Installing and Enabling the Secure Internet Services

Log in as root on the system where you want to install and enable the product.

Invoke swinstall. The default view of the software is in the form of bundles. Change the software view to products and select the InternetSvcSec product for installation. For more information on the swinstall utility, see Managing HP-UX Software with SD-UX.

The product contains the run-time file set INETSVCS-SEC as well as file sets for the man pages. The INETSVCS-SEC file set contains the secure versions of the services (kftp/kftpd, krcp, kremsh/kremshd, krlogin/krlogind, and ktelnet/ktelnetd). In addition to the client and daemon man pages for the services there is a new man page called sis(5) which contains information common to all the Secure Internet Services, including warning and error messages.

Within INETSVCS-SEC is a required startup script called inetsvcs_sec. This script must be run to enable the product. (See step 5.)

	NOTE: If a user wants to activate the HP DCE Integrated Login Utilities package and install this product, the HP DCE Integrated Login must be activated before this product is installed. Similarly, if a user wants to deactivate the HP DCE Integrated Login Utilities and install this product, deactivation must take place before the installation of this product. The order is important because the HP DCE Integrated Login Utilities package offers ftp in addition to its other services. When activated, it overwrites the existing ftp with its own version of ftp. The Secure Internet Services ftp service can be used to replace the ftp service provided by HP DCE Integrated Login Utilities package. The secure version will ensure that a password is not sent over the network in a readable form. However, users will not be allowed access to remote DFS (Distributed File Service) cells as they are with the HP DCE Integrated Login Utilities ftp service.

Review the swinstall log files for warnings or errors.

Any logged errors will be accompanied by information describing the appropriate action for resolving the installation problem.

Verify the installation of the new executable.

The clients kftp, krcp, kremsh, krlogin, and ktelnet should be present in /usr/bin.

The daemons kftpd, kremshd, krlogind, and ktelnetd should be present in /usr/lbin.

The following client man pages should be present in /usr/share/man/man1.Z:

kftp(1), krcp(1), kremsh(1), krlogin(1), and telnet(1).

The following daemon man pages should be present in /usr/share/man/man1m.Z:

kftpd(1M), kremshd(1M), krlogind(1M), and telnetd(1M)

The sis(5) man page should be present in /usr/share/man/man5.Z.

The enable script inetsvcs_sec should be present in /usr/sbin.

To enable the product, invoke the following command:

/usr/sbin/inetsvcs_sec enable

When the product is enabled the non-secure executables are stored in files of the same name, but with the extension .noauth. The original service names are then symbolically linked to their respective secure versions. The original man pages are moved to files with the same name, but with the extension .safe. The secure versions of the man pages are then copied over the original versions of the man pages (i.e. ftp(1) is moved to ftp.safe, kftp(1) is moved to ftp(1)).

To verify that the product has been successfully enabled check that the .noauth files, .safe files, and linkages exist as described.

Log in as root on the system where you want to disable and remove the product.

To disable the product without removing the files, invoke the following command:

/usr/sbin/inetsvcs_sec disable

Verify that the prior executables and man pages were restored.

To remove the product invoke swremove and remove the InternetSvcSec product.