This procedure enables you to use the command line and the txzonemgr GUI to administer a remote Trusted Extensions system.
Before You Begin
The user, role, and role assignment are identically defined on the local and remote systems, as described in Enable Remote Administration of a Remote Trusted Extensions System.
desktop # xhost + remote-sys
Use the ssh command to log in.
desktop % ssh -X -l identical-username remote-sys Password: xxxxxxxx remote-sys %
The –X option enables GUIs to display.
For example, assume the root role.
remote-sys % su - root Password: xxxxxxxx
You are now in the global zone. You can now use this terminal window to administer the remote system from the command line. GUIs will display on your screen. For an example, see Example 12–3.
In this example, the administrator uses the txzonemgr GUI to configure labeled zones on a labeled remote system from a labeled desktop system. As in Oracle Solaris, the administrator enables X server access to the desktop system by using the –X option to the ssh command. The user jandoe is defined identically on both systems and can assume the role remoterole.
TXdesk1 # xhost + TXnohead4
TXdesk1 % ssh -X -l jandoe TXnohead4 Password: xxxxxxxx TXnohead4 %
To reach the global zone, the administrator uses the jandoe account to assume the role remoterole. This role is defined identically on both systems.
TXnohead4 % su - remoterole Password: xxxxxxxx
In the same terminal, the administrator in the remoterole role starts the txzonemgr GUI.
TXnohead4 # /usr/sbin/txzonemgr &
The Labeled Zone Manager runs on the remote system and displays on the local system.
Example 12-4 Logging In to a Remote Labeled ZoneThe administrator wants to change a configuration file on a remote system at the PUBLIC label.
The administrator has two options.
Remotely log in to the global zone, display the remote global zone workspace, then change the workspace to the PUBLIC label, open a terminal window, and edit the file
Remotely log in to the PUBLIC zone by using the ssh command from a PUBLIC terminal window and then edit the file
Note that if the remote system is running one naming service daemon (nscd) for all the zones, and the remote system is using the files naming service, the password for the remote PUBLIC zone is the password that was in effect when it was last booted. If the password for the remote PUBLIC zone was changed, but the zone was not booted after the change, the original password allows access.
Troubleshooting
If the –X option does not work, you might need to install a package. X11 forwarding is disabled when the xauth binary is not installed. The following command loads the binary: pkg install pkg:/x11/session/xauth.