Securing Automated Installations
To assign security credentials, use the following command format.
$ installadm set-entity [-D] -f|--hmac-type signature-type \ [-g| [-H|--generate-hmac-key]]
- set-entity
-
Specifies the subcommand to use depending on the component or entity you are configuring:
set-server
,set-client
, orset-service
. -
-D
-
Changes the default client security credentials. This option is used only with the
set-server
subcommand. -
-f
or--hmac-type
signature-type -
Sets the signature type for the server, client, or service. It can be either
hmac-sha1
orhmac-sha256
. If you specifyhmac-sha1
, the signature type applies only to SPARC clients. For x86 clients,hmac-sha256
is the only supported type. -
-g
-
Generates or regenerates HTTPS credentials. The option also generates firmware keys if these do not exist. The HMAC key that is generated is based on the signature type you specified.
-
-H
or--generate-hmac-key
-
Regenerates existing HMAC firmware keys according to the signature type you specified. Note that the
-H
option is for key regeneration only. An error occurs if you use the option while no keys actually exist.
Note:
If you are servicing SPARC clients, then after you generate HMAC keys, you must also set those keys on the individual client's firmware. See SPARC: Configuring WAN Boot Security for SPARC Clients.The sections that follow show how to apply this command to the AI server, install services, and specific clients.