test

SunScreen 3.2 Administrator's Overview

ssadm

ssadm is the primary command-line tool for SunScreen administration. ssadm has a number of subcommands that perform various operations such as editing and activating a configuration, and examining the status of a Screen.

The Solaris command ssadm provides character-set translation between embedded strings and the local character set of the Solaris system on which it runs.

ssadm runs directly on a locally administered Screen, or indirectly from a remote Administration Station that is using SunScreen SKIP or IPsec/IKE to encrypt IP network communications passing between them. See the SunScreen SKIP User's Guide, Release 1.5.1 for more information regarding SKIP encryption.

Usage:

ssadm [-b] [-n] subcommand [parameters...]

ssadm [-b] [-n] -r remotehost [-F ticketfile] subcommand[parameters...]

The table below describes the options for this command.

Table B-2 Options for ssadm Command

Options 

Description 

-b [The -b option is normally not needed because the commands that process binary data automatically enable the binary mode. For example, ssadm backup, ssadm restore, ssadm log, ssadm logdump, and ssadm patch handle binary data even if -b is not specified.]

Processes binary data (instead of text) in standard input and output 

-n

Does not read any input from standard input 

-r remotehost

Provides access to a remote Screen using an address or a hostname remotehost

-F ticketfile

Use authorization ticket stored in ticketfile

The available ssadm subcommands are each described in "ssadm Subcommands".

When ssadm is executed locally on the Screen (that is, without the -r option) no login or authentication is required, but you must be superuser to have any effect.

When ssadm is used with the -r option to access a remote Screen, login authentication is required. You must use the ssadm login command to get a ticket that is used by subsequent invocations of ssadm to allow access to the remote Screen. Normally, the ticket is stored in a ticketfile, the name of which can be specified using the -F option, or through the SSADM_TICKET_FILE environment variable. See the ssadm login command for information about ticket files and remote administration using ssadm.

Executing an ssadm Command From a Local Screen

You can configure a local Screen by typing the commands listed in this appendix using the Screen's keyboard. For example, to activate a policy named Initial, you type:


# ssadm activate Initial

The ssadm command resides in the /usr/sbin directory. Include this directory in your directory search path to have access to the commands on the local Screen.

Executing an ssadm -r Command on a Remote Administration Station

You can configure a Screen from a remote Administration Station by preceding the commands listed in this appendix with ssadm -r and the name of the Screen you want to administer. For example, to activate the policy named Initial on a remote Screen called SunScreen1, you type:


# ssadm -r SunScreen1 activate Initial

When ssadm is used with the -r option to access a remote Screen, the name of the ticketfile can be specified using the -F option, or through the SSADM_TICKET_FILE environment.