Accessing Local System Resources

Because Netscape Navigator and Internet Explorer do not support the Java mechanism for applet signing, browser security mechanisms prevent the administration GUI from accessing your system's local resources.

The operations that require access to your local system resources are:

• Exporting and importing IKE certificates

• Loading certificates from a diskette

• Backing up all policies

• Restoring all policies

• Saving log files

• Loading Jar signatures

If you do not need to perform any of these operations, you can go to "To Log In to the Administration GUI". If you need to access local system resources, you should read the following sections.

To work around local access limitations, you can use the Java Plug-In or the HotJava browser version. You can find versions of the Netscape and HotJava browsers, as well as the required Java Plug-In, on the SunScreen CD-ROM.

The SunScreen Administration GUI requires a Java plugin that supports Java 1.1 features. This dependency creates interaction problems when the Java plugin 1.2 (or later) is already present on the system. The fix for this problem is to remove the Java 1.2 plugin from the system.

To Install the Java Plug-In on the Screen

The documentation for the Java Plugin is on the Sun Website at http://java.sun.com/products/plugin/1.1.3/readme.html.

1. Issue the following command to remove the Java 1.2 Plugin:

   pkgrm SUNWj2pi

2. Make sure the SunScreen CD-ROM is still in the CD-ROM drive.

3. Become root, if you are not already root.

4. Install the Java Plug-In for use by a single screen, type the following:

   # volcheck $ cp /cdrom/cdrom0/javaplugins/* /usr/lib/sunscreen/admin/htdocs/plugin/plugins/.

   If you plan on sharing the Java plugin with Administration Stations, use the following instructions:

5. Save the file identitydb.obj on a diskette (see below) and distribute it to all Administration Stations.

To Install on the Remote Administration Station.

1. Open a Web browser window on the remote Administration Station.

2. Download the plugin from the Screen using one of the following links.

   • Java plugin for SPARC system from http://localhost:3852//plugin/plugins/plugin-112i-solsparc.sh.

   • Java plugin for x86 system from http://localhost:3852//plugin/plugins/plugin-112i-solx86.sh.

   • Java plugin for Windows system from http://localhost:3852//plugin/plugins/plugin-112i-win32.exe.

3. On the remote administration station, execute the shell script.

   1. If your system is a Solaris operating environment, type the following command at the shell prompt:

      # chmod a+x file_name.sh # ./file_name.sh

   2. If your system is a Windows system, make sure that you have permission to execute the program and then execute the program.

To Save the identitydb.obj File

After you install the Java Plug-In, next you install the identitydb.obj file.

1. If administration is done from a Solaris operating environment (local or remote), place the /usr/lib/sunscreen/admin/htdocs/plugin/plugins/identitydb.obj file in the $HOME directory of the user on the machine they are using for administration.

2. If administration is done from a Windows system, Use the following procedure:

   1. Obtain a DOS formatted diskette

   2. Insert the DOS formatted diskette in the floppy drive on the Screen.

   3. On the Screen, copy the file identitydb.obj to the diskette:

      % volcheck % cp /usr/lib/sunscreen/admin/htdocs/plugin/plugins/identitydb.obj /floppy/floppy0

   4. Use the diskette you just created to copy the identitydb.obj file to the appropriate location:

      • C:\WINDOWS directory for Windows 95/98/2000 users

      • C:\WINDOWS\PROFILES\username for multiuser Windows 95/98/2000 systems

      • C:\WINNT\PROFILES\username for Windows NT systems

   5. If the file identitydb.obj already exists in these locations, add SunScreen as one of the accepted signers to the file identitydb.obj.

      ---

      Note -

      The SunScreen GUI can use a signed Java applet to provide access to functions that are normally restricted by a web browser. These functions include saving or loading SunScreen configurations and certificates to files on the local computer.

      To verify the Java applet's signature, the web browser needs a copy of the certificate that was used to sign the applet. A copy of this certificate is installed with the SunScreen administration software in /usr/lib/sunscreen/etc/SunScreenEFS.x509. This is a file that you copy to your workstation or PC where the web browser will be run and add to your browser's list of trusted signers. Refer to your browser's documentation for detailed instructions on Java applet security.

      ---

To Use the HotJava 1.1 Browser

You can add the HotJava 1.1 browser from the SunScreen CD. The package name is SUNWdthj. If you use the HotJava 1.1 browser and want to access local system resources, the browser's preferences must allow medium security for unsigned applets. To set this level of security:

1. Go to the browser's Edit menu.

2. Choose Preferences.

3. Choose Applet Security.

4. Choose the Medium Security radio button from the Unsigned Applets column.

5. Choose Apply.