test

Sun Enterprise Authentication Mechanism 1.0.1 Guide

SEAM Administration Tool

The SEAM Administration Tool is an interactive graphical user interface (GUI) that enables you to maintain Kerberos principals and policies. It provides much the same functionality as the kadmin command; however, it does not support the management of keytabs. You must use the kadmin command to administer keytabs, which is described in "Administering Keytabs".

Like the kadmin command, the SEAM Tool uses Kerberos authentication and encrypted RPC to operate securely from anywhere on the network. The SEAM Tool enables you to:

The SEAM Tool also provides context-sensitive and general online help.

The following task maps provide pointers to the various tasks you can do with the SEAM Tool:

Also, go to "SEAM Tool Panel Descriptions" for descriptions of all the principal and policy attributes you can either specify or view in the SEAM Tool.

Command-Line Equivalents of the SEAM Tool

This section lists the kadmin commands that provide the same functionality as the SEAM Tool and can be used without running an X Window system. Even though most of the procedures in this chapter use the SEAM Tool, many of the procedures also provide corresponding examples using the command-line equivalents.

Table 5-1 Command-Line Equivalents of the SEAM Tool

Procedure 

kadmin Command

Viewing the list of principals 

list_principals or get_principals

Viewing a principal's attributes 

get_principal

Creating a new principal 

add_principal

Duplicating a principal 

No command-line equivalent 

Modifying a principal 

modify_principal and change_password

Deleting a principal 

delete_principal

Setting up defaults for creating new principals 

No command-line equivalent 

Viewing the list of policies 

list_policies or get_policies

Viewing a policy's attributes 

get_policy

Creating a new policy 

add_policy

Modifying a policy 

modify_policy

Duplicating a policy 

No command-line equivalent 

Deleting a policy 

delete_policy

Files Modified by the SEAM Tool

The only file that the SEAM Tool modifies is the $HOME/.gkadmin file. It contains the default values for creating new principals and can be updated by choosing Properties from the Edit menu.

Print and Online Help Features of the SEAM Tool

The SEAM Tool provides both print and online help features. From the Print menu, you can send the following to a printer or a file:

From the Help menu, you can obtain context-sensitive help and general help. When you choose Context-Sensitive Help from the Help menu, the Context-Sensitive Help window is displayed and the tool is switched to help mode. In help mode, when you click on any of the fields, labels, or buttons on the window, help on that item is displayed in the Help window. To switch back to the tool's normal mode, click Dismiss in the Help window.

You can also choose Help Contents, which opens an HTML browser that provides pointers to the general overview and task information that is provided in this chapter.

Working With Large Lists in the SEAM Tool

As your site starts accumulating a large number of principals and policies, the time it takes the SEAM Tool to load and display the principal and policy lists will become increasingly longer and will slow down your productivity with the tool. There are several ways to work around this.

First, you can completely eliminate the time to load the lists by not having the SEAM Tool load the lists. You can set this option by choosing Properties from the Edit menu and unchecking the Show Lists field. Of course, when the tool doesn't load the lists, it can't display the lists and you can no longer use the list panels to select principals or policies. Instead, you must enter a principal or policy name in the new Name field that is provided, then select the operation you want to perform on it. Basically, entering a name becomes equivalent to selecting an item from the list.

Another way to work with large lists is to cache them. In fact, caching the lists for a limited time is set as the default behavior for the SEAM Tool. The SEAM Tool must still initially load the lists into the cache, but after that, the tool can use the cache rather than retrieving the lists again. This eliminates the need to keep loading the lists from the server, which is what takes so long.

You can set list caching by also choosing Properties from the Edit menu. There are two cache settings. You can choose to cache the list forever, or you can specify a time limit when the tool must reload the lists from the server into the cache.

Caching the lists still enables you to use the list panels to select principals and policies, so it doesn't affect how you use the SEAM Tool like the first option does. Also, even though caching doesn't enable you to see the changes of others, you are still able to see the latest list information based on your changes, since your changes update the lists both on the server and in the cache. And, if you want to update the cache to see the changes of others and get the lastest copy of the lists, you can use the Refresh menu whenever you want to refresh the cache from the server.

How to Start the SEAM Tool

  1. Start the SEAM Tool by using the gkadmin command.


    $ /usr/krb5/sbin/gkadmin

    The Login window is displayed.

    Graphic

  2. If you don't want to use the default values, specify new ones.

    The Login window automatically fills in with default values. The default principal name is determined by taking your current identity from the USER environment variable and appending /admin to it (username/admin). The default Realm and Master KDC fields are selected from the /etc/krb5/krb5.conf file. If you ever want to go back to the default values, click Start Over.

    Note -

    The administration operations that the principal name can perform are dictated by the Kerberos ACL file, /etc/krb5/kadm5.acl. See "Using the SEAM Tool With Limited Kerberos Administration Privileges" for information about limited privileges.

  3. Enter a password for the specified principal name.

  4. Click OK.

    The following window is displayed.

    Graphic