Regenerating Security Keys

Security keys are used to validate communications between the Sun Management Center server and agent. The server and agent cannot communicate with each other if the server and agent have different security keys.

The Sun Management Center setup process generates the security keys for Sun Management Center components using the following default settings:

• Valid Sun Management Center users are public and esmaster

• Sun Management Center superuser is esmaster

The software uses an eight-character password string as a seed to make the generated key unique. During setup, you must create a seed. The same seed must be used for all server and agent setups in a given server context. For more information on server context, see Access Control Definitions and Limitations in Sun Management Center 3.6.1 User’s Guide.

Sun Management Center setup does not create UNIX accounts for the special users public and esmaster. You do not need to log into the Sun Management Center console using these user IDs. These IDs are reserved for internal communication between processes. However, some troubleshooting activities might require you to log in using one of these user IDs. If so, you have to create the user ID, and then assign a password using the usual UNIX commands useradd and passwd. The esmaster user ID bypasses normal permission checks, so use this ID with care. For normal operation, use an existing login account.

Setup provides an opportunity to specify an existing user as a Sun Management Center administrator. This user ID is added to the esadm and esdomadm groups as well as the esusers file. For more information on security and the Sun Management Center superuser, see Chapter 18, Sun Management Center Security, in Sun Management Center 3.6.1 User’s Guide.

The security keys for the components need to be regenerated if one or more of the following is true:

• UDP ports of any of the Sun Management Center agents change

• Host names or IP addresses of the Sun Management Center agent host change

Changing the host name or the IP address of the Sun Management Center server is not supported.

To Regenerate the Security Keys

In these examples, shared-secret stands for a secret string of up to eight characters that is common to all machines in a server context. The string is required as an argument to the script base-usm-seed.sh. A default string, maplesyr is provided by the software, but you can specify your own password. This secret string or password is used to generate keys for communication between processes.

The following procedure applies to machines on which the Sun Management Center server, agent, or both server and agent are installed.

1. Log in as root.

2. Change to the /opt/SUNWsymon/sbin directory.

3. Regenerate the security keys.

   • If you installed only the agent layer, type:

     # ./es-run base-usm-seed.sh -s shared-secret -c agent -u public

   • If you installed only the server layer, type:

     # ./es-run base-usm-seed.sh -s shared-secret -c topology -u public # ./es-run base-usm-seed.sh -s shared-secret -c trap event cfgserver servers

   • If you installed both the agent and server layers on one host, type:

     # ./es-run base-usm-seed.sh -s shared-secret -u public

4. Restart the Sun Management Center server.