test

Solaris Trusted Extensions Administrator's Procedures

ProcedureUse the rlogin or ssh Command to Log In and Administer a Headless System in Trusted Extensions

This procedure enables you to use the command line and the txzonemgr GUI to administer a headless system as superuser or as a role.

Note –

Remote login by using the rlogin command is less secure than remote login by using the ssh command.

To use the Solaris Management Console to administer a remote system does not require you to use a remote login command. For the procedure, see How to Remotely Administer Systems by Using the Solaris Management Console From a Trusted Extensions System.

Before You Begin

You have completed Enable Remote Login by a Role in Trusted Extensions.

You are a user who is enabled to log in to the headless system with that same user name and user ID, and you can assume the same role on the headless system that you can assume on the desktop system.

  1. On the desktop system, enable processes from the headless system to display.


    desktop $ xhost + headless-host
desktop $ echo $DISPLAY
:n.n

  2. Ensure that you are the user who is identically defined on both systems.

  3. From a terminal window, remotely log in to the headless system.

    • Use the ssh command to log in:


      desktop $ ssh -l identical-username headless
Password: Type the  user's password
headless $

    • Or, use the rlogin command to log in:


      desktop # rlogin headless
Password: Type the user's password
headless $

  4. Assume the role that is defined identically on both systems.

    Use the same terminal window. For example, assume the root role.


    headless $ su - root
Password: Type the root password

    You are now in the global zone. You can now use this terminal to administer the headless system from the command line.

  5. Enable processes on the headless system to display on the desktop system.

    Note –

    You can also display remote GUIs by logging in with the ssh -X command. For more information, see the ssh(1) man page. For an example, see Example 6–2.


    headless $  DISPLAY desktop:n.n
headless $ export DISPLAY=n:n

    You can now administer the headless system by using Trusted Extensions GUIs. For example, start the txzonemgr GUI:


    headless $ /usr/sbin/txzonemgr

    The Labeled Zone Manager runs on the remote system and displays on the desktop system.

Example 6–2 Configuring Labeled Zones on a Headless System

In this example, the administrator uses the txzonemgr GUI to configure labeled zones on a labeled headless system from a labeled desktop system. As in the Solaris OS, the administrator enables X server access to the desktop system by using the -X option to the ssh command. The user install1 is defined identically on both systems, and can assume the role remoterole.


TXdesk1 $ xhost + TXnohead4
TXdesk1 $ whoami
install1
 

TXdesk1 $ ssh -X -l install1 TXnohead4
Password: Ins1PwD1
TXnohead4 $

To reach the global zone, the administrator assumes the role remoterole. This role is defined identically on both systems.


TXnohead4 # su - remoterole
Password: abcd1EFG

Then, the administrator starts the txzonemgr GUI.


TXnohead4 $ /usr/sbin/txzonemgr &

The Labeled Zone Manager runs on the headless system and displays on the desktop system.