test

Trusted Solaris Installation and Configuration

Configuring the Network

Add Hosts to be Contacted During Booting

Note that a name service client finds its file servers, home directory server, mail server, and other servers from the name service master.

  1. In the root role at the label ADMIN_LOW, return to the Solaris Management Console or re-open it if it is closed.


    # smc

  2. Click this-host: Scope=Files, Policy=TSOL under Trusted Solaris Management Console in the Navigation pane.

    See Figure 9-1 for what tools should display in the Navigation pane .

(Optional) Remove the 0.0.0.0 Network

The network wildcard 0.0.0.0 may present a security risk. See "Modifying the Boot-time Trusted Network Databases" in Trusted Solaris Administrator's Procedures for more information.

    Follow the instructions in the "To Replace the 0.0.0.0 Entry in the Local Tnrhdb File" procedure under "Managing Trusted Networking (Tasks)" in Trusted Solaris Administrator's Procedures.

Copy the Name Service Master's Tnrhtp Database

You can skip this step if your site did not modify or replace the label_encodings file and the tnrhtp file that were installed from the Trusted Solaris 8 4/01 Installation CD.

Note -

The tnrhtp(4) template definition and name for the name service master must be identical on the client and master.

    In the root role at label ADMIN_LOW, copy the tnrhtp file from the /diskette-mount-point/export/clientfiles directory to /etc/security/tsol/tnrhtp.

    See "To Copy Files From a Diskette" if you are unsure how to copy using the File Manager.

Assign Templates to Remote Hosts

The clients get most of their template assignments from the name service. A client's local tnrhdb database must contain servers that are contacted during boot, such as the name service master (or its subnet), static routers, and any audit servers.

  1. In the root role at the label ADMIN_LOW, double-click Security Families under Computers and Networks in the Trusted Solaris Configuration.

    The remote host templates display in the View pane.

  2. Double-click the remote host template, tsol.

  3. Choose Add Host(s) from the Action menu, click Add Host, and enter the IP address and template name (tsol) of the Trusted Solaris name service master.

  4. Add the audit server by choosing Add Host(s) from the Action menu. Then click Add Host and enter the IP address of the client's audit server and tsol host type.

  5. Again choose Add Host(s) from the Action menu, click Add Host, and enter the IP address and host type of the static router(s).

    A client with one defaultrouter and no audit server would have three entries in its tnrhdb:

    1. The client and its host type (tsol),

    2. The name service master and its host type (tsol) (or its subnet fallback IP address and tsol)

    3. The defaultrouter and its host type.

  6. Open a terminal to reload and verify the updated tnrhdb database.


    # tnctl -H /etc/security/tsol/tnrhdb
# tninfo -h

Summary of Client Network Files

These client files must be compatible with the name service master files:

The client's local tnrhdb(4) file must have the IP address and host type of the NIS+ master (or the IP address and host type of the subnet), the client's static routers, and the client.

In addition, the client's address and name, the name service master's name and address, and the static routers' names and addresses must be in the local hosts database.