from the kernel. This is useful if you have modified the ACL through other tools and want to update the configuration in skiptool.

Key Management--Defines the parameters for key usage, including when to delete an unused key (in seconds) and how much to transmit per key (in Kbytes).

SKIP Statistics--Brings up one of six statistics windows: (1) Network Interface Stats, (2) SKIP Header Stats, (3) Encryption Stats (Version 1), (4) Encryption Stats (Version 2), (5) Key Stats, or (6) Authentication Stats.

Save--Makes the configuration permanent. Before saving, it prompts you to add any systems that are in use, that have access, and that are not currently on the authorized list. The next time that you reboot this configuration is used. Quitting and restarting skiptool will not affect either saved or unsaved changes in configuration. (Another way to save the current ACL is to use the command-line tool skipif with the -s option.)

Note -

If you do not save the changes in the configuration, you can use them until the next time you reboot your machine when they will no longer be in effect.

Exit--Closes all open windows and quits SunScreen SKIP. The Statistics window will not close when you quit skiptool.

Access Control Buttons

Access Control button--This button toggles to enable or disable SKIP. When SKIP is enabled, the ACL rules apply. (For example, you could have only the "default" entry in the authorized systems list and some entries in the excluded systems list. In this case, any host except those that are in the excluded systems list could connect.) When SKIP is disabled, any system can connect, if the "default" entry is configured in the clear.

Unauthorized System button--This button is used to set the policy regarding unauthorized systems.

Note -

If a default authorized host entry exists, this policy does not take effect. The default entry has the name "default" and the ACL looks for this entry (in authorized or excluded host lists) if it cannot find a given entry that matches the host or network criteria.

The policy can be

No Access--Does not allow unauthorized hosts to connect.

Ask For Confirmation--Every time an unauthorized host connects, a pop-up window appears on which the user determines whether or not that particular connection should be allowed.

Add Automatically--Any host that sends packets to this system is automatically added to the authorized systems list.

Note -

It is recommended that you do not change the value from "No Access."

Authorized Systems/Excluded Systems Lists

Authorized Systems--A list of systems that are authorized to have access to this host. System types are host, network, or nomadic. Secure systems are denoted by a padlock or the Sun Microsystems' logo next to the system name, depending on the type of security being used.

Excluded Systems--A list of systems that are specifically denied access to your system. When you move or add a system to the excluded list, it is immediately excluded.

skiptool allows you to move systems from the list of authorized systems to the list of excluded systems and vice versa with the arrows between the two lists.

Management Buttons

These buttons enable you to add or delete a system from the access list. The buttons are available for both authorized and excluded systems.

Add--Brings up the Add pop-up menu where the system type to be added to the ACL is selected:

Host--Adds an individual host, either with or without security.

Network--Adds a network, either with or without security.

Nomadic--Adds a nomadic identity, with SKIP Version 1 or SKIP Version 2 security.

Delete--Deletes the selected system from the list. When an item is deleted, the deletion occurs immediately and cannot be undone.

You may also move ACL entries from one list to another with the arrow buttons. These arrow buttons make it easy to add or delete system when troubleshooting.

Caution - Caution -

If you add or delete ACL entries from one list to another, the addition or deletion takes effect immediately.