Compromised Security Around the Root Password

It might be necessary to regenerate security keys on a host running Communications Suite. For example, if there is a risk that a root password has been exposed or compromised, you should regenerate security keys. The keys used by the common agent container services are stored in the following locations:

Solaris OS: /etc/opt/SUNWcacao/security

Linux: /etc/opt/sun/cacao/security

Under normal operation, these keys can be left in their default configuration. If you need to regenerate the keys due to a possible key compromise, you can regenerate the security keys using the following procedure.

Security Key Problems

To Generate Keys for Solaris OS

1. As root, stop the common agent container management daemon.

   /opt/SUNWcacao/bin/cacaoadm stop

2. Regenerate the security keys.

   /opt/SUNWcacao/bin/cacaoadm create-keys --force

3. Restart the common agent container management daemon.

   /opt/SUNWcacao/bin/cacaoadm start

   ---

   Note –

   In the case of Sun Cluster software, you must propagate this change across all nodes in the cluster. For more information, see “How to Finish a Rolling Upgrade to Sun Cluster 3.1 8/05 Software” in Sun Cluster Software Installation Guide for Solaris OS.

   ---

To Generate Keys for Linux

1. As root, stop the common agent container management daemon.

   /opt/sun/cacao/bin/cacaoadm stop

2. Regenerate the security keys.

   /opt/sun/cacao/bin/cacaoadm create-keys --force

3. Restart the common agent container management daemon.

   /opt/sun/cacao/bin/cacaoadm start

   For more information on the cacaoadm(1M) command, see the cacaoadm man page.