The SMC operates by collecting data from systems, providing an interface for viewing that data, and allowing administrative tasks to be executed on the basis of that data. Different servers can store localized toolboxes. Alternatively, if a high-resolution graphics card and/or monitor is not available, SMC can be started with a command-line interface.
The command that starts the SMC is /usr/sadm/bin/smc. This assumes that SMC is to be opened for operations. An alternative mode of operation is provided by the smc edit mode, where toolboxes can be modified or updated. The following options are available to the smc command when starting up:
-auth-data Allows authentication data to be read from a file.
-toolbox Stipulates the name of a toolbox to read in from a file. Alternatively, a URL can be specified that points to the location of a toolbox.
-domain Designates the domain name for the systems that are being managed. LDAP, DNS, NIS, and NIS+ domains are supported. The form of the URL for a DNS domain cassowary.net and the host midnight would be dns:/midnight/cassowary.net.
-hostname:port Nominates the hostname and port number of the server to manage. The default port number is 898.
-J Passes any command-line options to the Java Virtual Machine, such as the initial and maximum heap sizes.
-rolepassword Specifies a password for the role rolename.
-password Specifies a password for username.
-rolename Specifies a role to execute SMC.
-t Executes SMC in terminal mode.
-trust Allows all downloaded code to be trusted.
-tool Specifies a tool to be executed.
-username Specifies a username with which SMC is to be executed.
-yes By default, answers yes to all interactive questions.
The format of data in an auth-data file is as follows:
hostname=ivana username=root password=my1asswd rolename=su rolepassword=su1asswd
Of course, any auth-data file should be read-only by root, or by the user who is assigned the role of SMC management. However, there is always an inherent risk in storing passwords plaintext in a file on any file system, because it could be removed and mounted on another system and its contents read directly. Alternatively, gaining unauthorized access to the auth-data file may allow a cracker to obtain administrative access to a large number of servers whose authentication tokens are stored in the file.
One file is normally created for every server whose credentials must be locally stored.
Exercise 29-1 Using SMC Start SMC using a set of credentials stored in an auth-data file. Can you identify any security weaknesses with this approach?
There are a number of different Java options that may be useful for the initialization of the SMC that can be passed using the –J option. These options include the following:
-Xmixed Runs in mixed mode execution.
-Xint Runs in interpreted mode.
-Xbootclasspath Lists directories in which to search for classes for bootstrapping.
-Xbootclasspath/a Appends directories in which to search for classes for bootstrapping.
-Xbootclasspath/p Prepends directories in which to search for classes for bootstrapping.
-Xnoclassgc Switches off garbage collection.
-Xincgc Switches on progressive garbage collection.
-Xbatch Switches off compilation in the background.
-Xms Sets an initial size for the Java heap.
-Xmx Sets a maximum size for the Java heap.
-Xss Sets a size for the Java thread stack.
-Xprof Displays CPU profiling output.
-Xrunhprof Displays heap or monitor profiling output.
-Xdebug Allows debugging remotely.
-Xfuture Enforces strict checking.
-Xrs Minimizes native calls.
Exercise 29-2 SMC and Java Start SMC using a set of Java options that minimize the amount of memory utilized initially, but allow for a maximum of 64MB of RAM to be utilized. Monitor the performance of the application using prstat. Does it ever come close to consuming the maximum amount of RAM allocated to the JVM?