[. . . ] Red Hat Network Satellite 5. 0. 0 Installation Guide 5. 0. 0 ISBN: N/A Publication date: Red Hat Network Satellite Red Hat Network Satellite: Installation Guide 5. 0. 0 Copyright © 2007 Red Hat, Inc. Copyright © 2007 by Red Hat, Inc. This material may be distributed only subject to the terms and conditions set forth in the Open Publication License, V1. 0 or later (the latest version is presently available at http://www. opencontent. org/openpub/). Distribution of substantively modified versions of this document is prohibited without the explicit permission of the copyright holder. Distribution of the work or derivative of the work in any standard (paper) book form for commercial purposes is prohibited unless prior permission is obtained from the copyright holder. [. . . ] Red Hat reserves the right to compare the contents of that RHN Entitlement Certificate with the database's entitlement settings at any time to ensure compliance with the terms of the customer's contract with Red Hat. The steps referenced in this section are typically carried out by the RHN Satellite Server Installation Program itself and do not need to be repeated during initial installation. Instead, they are listed here for use by customers who have received a new RHN Entitlement Certificate, such as one reflecting an increase in the number of entitlements. 1. Receiving the Certificate The RHN Entitlement Certificate is an XML document that looks something like this: <?xml version="1. 0" encoding="UTF-8"?> <rhn-cert version="0. 1"> <rhn-cert-field name="product">RHN-SATELLITE-001</rhn-cert-field> <rhn-cert-field name="owner">Clay's Precious Satellite</rhn-cert-field> <rhn-cert-field name="issued">2005-01-11 00:00:00</rhn-cert-field> <rhn-cert-field name="expires">2005-03-11 00:00:00</rhn-cert-field> <rhn-cert-field name="slots">30</rhn-cert-field> <rhn-cert-field name="provisioning-slots">30</rhn-cert-field> <rhn-cert-field name="nonlinux-slots">30</rhn-cert-field> <rhn-cert-field name="channel-families" quantity="10" family="rhel-cluster"/> <rhn-cert-field name="channel-families" quantity="30" family="rhel-ws-extras"/> <rhn-cert-field name="channel-families" quantity="10" family="rhel-gfs"/> <rhn-cert-field name="channel-families" quantity="10" family="rhel-es-extras"/> <rhn-cert-field name="channel-families" quantity="40" family="rhel-as"/> <rhn-cert-field name="channel-families" quantity="30" family="rhn-tools"/> <rhn-cert-field name="satellite-version">3. 6</rhn-cert-field> <rhn-cert-field name="generation">2</rhn-cert-field> <rhn-cert-signature> -----BEGIN PGP SIGNATURE----Version: Crypt::OpenPGP 1. 03 iQBGBAARAwAGBQJCAG7yAAoJEJ5yna8GlHkysOkAn07qmlUrkGKs7/5yb8H/nboG mhHkAJ9wdmqOeKfcBa3IUDL53oNMEBP/dg== =0Kv7 37 Chapter 5. Entitlements -----END PGP SIGNATURE----</rhn-cert-signature> </rhn-cert> Note Do not try to use this RHN Entitlement Certificate; it is just an example. The initial RHN Entitlement Certificate is generated by a member of the RHN team and emailed to a consultant or customer prior to installation. This process helps guarantee that we do not inadvertently install any RHN Satellite Servers that the RHN team does not know about. Save the XML file to the Satellite machine in preparation for activation. 2. Uploading the RHN Entitlement Certificate If your RHN Satellite Server is connected to the Internet, you have the option of uploading your new RHN Entitlement Certificate through the RHN website. Log into https://rhn. redhat. com with your organization's Satellite-entitled account. Click Systems in the top navigation bar and then the name of the RHN Satellite Server. You may also find the Satellite through the Satellite line item within the Channels category. In the System Details page, click the Satellite subtab and examine the existing certificate. Ensure you have a backup of this file by copying and pasting its contents into a text editor. You will receive a message describing the deactivation at the top of the page. You may then browse to the location of your new RHN Entitlement Certificate or paste its contents into the text field provided. Your Satellite now has access to additional channels and client entitlements outlined in the new certificate. Managing the RHN Certificate with RHN Satellite Activate For disconnected Satellites or customers who prefer to work locally, Red Hat provides a command line tool for managing your RHN Entitlement Certificate and activating the Satellite using that certificate: RHN Satellite Activate (rhn-satellite-activate). This is included with 38 Command Line Entitlement Options the Satellite installation as part of the rhns-satellite-tools package. 3. 1. Command Line Entitlement Options The rhn-satellite-activate tool offers a handful of command line options for activating a Satellite using its RHN Entitlement Certificate: Option -h, --help --sanity-only Description Display the help screen with a list of options. Uploads new certificate and activates the Satellite based upon the other options passed (if any). For testing only - Provides an alternative system ID by path and file. For testing only - Disable SSL. --disconnected --rhn-cert=/PATH/TO/CERT --systemid=/PATH/TO/SYSTEMID --no-ssl Table 5. 1. [. . . ] PAM is a suite of libraries that helps system administrators integrate the Satellite with a centralized authentication mechanism, thus eliminating the need for remembering multiple passwords. RHN Satellite Server supports LDAP, Kerberos, and other network-based authentication systems via PAM. To enable the Satellite to use PAM and your organization's authentication infrastructure, follow the steps below. Note To ensure that PAM authentication functions properly, install the pam-devel package. 69 Chapter 8. Maintenance Set up a PAM service file (usually /etc/pam. d/rhn-satellite) and have the Satellite use it by adding the following line to /etc/rhn/rhn. conf: pam_auth_service = rhn-satellite This assumes the PAM service file is named rhn-satellite. [. . . ]