Starfish is a powerful tool for use by professionally qualified system administrators. Believing that strong authentication is better than weak privilege, we encourage you to configure Starfish so that its use is restricted to authorized individuals at your site.
You do this by generating certificates whose passphrases are to be known by these individuals only, and then by configuring the Starfish managers and agents to use these certificates. Starfish is shipped without certificates, so that it cannot be used until these steps are taken.
Starfish certificates are based on the Internet X.509 Public Key Infrastructure standard described in RFC 3280. They can be generated by the
starfishcertcommand supplied with the Starfish distribution, or any other method which complies with this standard.
The Starfish manager and agent use similar configuration files to identify where to find certificates and which to use. A sample configuration file is supplied with the Starfish distribution. As shipped, this file is safe for use by both manager and agent.
Since the agent is run directly by the operating system, the name of its configuration file is typically passed to it at boot time through the launch script supplied with the distribution. You may need to modify the script in order to identify the appropriate configuration file.
The Starfish manager runs interactively, so it has a variety of preference options for personal use. It expects to find a configuration file named
.starfishrcin your home directory. This file also identifies certificates for use by the manager.
You will need to think carefully about what kinds of certificates best reflect the security relationships at your site. Certificates do not simply affect the privacy of the connection, they also determine whether an agent will recognize a manager as having the authority to control the agent.
Your site may have a very simple policy in which any manager may control any agent. In this case, you may need only to generate a single certificate to be shared among all the managers, and a single certificate for all the agents.
At more complex sites, some managers may be limited to certain agents, while others are allowed broader control. Here, some agents would receive a certificate containing keys for both managers, while the remainder would receive a single key as before.
As you generate and install certificate files and private keys, verify that they are permitted as restrictively as possible, consistent with site policy. Keys should only be readable by their owners, and should be protected by passphrases which are known only to their owners.