Go to main content

Automatically Installing Oracle® Solaris 11.4 Systems

Exit Print View

Updated: July 2019
 
 

Securing Automated Installations

To assign security credentials, use the following command format.

$ installadm set-entity [-D] -f|--hmac-type signature-type \
   [-g| [-H|--generate-hmac-key]]
set-entity

Specifies the subcommand to use depending on the component or entity you are configuring: set-server, set-client, or set-service.

–D

Changes the default client security credentials. This option is used only with the set-server subcommand.

–f or –hmac-type signature-type

Sets the signature type for the server, client, or service. It can be either hmac-sha1 or hmac-sha256. If you specify hmac-sha1, the signature type applies only to SPARC clients. For x86 clients, hmac-sha256 is the only supported type.

–g

Generates or regenerates HTTPS credentials. The option also generates firmware keys if these do not exist. The HMAC key that is generated is based on the signature type you specified.

–H or –generate-hmac-key

Regenerates existing HMAC firmware keys according to the signature type you specified. Note that the –H option is for key regeneration only. An error occurs if you use the option while no keys actually exist.


Note -  If you are servicing SPARC clients, then after you generate HMAC keys, you must also set those keys on the individual client's firmware. See Configuring WAN Boot Security for SPARC Clients.

The sections that follow show how to apply this command to the AI server, install services, and specific clients.