test

Sun N1 Advanced Architecture for SAP Solutions 5.2.1 Installation Guide

Implementation Based on aasap/aasapd

This allows the client, aasap, to execute remote commands on the servers.

aasapd allows access to be restricted on host names, os users, and commands. See the following for details.

Install aasap/aasapd

  1. Copy the SUNWn1aad.pkg package file from the installation media to a temporary installation directory and navigate to this directory.

  2. Install the SUNWn1aad.pkg package file as superuser.

    # pkgadd -d SUNWn1aad.pkg

    The following functions are performed:

    • Installs /opt/SUNWn1aa/aasap/bin/aasap

    • Installs /opt/SUNWn1aa/aasap/sbin/aasapd

    • Install /etc/aasap.allow

    • Create service entry in /etc/inet/inetd.conf or manifest for smf

    • Create, if necessary, port entry in /etc/inet/services

    • Restart inetd to activate service if not under control of smf

The pkgadd command requires the name of the N1 AA Master Server and the TCP port for the communication between client and server. If you already have a valid service entry for aasap in /etc/services or you are using another naming server, for example LDAP, you can enter 0.

Deactivate aasapd on the N1 AA Server

Restrict Access

Restrict aasap access on all N1 AA Clients:

On all N1 AA clients:

The package creates the /etc/aasap.allow file with owner root:sys and permissions 600. The package also creates one entry, noaccess@hostname: cat,tail,logadm

Example:

# cat /etc/aasap.allow 


noaccess@n1aaserv : cat,tail,logadm

Test the Communication

Log in to the N1 AA Server as superuser.

# su - noaccess

# /opt/SUNWn1aa/aasap/bin/aasap Hostname_of_an_N1_AA_Client cat /etc/release

The output should display the contents of the /etc/release file of the N1 AA Client.

Check the /var/opt/SUNWn1aa/aasap.log file for messages.