Managing NFS and NIS, 2nd Edition - Mike Eisler [166]
However, the rest of this section collects some practical overview information on SEAM that you might find useful as you approach the issue of deploying Kerberos V5.
SEAM 1.0 is available for Solaris 2.6 and Solaris 7, and is packaged with the Solaris Easy Access Server (SEAS) 3.0 product, which is unbundled from Solaris 2.6 and Solaris 7. If you bought a server from Sun, you might find SEAS 3.0 preinstalled. At the time this book was written, SEAM 1.0.1 was available for Solaris 8 as a free download from Sun's website. Look for the product called Solaris 8 Admin Pack. Do not attempt to run SEAM 1.0 on Solaris 8. If you upgrade to Solaris 8 from a Solaris 2.6 or Solaris 7 system that has SEAM 1.0 installed, then you should immediately install SEAM 1.0.1.
SEAM 1.0 and SEAM 1.0.1 rely on a GUI-based installation technology that is similar to Installshield for Windows systems. What you do not want to do is go ahead and install SEAM without reading the documentation. A couple of notes:
SEAM 1.0 comes on the SEAS 3.0 CD-ROM. Install the SEAS 3.0 documentation first, and read through the SEAM 1.0 documentation.
SEAM 1.0.1 is part of the Solaris 8 Admin Pack, and at the time this book was written, the only way to get SEAM 1.0.1 was to download it. You can download SEAM 1.0.1 separately from the rest of the Admin Pack. However, be warned that it comes in a self-extracting shell script, otherwise known as a shar file; the term shar stands for shell archive. The shar file proceeds to run the GUI installer, and the installer does not let you install the documentation first, because it doesn't have the documentation. Instead, you first need to download the documentation separately (which includes all the documentation of the Admin Pack, so it is a large download). Once you've downloaded the documentation, start reading it.
There is also documentation on SEAM in the Solaris 8 administration documents. It is worth reading this as well.
Note that the SEAS 3.0 and Admin Pack documentation are packaged in the form of web pages.
As you read the SEAM documentation, it should be clear that SEAM and NIS plus RPC/DH share some parallels, including:
Both have master servers (SEAM has a master KDC, and NIS has a master NIS server).
Both recommend one or more slave servers.
Both have a distinct client component.
Both have a client-side daemon for managing session keys (SEAM has gssd, RPC/DH has keyserv).
If you read the SEAM 1.0 documentation from the SEAS 3.0 product, the SEAM 1.0.1 documentation from the Admin Pack, and the SEAM documentation in Solaris 8, you see that progressive releases of Solaris, from 2.6 onward, integrate more and more components of SEAM. Table 12-1 describes the progression so far.
Table 12-1. SEAM progression
Solaris Release
Unbundled Product
SEAM Version
Features Integrated with Solaris
Features Integrated in Unbundled Product
Solaris 2.6
SEAS 3.0
SEAM 1.0
RPCSEC_GSS hooks
KDC, Remote KDC administration, Kerberized networking utilities, Kerberos client utilities, RPCSEC_GSS, GSS-API, Kerberos V5 GSS provider, Kerberos V5 PAM module
Solaris 7
SEAS 3.0
SEAM 1.0
RPCSEC_GSS, GSS-API
KDC, Remote KDC administration, Kerberized networking utilities, Kerberos client utilities, Kerberos V5 GSS provider, Kerberos V5 PAM module
Solaris 8
Solaris 8 Admin Pack
SEAM 1.0.1
RPCSEC_GSS, GSS-API, Kerberos client utilities, Kerberos V5 GSS provider, Kerberos V5 PAM module
KDC, Remote KDC administration, Kerberized networking utilities
Presumably the progression in Table 12-1 will continue with future versions of Solaris and other operating systems.
The fifth column of Table 12-1 consistently lists "Kerberized networking utilities." These are utilities like rlogin, rsh, rcp, ftp, and telnet (and their server daemons) that have been modified to understand Kerberos V5 security. The reason they are there is that they facilitate the deployment of an Intranet that sends no passwords in the clear over the wire, and indeed, via forwardable TGTs, enables you to send