SEAM Security

To use SEAM-based security with SunVTS, you must have the following:

• The complete SEAM 1.0.1 client/server application must be installed and running in your network environment.

• The systems for which you install SunVTS must have, at minimum, the SEAM 1.0.1 client software installed.

• Select the SEAM-based security (Kerberos V5) choice during the SunVTS installation.

Refer to the following documents for more information on SEAM: o Sun Enterprise Administration Mechanism 1.0.1 Guide o SEAM 1.0.1 Installation and Release Notes These documents are part of the Sun Enterprise Authentication Mechanism 1.0.1 AnswerBook Collection, and available at http://docs.sun.com. The SEAM software is part of the Solaris release.

The SunVTS SEAM security system is based on Kerberos V5 technology, which revolves around the concept of a ticket. A ticket is a set of electronic information that serves as identification for a user or a service. When you connect to another host through SunVTS, you transparently send a request for a ticket to a Key Distribution Center (KDC), which accesses a database to authenticate your identity. The KDC returns a ticket granting you permission to access the other machine. "Transparently" means that you do not need to explicitly request a ticket; it happens in the background as part of the remote connection. No user password is transmitted in the network. Only the authenticated client can get a ticket for a specific service; another client cannot gain access under an assumed identity.

If you choose to run SunVTS with SEAM security, use the following SEAM assignments:

• Principal--set to sunvts

• Complete Service Name--set to sunvts@host, where host is the fully qualified domain name of the host where the SunVTS kernel is running.