To complete the installation in stealth mode, encrypted communication between the Administration Station and the Screen must be achieved. This is done by enabling SunScreen SKIP, which was previously installed. In this procedure, you will need to tell the Administration Station what encryption algorithms to use to communicate with the Screen. For more information regarding SunScreen SKIP, see the SunScreen SKIP 1.5 User's Guide.
To configure the Administration Station to communicate with the Screen, you need to know:
What access control list (ACL) parameters to set to match the Screen's encryption settings.
The Screen's certificate ID.
The command obtained from the AdminSetup.readme file in the previous procedure is now used.
Instructions for using SKIP from the command line are found in Appendix A.
Open a terminal window and become root, if not already.
Launch the skiptool GUI by entering:
# skiptool |
You may need to use the skiptool -i name_of_interface (such as qe3) if you wish to set SKIP parameters on an interface other than the default interface.
The skiptool GUI appears, as shown in Figure 5-29.
You next add a default ACL to talk to unencrypted to all hosts.
Click the Add button, and under Host, choose the Off security option.
The Add Host properties window opens.
Type `default' as the Hostname and Click Apply.
This is shown in Figure 5-30.
You next add an ACL so the Administration Station and Screen can use encrypted communication.
Click the Add button, and under Host, choose the SKIP security option.
The Add Skip host properties window appears, as shown in Figure 5-31.
Use the information contained in the AdminSetup.readme file, obtained in the preceding procedure, and complete the fields.
Type Name_of_Screen in the Hostname field.
In the Secure field, select Whole Packet from the drop-down list.
In the Remote Key ID, make the appropriate selection from the drop-down list.
Refer to the AdminSetup.readme file to select the correct Remote Key ID. For self-generated certificates on the Administration Station, select MD5 (DH Public Value). For issued certificates, select IPv4. See Figure 5-32 for a sample of the Add SKIP Host Properties window completed.
In the Local Key ID, make the appropriate selection from the drop-down list.
Refer to the AdminSetup.readme file to select the correct Local Key ID. For self-generated certificates on the Administration Station, select MD5 (DH Public Value). For issued certificates, select IPv4.The ID value is filled in automatically.
Turn SKIP on. From the pulldown menu for "Access control is:", located at the top of the skiptool window, select `enabled'.
When you select enabled from the pulldown menu, a window appears when you save the configuration. Click Cancel to prevent these required systems, which are part of the default configuration, from showing up in the Authorized Systems window.
Select Save from the File pulldown menu.
After configuring SKIP, check that the encryption parameters and certificate ID (MKID) values match on both the Administration Station and the Screen.
To configure and manage your SunScreen from your Administration Station, run a Java-enabled Web browser compliant with JDK 1.1.3 or later, and launch the Administration GUI by typing the following URL:
http://Name_of_Screen:3852/ |
The Administration GUI appears, as shown in Figure 5-33.
To login, type the following and Click Login:
User Name: admin Password: admin |
You next configure and manage your SunScreen with the Administration GUI. See the SunScreen EFS 3.0 Administration Guide for further instructions.