1. Automatically Installing Oracle Solaris 11.4 Systems
  2. Securing Automated Installation
  3. Securing Automated Installations

Securing Automated Installations

To assign security credentials, use the following command format.

$ installadm set-entity [-D] -f|--hmac-type signature-type
 \
[-g| [-H|--generate-hmac-key]]
set-entity

Specifies the subcommand to use depending on the component or entity you are configuring: set-server, set-client, or set-service.

-D

Changes the default client security credentials. This option is used only with the set-server subcommand.

-f or --hmac-type signature-type

Sets the signature type for the server, client, or service. It can be either hmac-sha1 or hmac-sha256. If you specify hmac-sha1, the signature type applies only to SPARC clients. For x86 clients, hmac-sha256 is the only supported type.

-g

Generates or regenerates HTTPS credentials. The option also generates firmware keys if these do not exist. The HMAC key that is generated is based on the signature type you specified.

-H or --generate-hmac-key

Regenerates existing HMAC firmware keys according to the signature type you specified. Note that the -H option is for key regeneration only. An error occurs if you use the option while no keys actually exist.

Note:

If you are servicing SPARC clients, then after you generate HMAC keys, you must also set those keys on the individual client's firmware. See SPARC: Configuring WAN Boot Security for SPARC Clients.

The sections that follow show how to apply this command to the AI server, install services, and specific clients.