test

SunScreen 3.2 Administrator's Overview

What Is the Configuration Editor?

All the functionality of SunScreen that is available through the administration GUI is also available through the command line configuration editor. Administering your Screens through the configuration editor is useful if you cannot or do not want to use the GUI. If you are adept with the command line, you can sometimes edit a configuration more quickly. You can also use the command line interface to perform management tasks in an automated fashion using scripts. Finally, the command line interface may be employed by users who require accessibility accommodations.

You can obtain access to a Screen using the command line from its own keyboard when the Screen is administered locally, if you have superuser (root) access. You can also gain access to a Screen using the command line from an Administration Station; when the Screen is administered remotely you must use SKIP or IKE encryption and an administration user name and password.

You maintain user-controlled data--common objects like address and policy entries like rules and NAT--using the edit subcommand of ssadm.

When using the configuration editor, you must usually save any changes before quitting. Some entities (authuser, adminuser, proxyuser, logmacro, vars) are saved automatically when created. See "Save Not Required for Some Common Objects" below for more information.

You invoke the configuration editor with the edit command, a subcommand of ssadm and the name of your policy, such as Initial. The prompt for the configuration editor is edit>.

For a locally administered Screen, type:


# ssadm edit policy_name

For a remotely administered Screen, type:


# ssadm -r Screen_name edit policy_name

Save Not Required for Some Common Objects

You can quit the configuration editor without saving if only authuser, adminuser, proxyuser, logmacro, or vars entities are altered. The following is an example of the nonfatal message you see if you attempt to save after changing only the entities shown above: 


edit> save
lock not held 
failed (status 244)