Account Management 3.0
 
Platform Services Quick Start Guide for Linux, Solaris, HP/UX, FreeBSD
    Prerequisites Installation and verification steps
  1. You must install or configure an entropy daemon prior to installing Platform Services SSL communictions.
    Solaris:
    2. Solaris versions before Solaris 9 do not include a dev/random device. Sun has released this functionality for versions 2.6 onward in Patch ID: 112438- 01.
    HP/UX: Does not provide a /dev/random device you should obtain one or use prngd.
    Note:Account Management ships with the prngd which can be retrieved here prngd-0.9.24.tar.gz or from /prngd in the Distribution Directory, created on the Manager server by Core Services installation.

    To install Platform Services for Solaris, Linux, HP/UX, and FreeBSD
    If you do not have an appropriatly configured Platform Set object, use the Account Management Web Interface to create a Platform Set object and associate the appropriate users and groups with it via the search object configuration page also make sure that search object for the platform is covered by a Census search object.
    Generally platform sets are determined by sets of users and groups, and multiple types of platforms can reside in a single platform set and users and groups can reside in multiple platform sets.
    When ever you modify a search object for the census or platform sets you should start a trawl to populate the platforms.
  2. Use the Account Management Web Interface to create a Platform Object in an appropriate Platform Set.
    Make sure you set all the IP addresses for the Platform in the web interface to make sure mutually authenticated SSL will function properly.
  3. Log in as root to the server where you are installing Platform Services.
  4. Copy the distribution package from here
    Solaris: am300_platserv_solaris.tar
    5. Linux:am300_platserv_linux.tar
    HP/UX: am300_platserv_hpux.tar
    FreeBSD: am300_platserv_bsd.tar
    or from the Distribution Directory on the Manager server to a temporary location on the target server.
  5. Extract the distribution package
    This creates and populates an ASAM directory in the temporary location.
  6. Run the setup/install script from this ASAM directory. This prepares the /usr/local/ASAM directory.
  7. Run the /usr/local/ASAM/bin/PlatformServices/plat-config script.
    You can now remove all of the distribution files from the temporary location.
  8. Obtain a Platform certificate from the Manager by running either the Platform Services Process or the Platform Receiver with the -s command line parameter:
    /usr/local/ASAM/bin/PlatformServices/PlatformServicesProcess/asampsp -s
    or
    /usr/local/ASAM/bin/PlatformServices/PlatformReceiver/asamrcvr -s
    Respond to the prompts:
    Common name of the Platform configuration object (specified in the Web interface when it was created)
    Fully distinguished name and password of a directory user with Read and Create object rights to the ASAM System container
  9. Review the contents of the Platform Configuration file /usr/local/ASAM/data/asamplat.conf.
    10. Make sure it has at least one agent configured if you wish to do Authentication Redirection.
  10. Review the file permissions of /usr/local/ASAM/data to ensure that they are appropriate for your installation.
  11. Solaris: Edit your /etc/pam.conf
    12. file to call the /usr/lib/security/pam_ascauth.so.1 module.
    Linux: Edit your /etc/pam.d/* files to call /lib/security/pam_ascauth.so module.
    HP/UX: Edit your /etc/pam.conf file to call the /usr/lib/security/libpam_ascauth.1 module
    BSD: Edit your /etc/pam.conf file to call the /usr/lib/pam_ascauth.so module.
    A sample pam.conf module is included in ASAM/bin/PlatformServices.
  12. The Platform Receiver responds to events by running corresponding Receiver Scripts. The Platform Receiver runs Receiver Scripts from /usr/ local/ASAM/bin/PlatformServices/PlatformReceiver/scripts. The base set of Receiver Scripts is delivered to you in a subdirectory of /usr/local/ ASAM/bin/PlatformServices/PlatformReceiver/scripts called [platform name]-passwd. The install offered to install the base scripts for you. If you accepted, then the plat-config script copied all of the scripts in
    13. [platform name]-passwd up one level to /usr/local/ASAM/bin/ PlatformServices/PlatformReceiver/scripts.
    NOTE If you have developed your own set of custom scripts, copy your custom scripts to /usr/local/ASAM/bin/PlatformServices/PlatformReceiver/scripts.
    NOTE For information about developing your own custom scripts, see /usr/local/ASAM/bin/PlatformServices/PlatformReceiver/scripts/scriptwriters.README.
  13. Run the Platform Receiver in Full Sync Mode by using the -f command line parameter:
    /usr/local/ASAM/bin/PlatformServices/ PlatformReceiver/asamrcvr -f
  14. Add Platform Services Process and Platform Receiver operation into
    routine system startup, shutdown, and scheduling procedures as
    appropriate.
    NOTE: Optional Startup/Shutdown scripts are provided in the ASAM/data/ UnixStartupScripts directory.