SEAM Releases

Parts of this product have been included in three releases. The first release of SEAM was included in the Solaris Easy Access Server (SEAS) 3.0 release. This version included all of the software needed to create an run and maintain a Kerberos realm for the Solaris 2.6 and 7 releases. This is called SEAM 1.0. Next, the SEAM client software was included in the Solaris 8 release, which allows for Solaris 8 clients to be able to use a SEAM 1.0 KDC. This document describes SEAM 1.0.1, which is a full release of SEAM 1.0 which will allow for Kerberos realms to be created and supported when running the Solaris 8 release. The components of all of the releases are described in the following sections.

SEAM 1.0 Components

Like the MIT distribution of Kerberos V5, SEAM includes:

• Key Distribution Center (KDC) (master):

  • Kerberos database administration daemon -- kadmind

  • Kerberos ticket processing daemon -- krb5kdc

• Slave KDCs

• Database administration programs -- kadmin and kadmin.local

• Database propagation software -- kprop

• User programs for obtaining, viewing, and destroying tickets -- kinit, klist, kdestroy -- and for changing your SEAM password -- kpasswd

• Applications -- ftp, rcp, rlogin, rsh, and telnet -- and daemons for these applications -- ftpd, rlogind, rshd and telnetd

• Administration utilities -- ktutil, kdb5_util

• Several libraries

In addition, the SEAM product includes the following:

• SEAM Administration Tool (gkadmin) -- Allows you to administer the KDC. This Java^TM based GUI allows an administrator to perform the tasks usually performed through the kadmin command.

• The Pluggable Authentication Module (PAM) -- Allows applications to use various authentication mechanisms; PAM can be used to make login and logouts transparent to the user.

• A utility (gsscred) and a daemon (gssd) -- These programs help map UNIX^TM UIDs to principal names; needed because SEAM NFS servers use UNIX IDs to identify users and not principal names, which are stored in a different format altogether.

• GSS_API framework -- The Generic Security Service Application Programming Interface (GSS-API) allows applications to use multiple security mechanisms without having to recompile the application every time a new mechanism is added. Because GSS-API is machine-independent, it is appropriate for applications on the Internet. GSS-API provides applications with the ability to include the integrity and privacy security services, as well as authentication.

• The RPCSEC_GSS Application Programming Interface (API) -- Allows NFS services to use Kerberos authentication. RPCSEC_GSS is a new security flavor that provides security services that are independent of the mechanisms being used; RPCSEC_GSS sits "on top" of the GSS-API layer. Any pluggable GSS_API-based security mechanism can be used by applications using RPCSEC_GSS.

• A preconfiguration procedure -- Allows you to set the parameters for installing and configuring SEAM, making SEAM installation automatic; especially useful for multiple installations.

• Kernel modifications -- Allow faster performance.

SEAM Components in the Solaris 8 Release

The Solaris 8 release included only the client-side portions of SEAM, so many of these components are not included. This enables systems running the Solaris 8 release to become SEAM clients without having to install SEAM separately. To use this funtionality you must install a KDC using either SEAS 3.0 or Solaris 8 Admin Pack, the MIT distribution, or Windows2000. The client-side components are not useful without a configured KDC to distribute tickets. The following components were included in this release:

• User programs for obtaining, viewing, and destroying tickets -- kinit, klist, kdestroy -- and for changing your SEAM password -- kpasswd

• Key table administration utility -- ktutil

• Additions to the Pluggable Authentication Module (PAM) -- Allows applications to use various authentication mechanisms; PAM can be used to make login and logouts transparent to the user.

• GSS_API plug-ins -- Provides Kerberos protocol and cryptographic support

• NFS client and server support

SEAM 1.0.1 Components

The SEAM 1.0.1 release includes all of the portions of the SEAM 1.0 release that are not already included in the Solaris 8 release. This includes:

• Key Distribution Center (KDC) (master):

  • Kerberos database administration daemon -- kadmind

  • Kerberos ticket processing daemon -- krb5kdc

• Slave KDCs

• Database administration programs -- kadmin and kadmin.local

• Database propagation software -- kprop

• Applications -- ftp, rcp, rlogin, rsh, and telnet -- and daemons for these applications -- ftpd, rlogind, rshd and telnetd

• Administration utility -- kdb5_util

• SEAM Administration Tool (gkadmin) -- Allows you to administer the KDC. This Java(TM)-based GUI allows an administrator to perform the tasks usually performed through the kadmin command.

• A preconfiguration procedure -- Allows you to set the parameters for installing and configuring SEAM, making SEAM installation automatic; especially useful for multiple installations.

• Kernel modifications -- Allow faster performance.

• Several libraries