Components of the SEAM product have been included in four releases. The following table describes which components are included in each release. All components are described in the following sections.
Table 7–1 SEAM Release Contents
Release Name |
Contents |
---|---|
SEAM 1.0 in Solaris Easy Access Server (SEAS) 3.0 |
Full release of SEAM for the Solaris 2.6 and 7 releases |
SEAM in the Solaris 8 release |
SEAM client software only |
SEAM 1.0.1 in the Solaris 8 Admin Pack |
SEAM KDC and remote applications for the Solaris 8 release |
SEAM in the Solaris 9 release |
SEAM KDC and client software only |
SEAM 1.0.2 |
SEAM remote applications for the Solaris 9 release |
Similar to the MIT distribution of Kerberos V5, SEAM includes the following:
Key Distribution Center (KDC) (master):
Kerberos database administration daemon – kadmind
Kerberos ticket processing daemon – krb5kdc
Slave KDCs
Database administration programs – kadmin and kadmin.local
Database propagation software – kprop
User programs for obtaining, viewing, and destroying tickets – kinit, klist, kdestroy – and for changing your SEAM password – kpasswd
Applications – ftp, rcp, rlogin, rsh, and telnet – and daemons for these applications – ftpd, rlogind, rshd and telnetd
Administration utilities – ktutil, kdb5_util
Several libraries
In addition, SEAM includes the following:
SEAM Administration Tool (gkadmin) – Allows you to administer the KDC. This JavaTM technology-based GUI allows an administrator to perform the tasks that are usually performed through the kadmin command.
The Pluggable Authentication Module (PAM) – Allows applications to use various authentication mechanisms. PAM can be used to make login and logouts transparent to the user.
A utility (gsscred) and a daemon (gssd) – These programs help map UNIX user IDs (UIDs) to principal names. These programs are needed because SEAM NFS servers use UNIX UIDs to identify users and not principal names, which are stored in a different format.
The Generic Security Service Application Programming Interface (GSS-API) – Allows applications to use multiple security mechanisms without having to recompile the application every time a new mechanism is added. Because GSS-API is machine-independent, it is appropriate for applications on the Internet. GSS-API provides applications with the ability to include the integrity and privacy security services, as well as authentication.
The RPCSEC_GSS Application Programming Interface (API) – Allows NFS services to use Kerberos authentication. RPCSEC_GSS is a new security flavor that provides security services that are independent of the mechanisms being used. RPCSEC_GSS sits “on top” of the GSS-API layer. Any pluggable GSS_API-based security mechanism can be used by applications that use RPCSEC_GSS.
A preconfiguration procedure – Allows you to set the parameters for installing and configuring SEAM, which make SEAM installation automatic. This procedure is especially useful for multiple installations.
Kernel modifications – Allows for faster performance.
The Solaris 8 release included only the client-side portions of SEAM, so many components are not included. This product enables systems that run the Solaris 8 release to become SEAM clients without having to install SEAM separately. To use these capabilities, you must install a KDC that uses either SEAS 3.0 or the Solaris 8 Admin Pack, the MIT distribution, or Windows2000. The client-side components are not useful without a configured KDC to distribute tickets. The following components were included in this release:
User programs for obtaining, viewing, and destroying tickets – kinit, klist, kdestroy.
User program for changing your SEAM password – kpasswd.
Key table administration utility – ktutil.
Additions to the Pluggable Authentication Module (PAM) – Allows applications to use various authentication mechanisms. PAM can be used to make login and logouts transparent to the user.
GSS_API plug–ins – Provides Kerberos protocol and cryptographic support.
NFS client and server support.
The SEAM 1.0.1 release includes all components of the SEAM 1.0 release that are not already included in the Solaris 8 release. The components are as follows:
Key Distribution Center (KDC) (master):
Kerberos database administration daemon – kadmind.
Kerberos ticket processing daemon – krb5kdc.
Slave KDCs.
Database administration programs – kadmin and kadmin.local.
Database propagation software – kprop
Applications – ftp, rcp, rlogin, rsh, and telnet – and daemons for these applications – ftpd, rlogind, rshd and telnetd.
Administration utility – kdb5_util.
SEAM Administration Tool (gkadmin) – Allows you to administer the KDC. This Java technology-based GUI allows an administrator to perform the tasks that are usually performed through the kadmin command.
A preconfiguration procedure – Allows you to set the parameters for installing and configuring SEAM, which makes SEAM installation automatic. This procedure is especially useful for multiple installations.
Several libraries.
The Solaris 9 release includes all components of the SEAM 1.0 release, except for the remote applications and the preconfiguration procedure.
The SEAM 1.0.2 release includes the remote applications. These applications are the only part of SEAM 1.0 that have not been incorporated into the Solaris 9 release. The components for the remote applications are as follows:
Client applications – ftp, rcp, rlogin, rsh, and telnet.
Server Daemons – ftpd, rlogind, rshd and telnetd.