The Oracle Solaris Security for Developers Guide describes the public application programming interfaces (API) and service provider interfaces (SPI) for the security features in the Oracle Solaris operating system. The term service provider refers to components that are plugged into a framework to provide security services, such as cryptographic algorithms and security protocols.
Note - This Solaris release supports systems that use the SPARC and x86 families of processor architectures: UltraSPARC, SPARC64, AMD64, Pentium, and Xeon EM64T. The supported systems appear in the Solaris 10 Hardware Compatibility List at http://www.sun.com/bigadmin/hcl. This document cites any implementation differences between the platform types.
In this document these x86 related terms mean the following:
“x86” refers to the larger family of 64-bit and 32-bit x86 compatible products.
“x64” points out specific 64-bit information about AMD64 or EM64T systems.
“32-bit x86” points out specific 32-bit information about x86 based systems.
For supported systems, see the Solaris 10 Hardware Compatibility List.
The Oracle Solaris Security for Developers Guide is intended for C-language developers who want to write the following types of programs:
Privileged applications that can override system controls
Applications that use authentication and related security services
Applications that need to secure network communications
Applications that use cryptographic services
Libraries, shared objects, and plug-ins that provide or consume security services
Note - For Java-language equivalents to the Solaris features, see http://java.sun.com/javase/technologies/security/.
Readers of this guide should be familiar with C programming. A basic knowledge of security mechanisms is helpful but not required. You do not need to have specialized knowledge about network programming to use this book.
This book is organized into the following chapters.
Chapter 1, Oracle Solaris Security for Developers (Overview) provides an introduction to the Solaris security.
Chapter 2, Developing Privileged Applications describes how to write privileged applications that use process privileges.
Chapter 3, Writing PAM Applications and Services explains how to write a pluggable application module (PAM).
Chapter 4, Writing Applications That Use GSS-API provides an introduction to the Generic Security Service Application Programming Interface (GSS-API).
Chapter 7, Writing Applications That Use SASL describes how to write applications for the Simple Authentication Security Layer (SASL).
Chapter 8, Introduction to the Oracle Solaris Cryptographic Framework provides an overview of the Solaris cryptographic framework, both at the user level and kernel level.
Chapter 9, Writing User-Level Cryptographic Applications and Providers describes how to write consumers and providers for the user level of the Solaris cryptographic framework.
Chapter 10, Using the Smart Card Framework describes the Solaris Smart Card framework.
Appendix A, Sample C-Based GSS-API Programs provides complete code listings for the GSS-API examples.
Appendix B, GSS-API Reference provides reference information for various items in the GSS-API.
Appendix C, Specifying an OID describes how to specify a mechanism. This technique is used in cases where a mechanism other than the default mechanism is to be used.
Appendix D, Source Code for SASL Example provides complete code listings for the SASL examples.
Appendix E, SASL Reference Tables provides brief descriptions of the major SASL interfaces.
Appendix F, Packaging and Signing Cryptographic Providers describes how to package and sign cryptographic providers.
Glossary provides definitions for security terms that are used throughout the manual.
For other information about security features, see the following sources:
System Administration Guide: Security Services provides descriptions of Solaris security features from the system administrator's point of view.
Generic Security Service Application Program Interface document (ftp://ftp.isi.edu/in-notes/rfc2743.txt) provides a conceptual overview of the GSS-API.
Generic Security Service API Version 2: C-Bindings document (ftp://ftp.isi.edu/in-notes/rfc2744.txt) discusses the specifics of the C-language-based GSS-API.
ONC+ Developer’s Guide provides information about remote procedure calls.
See the following web sites for additional resources:
Oracle welcomes your comments and suggestions on the quality and usefulness of its documentation. If you find any errors or have any other suggestions for improvement, go to http://docs.sun.com and click Feedback. Indicate the title and part number of the documentation along with the chapter, section, and page number, if available. Please let us know if you want a reply.
Oracle Technology Network offers a range of resources related to Oracle software:
Discuss technical problems and solutions on the Discussion Forums.
Get hands-on step-by-step tutorials with Oracle By Example.
Download Sample Code.
The following table describes the typographic conventions that are used in this book.
Table P-1 Typographic Conventions
The following table shows the default UNIX system prompt and superuser prompt for shells that are included in the Oracle Solaris OS. Note that the default system prompt that is displayed in command examples varies, depending on the Oracle Solaris release.
Table P-2 Shell Prompts