Use the installadm create-service command to configure an install service when creating it. For more information, see How to Create an Install Service. Use the installadm set-service command to reconfigure an existing install service. This section describes how to set a security policy for your install service.
Each install service may have one security policy set. The available choices are:
Confirms the identity of the AI client. Requires client and server authentication for all clients of the specified service. This option also requires encryption.
Requires all clients of the service to authenticate with client authentication. All clients of the specified service must be assigned credentials, and all SPARC clients of this service must have their OBP keys defined. Any clients of the service that are not configured for client authentication will not be able to use this install service.
Confirms the identify of the AI server. Requires all clients of the specified service to perform server authentication. This option also requires encryption.
Requires at least AI server authentication for access to the specified install service. Client authentication is optional, but you must provide any assigned or attributed client credentials. You must also define OBP keys for all SPARC clients of this service.
Allows both authenticated and unauthenticated clients to access the install service. The option also requires encryption if the server has credentials. This is the default behavior.
You must provide any assigned client credentials. Clients without assigned or attributed credentials do not use OBP keys or server authentication. Server authentication is provided only for clients configured for client authentication.
For x86 clients only: Enables SSL/TLS end-to-end encryption without requiring authentication. Without authentication, the identities of the client and server are not guaranteed. Data in transit is not readable over the network by third parties.
Disables all security for all clients of the specified service.
Clients of this service are not authenticated. No credentials are issued. Clients of this service cannot access the webserver_secure_files_dir directory described in Configuring the Web Server User Files Directory. Use this setting with caution: Any install service files that were previously protected by authentication are no longer protected. Client data is not secured from unwanted access. To re-enable authentication, specify the set-service subcommand again with a different security policy value.
This example specifies a security setting that requires server authentication to use an install service. Use the require-server-auth install service security setting to require clients of the specified service to at least authenticate the AI server.
# installadm set-service -p require-server-auth -n install-serviceExample 8-24 x86: Requiring Encryption During Installation
This example specifies a security setting that uses encryption but does not require authentication. On x86 clients, to protect data transfers for a specific install service but not require client or server authentication, use the encr-only security setting. You still need a server certificate. The data will be protected from snooping over the network, but the AI server will provide the data to any client that issues the proper request to the server.
# installadm set-service -p encr-only -n install-service