System Administration Guide: Security Services
    
S
 
 -S option, st_clean script ( Index Term Link )
 
 safe protection level ( Index Term Link )
 
 SASL
  environment variable ( Index Term Link )
  options ( Index Term Link )
  overview ( Index Term Link )
  plug-ins ( Index Term Link )
 
 saslauthd_path option, SASL and ( Index Term Link )
 
 saving, failed login attempts ( Index Term Link )
 
 scope (RBAC), description ( Index Term Link )
 
 scp command
  copying files with ( Index Term Link )
  description ( Index Term Link )
 
 scripts
  audit_warn script ( Index Term Link )
  bsmconv effect ( Index Term Link )
  bsmconv for device allocation ( Index Term Link )
  bsmconv script ( Index Term Link )
  bsmconv to enable auditing ( Index Term Link )
  checking for RBAC authorizations ( Index Term Link )
  device-clean scripts
   See also device-clean scripts
  for cleaning devices ( Index Term Link )
  monitoring audit files example ( Index Term Link )
  processing praudit output ( Index Term Link )
  running with privileges ( Index Term Link )
  securing ( Index Term Link )
  use of privileges in ( Index Term Link )
 
 SCSI devices, st_clean script ( Index Term Link )
 
 SEAM Administration Tool
  and limited administration privileges ( Index Term Link )
  and list privileges ( Index Term Link )
  and X Window system ( Index Term Link )
  command-line equivalents ( Index Term Link )
  context-sensitive help ( Index Term Link )
  creating a new policy ( Index Term Link ) ( Index Term Link )
  creating a new principal ( Index Term Link )
  default values ( Index Term Link )
  deleting a principal ( Index Term Link )
  deleting policies ( Index Term Link )
  displaying sublist of principals ( Index Term Link )
  duplicating a principal ( Index Term Link )
  files modified by ( Index Term Link )
  Filter Pattern field ( Index Term Link )
  gkadmin command ( Index Term Link )
  .gkadmin file ( Index Term Link )
  help ( Index Term Link )
  Help Contents ( Index Term Link )
  how affected by privileges ( Index Term Link )
  kadmin command ( Index Term Link )
  login window ( Index Term Link )
  modifying a policy ( Index Term Link )
  modifying a principal ( Index Term Link )
  online help ( Index Term Link )
  or kadmin command ( Index Term Link )
  overview ( Index Term Link )
  panel descriptions ( Index Term Link )
  privileges ( Index Term Link )
  setting up principal defaults ( Index Term Link )
  starting ( Index Term Link )
  table of panels ( Index Term Link )
  viewing a principal's attributes ( Index Term Link )
  viewing list of policies ( Index Term Link )
  viewing list of principals ( Index Term Link )
  viewing policy attributes ( Index Term Link )
 
 secondary audit directory ( Index Term Link )
 
 secret keys
  creating ( Index Term Link ) ( Index Term Link )
  generating
   using the dd command ( Index Term Link )
   using the pktool command ( Index Term Link )
  generating for Secure RPC ( Index Term Link )
 
 Secure by Default installation option ( Index Term Link )
 
 secure connection
  across a firewall ( Index Term Link )
  logging in ( Index Term Link )
 
 Secure NFS ( Index Term Link )
 
 Secure RPC
  alternative ( Index Term Link )
  and Kerberos ( Index Term Link )
  description ( Index Term Link )
  implementation of ( Index Term Link )
  keyserver ( Index Term Link )
  overview ( Index Term Link )
 
 securing
  logins task map ( Index Term Link )
  network at installation ( Index Term Link )
  passwords task map ( Index Term Link )
  scripts ( Index Term Link )
 
 security
  across insecure network ( Index Term Link )
  auditing and ( Index Term Link )
  BART ( Index Term Link )
  computing digest of files ( Index Term Link )
  computing MAC of files ( Index Term Link )
  devices ( Index Term Link )
  DH authentication ( Index Term Link )
  encrypting files ( Index Term Link )
  installation options ( Index Term Link )
  netservices limited installation option ( Index Term Link )
  NFS client-server ( Index Term Link )
  password encryption ( Index Term Link )
  pointer to JASS toolkit ( Index Term Link )
  policy overview ( Index Term Link )
  preventing remote login ( Index Term Link )
  protecting against denial of service ( Index Term Link )
  protecting against Trojan horse ( Index Term Link )
  protecting devices ( Index Term Link )
  protecting hardware ( Index Term Link )
  protecting PROM ( Index Term Link )
  Secure by Default ( Index Term Link )
  system hardware ( Index Term Link )
 
 security attributes
  checking for ( Index Term Link )
  considerations when directly assigning ( Index Term Link )
  description ( Index Term Link )
  Printer management rights profile ( Index Term Link )
  privileges on commands ( Index Term Link )
  special ID on commands ( Index Term Link )
  using to mount allocated device ( Index Term Link )
 
 security mechanism, specifying with -m option ( Index Term Link )
 
 security modes, setting up environment with multiple ( Index Term Link )
 
 security policy, default (RBAC) ( Index Term Link )
 
 security service, Kerberos and ( Index Term Link )
 
 selecting
  audit classes ( Index Term Link )
  audit records ( Index Term Link )
  events from audit trail ( Index Term Link )
 
 semicolon (;)
  device_allocate file ( Index Term Link )
  separator of security attributes ( Index Term Link )
 
 sendmail command, authorizations required ( Index Term Link )
 
 seq audit policy
  and sequence token ( Index Term Link ) ( Index Term Link )
  description ( Index Term Link )
 
 sequence audit token
  and seq audit policy ( Index Term Link )
  format ( Index Term Link )
 
 ServerKeyBits keyword, sshd_config file ( Index Term Link )
 
 servers
  AUTH_DH client-server session ( Index Term Link )
  configuring for Solaris Secure Shell ( Index Term Link )
  definition in Kerberos ( Index Term Link )
  gaining access with Kerberos ( Index Term Link )
  obtaining credential for ( Index Term Link )
  realms and ( Index Term Link )
 
 service
  definition in Kerberos ( Index Term Link )
  disabling on a host ( Index Term Link )
  obtaining access for specific service ( Index Term Link )
 
 service keys
  definition in Kerberos ( Index Term Link )
  keytab files and ( Index Term Link )
 
 service management facility
  enabling keyserver ( Index Term Link )
  refreshing cryptographic framework ( Index Term Link )
  restarting cryptographic framework ( Index Term Link )
  restarting Solaris Secure Shell ( Index Term Link )
 
 Service Management Facility (SMF), See SMF
 
 service principal
  adding to keytab file ( Index Term Link ) ( Index Term Link )
  description ( Index Term Link )
  planning for names ( Index Term Link )
  removing from keytab file ( Index Term Link )
 
 session ID, audit ( Index Term Link )
 
 session keys
  definition in Kerberos ( Index Term Link )
  Kerberos authentication and ( Index Term Link )
 
 setfacl command
  -d option ( Index Term Link )
  -f option ( Index Term Link )
  description ( Index Term Link )
  examples ( Index Term Link )
  syntax ( Index Term Link )
 
 setgid permissions
  absolute mode ( Index Term Link ) ( Index Term Link )
  description ( Index Term Link )
  security risks ( Index Term Link )
  symbolic mode ( Index Term Link )
 
 setpin subcommand, pktool command ( Index Term Link )
 
 setting
  arge policy ( Index Term Link )
  argv policy ( Index Term Link )
  audit policy ( Index Term Link )
  audit queue parameters ( Index Term Link )
  principal defaults (Kerberos) ( Index Term Link )
 
 setuid permissions
  absolute mode ( Index Term Link ) ( Index Term Link )
  description ( Index Term Link )
  finding files with permissions set ( Index Term Link )
  security risks ( Index Term Link ) ( Index Term Link )
  symbolic mode ( Index Term Link )
 
 sftp command
  auditing file transfers ( Index Term Link )
  copying files with ( Index Term Link )
  description ( Index Term Link )
 
 sh command, privileged version ( Index Term Link )
 
 SHA1 kernel provider ( Index Term Link )
 
 sharing files
  and network security ( Index Term Link )
  with DH authentication ( Index Term Link )
 
 shell, privileged versions ( Index Term Link )
 
 shell commands
  /etc/d_passwd file entries ( Index Term Link )
  passing parent shell process number ( Index Term Link )
 
 shell process, listing its privileges ( Index Term Link )
 
 shell scripts, writing privileged ( Index Term Link )
 
 short praudit output format ( Index Term Link )
 
 shosts.equiv file, description ( Index Term Link )
 
 .shosts file, description ( Index Term Link )
 
 signal received during auditing shutdown ( Index Term Link )
 
 signing providers, cryptographic framework ( Index Term Link )
 
 single-sign-on system ( Index Term Link )
  Kerberos and ( Index Term Link )
 
 size of audit files
  reducing ( Index Term Link ) ( Index Term Link )
  reducing storage-space requirements ( Index Term Link )
 
 slave_datatrans file
  description ( Index Term Link )
  KDC propagation and ( Index Term Link )
 
 slave_datatrans_slave file, description ( Index Term Link )
 
 slave KDCs
  automatically configuring ( Index Term Link )
  configuring ( Index Term Link )
  definition ( Index Term Link )
  interactively configuring ( Index Term Link )
  master KDC and ( Index Term Link )
  or master ( Index Term Link )
  planning for ( Index Term Link )
  swapping with master KDC ( Index Term Link )
 
 slot, definition in cryptographic framework ( Index Term Link )
 
 smattrpop command, description ( Index Term Link )
 
 smexec command, description ( Index Term Link )
 
 SMF
  auditd service ( Index Term Link )
  managing auditd service ( Index Term Link )
  managing Secure by Default configuration ( Index Term Link )
 
 smmultiuser command, description ( Index Term Link )
 
 smprofile command
  changing rights profile ( Index Term Link )
  description ( Index Term Link )
 
 smrole command
  changing properties of role ( Index Term Link ) ( Index Term Link )
  description ( Index Term Link )
  using ( Index Term Link )
 
 smuser command
  changing user's RBAC properties ( Index Term Link )
  description ( Index Term Link )
 
 socket audit token ( Index Term Link )
 
 soft limit
  audit_warn condition ( Index Term Link )
  minfree line description ( Index Term Link )
 
 soft string, audit_warn script ( Index Term Link )
 
 Solaris auditing task map ( Index Term Link )
 
 Solaris Cryptographic Framework, See cryptographic framework
 
 solaris.device.revoke authorization ( Index Term Link )
 
 Solaris Secure Shell
  adding to system ( Index Term Link )
  administering ( Index Term Link )
  administrator task map ( Index Term Link ) ( Index Term Link )
  authentication
   requirements for ( Index Term Link )
  authentication methods ( Index Term Link )
  authentication steps ( Index Term Link )
  basis from OpenSSH ( Index Term Link )
  changes in current release ( Index Term Link )
  changing passphrase ( Index Term Link )
  command execution ( Index Term Link )
  configuring clients ( Index Term Link )
  configuring port forwarding ( Index Term Link )
  configuring server ( Index Term Link )
  connecting across a firewall ( Index Term Link )
  connecting outside firewall
   from command line ( Index Term Link )
   from configuration file ( Index Term Link )
  copying files ( Index Term Link )
  creating keys ( Index Term Link )
  data forwarding ( Index Term Link )
  description ( Index Term Link )
  files ( Index Term Link )
  forwarding mail ( Index Term Link )
  generating keys ( Index Term Link )
  keywords ( Index Term Link )
  local port forwarding ( Index Term Link ) ( Index Term Link )
  logging in fewer prompts ( Index Term Link )
  logging in to remote host ( Index Term Link )
  login environment variables and ( Index Term Link )
  naming identity files ( Index Term Link )
  packages ( Index Term Link )
  protocol versions ( Index Term Link )
  public key authentication ( Index Term Link )
  remote port forwarding ( Index Term Link )
  scp command ( Index Term Link )
  specifying exceptions to system defaults ( Index Term Link )
  TCP and ( Index Term Link )
  typical session ( Index Term Link )
  user procedures ( Index Term Link )
  using port forwarding ( Index Term Link )
  using without password ( Index Term Link )
 
 solaris security policy ( Index Term Link )
 
 special permissions
  setgid permissions ( Index Term Link )
  setuid permissions ( Index Term Link )
  sticky bit ( Index Term Link )
 
 square brackets ([]), auditrecord output ( Index Term Link )
 
 sr_clean script, description ( Index Term Link )
 
 ssh-add command
  description ( Index Term Link )
  example ( Index Term Link ) ( Index Term Link )
  storing private keys ( Index Term Link )
 
 ssh-agent command
  description ( Index Term Link )
  from command line ( Index Term Link )
 
 ssh command
  description ( Index Term Link )
  overriding keyword settings ( Index Term Link )
  port forwarding options ( Index Term Link )
  using ( Index Term Link )
  using a proxy command ( Index Term Link )
 
 .ssh/config file
  description ( Index Term Link )
  override ( Index Term Link )
 
 ssh_config file
  configuring Solaris Secure Shell ( Index Term Link )
  host-specific parameters ( Index Term Link )
  keywords ( Index Term Link )
   See specific keyword
  override ( Index Term Link )
 
 .ssh/environment file, description ( Index Term Link )
 
 ssh_host_dsa_key file, description ( Index Term Link )
 
 ssh_host_dsa_key.pub file, description ( Index Term Link )
 
 ssh_host_key file
  description ( Index Term Link )
  override ( Index Term Link )
 
 ssh_host_key.pub file, description ( Index Term Link )
 
 ssh_host_rsa_key file, description ( Index Term Link )
 
 ssh_host_rsa_key.pub file, description ( Index Term Link )
 
 .ssh/id_dsa file ( Index Term Link )
 
 .ssh/id_rsa file ( Index Term Link )
 
 .ssh/identity file ( Index Term Link )
 
 ssh-keygen command
  description ( Index Term Link )
  using ( Index Term Link )
 
 ssh-keyscan command, description ( Index Term Link )
 
 ssh-keysign command, description ( Index Term Link )
 
 .ssh/known_hosts file
  description ( Index Term Link )
  override ( Index Term Link )
 
 ssh_known_hosts file ( Index Term Link )
 
 .ssh/rc file, description ( Index Term Link )
 
 sshd command, description ( Index Term Link )
 
 sshd_config file
  description ( Index Term Link )
  keywords ( Index Term Link )
   See specific keyword
  overrides of /etc/default/login entries ( Index Term Link )
 
 sshd.pid file, description ( Index Term Link )
 
 sshrc file, description ( Index Term Link )
 
 st_clean script
  description ( Index Term Link )
  for tape drives ( Index Term Link )
 
 standard cleanup, st_clean script ( Index Term Link )
 
 starting
  audit daemon ( Index Term Link )
  auditing ( Index Term Link ) ( Index Term Link )
  device allocation ( Index Term Link )
  KDC daemon ( Index Term Link ) ( Index Term Link )
  Secure RPC keyserver ( Index Term Link )
 
 stash file
  creating ( Index Term Link ) ( Index Term Link )
  definition ( Index Term Link )
 
 sticky bit permissions
  absolute mode ( Index Term Link ) ( Index Term Link )
  description ( Index Term Link )
  symbolic mode ( Index Term Link )
 
 stopping, dial-up logins temporarily ( Index Term Link )
 
 storage costs, and auditing ( Index Term Link )
 
 storage overflow prevention, audit trail ( Index Term Link )
 
 storing
  audit files ( Index Term Link ) ( Index Term Link )
  passphrase ( Index Term Link )
 
 StrictHostKeyChecking keyword, ssh_config file ( Index Term Link )
 
 StrictModes keyword, sshd_config file ( Index Term Link )
 
 su command
  displaying access attempts on console ( Index Term Link )
  in role assumption ( Index Term Link ) ( Index Term Link )
  monitoring use ( Index Term Link )
 
 su file, monitoring su command ( Index Term Link )
 
 subject audit token, format ( Index Term Link )
 
 Subsystem keyword, sshd_config file ( Index Term Link )
 
 success
  audit class prefix ( Index Term Link )
  turning off audit classes for ( Index Term Link )
 
 sufficient control flag, PAM ( Index Term Link )
 
 sulog file ( Index Term Link )
  monitoring contents of ( Index Term Link )
 
 Sun Crypto Accelerator 1000 board, listing mechanisms ( Index Term Link )
 
 Sun Crypto Accelerator 6000 board
  hardware plugin to cryptographic framework ( Index Term Link )
  listing mechanisms ( Index Term Link )
 
 SUPATH in Solaris Secure Shell ( Index Term Link )
 
 superuser
  compared to privilege model ( Index Term Link )
  compared to RBAC model ( Index Term Link )
  differences from privilege model ( Index Term Link )
  eliminating in RBAC ( Index Term Link )
  monitoring access attempts ( Index Term Link )
  troubleshooting becoming root as a role ( Index Term Link )
  troubleshooting remote access ( Index Term Link )
 
 suser security policy ( Index Term Link )
 
 svcadm command
  administering cryptographic framework ( Index Term Link ) ( Index Term Link )
  enabling cryptographic framework ( Index Term Link )
  enabling keyserver daemon ( Index Term Link )
  refreshing cryptographic framework ( Index Term Link )
  restarting name service ( Index Term Link )
  restarting NFS server ( Index Term Link )
  restarting Solaris Secure Shell ( Index Term Link )
  restarting syslog daemon ( Index Term Link ) ( Index Term Link )
 
 svcs command
  listing cryptographic services ( Index Term Link )
  listing keyserver service ( Index Term Link )
 
 swapping master and slave KDCs ( Index Term Link )
 
 symbolic links, file permissions ( Index Term Link )
 
 symbolic mode
  changing file permissions ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
  description ( Index Term Link )
 
 synchronizing clocks
  master KDC ( Index Term Link ) ( Index Term Link )
  overview ( Index Term Link )
  slave KDC ( Index Term Link ) ( Index Term Link )
 
 SYS privileges ( Index Term Link )
 
 syslog.conf file
  and auditing ( Index Term Link )
  audit.notice level ( Index Term Link )
  audit records ( Index Term Link )
  executable stack messages ( Index Term Link )
  kern.notice level ( Index Term Link )
  priv.debug entry ( Index Term Link )
  saving failed login attempts ( Index Term Link )
 
 SYSLOG_FAILED_LOGINS
  in Solaris Secure Shell ( Index Term Link )
  system variable ( Index Term Link )
 
 syslog format, audit records ( Index Term Link )
 
 SyslogFacility keyword, sshd_config file ( Index Term Link )
 
 System Administrator (RBAC)
  assuming role ( Index Term Link )
  creating role ( Index Term Link )
  protecting hardware ( Index Term Link )
  recommended role ( Index Term Link )
  rights profile ( Index Term Link )
 
 system calls
  arg audit token ( Index Term Link )
  close ( Index Term Link )
  exec_args audit token ( Index Term Link )
  exec_env audit token ( Index Term Link )
  ioctl() ( Index Term Link )
  ioctl to clean audio device ( Index Term Link )
  return audit token ( Index Term Link )
 
 system file, bsmconv effect on ( Index Term Link )
 
 system hardware, controlling access to ( Index Term Link )
 
 system properties, privileges relating to ( Index Term Link )
 
 system security
  ACL ( Index Term Link )
  dial-up logins and passwords ( Index Term Link )
  dial-up passwords
   disabling temporarily ( Index Term Link )
  displaying
   user's login status ( Index Term Link ) ( Index Term Link )
   users with no passwords ( Index Term Link )
  firewall systems ( Index Term Link )
  hardware protection ( Index Term Link ) ( Index Term Link )
  login access restrictions ( Index Term Link ) ( Index Term Link )
  machine access ( Index Term Link )
  overview ( Index Term Link )
  password encryption ( Index Term Link )
  passwords ( Index Term Link )
  privileges ( Index Term Link )
  protecting from risky programs ( Index Term Link )
  restricted shell ( Index Term Link ) ( Index Term Link )
  restricting remote root access ( Index Term Link )
  role-based access control (RBAC) ( Index Term Link ) ( Index Term Link )
  root access restrictions ( Index Term Link ) ( Index Term Link )
  saving failed login attempts ( Index Term Link )
  special logins ( Index Term Link )
  su command monitoring ( Index Term Link ) ( Index Term Link )
  task map ( Index Term Link )
 
 system state audit class ( Index Term Link )
 
 System V IPC
  ipc audit class ( Index Term Link )
  ipc audit token ( Index Term Link )
  ipc_perm audit token ( Index Term Link )
  privileges ( Index Term Link )
 
 system variables
  See also variables
  CRYPT_DEFAULT ( Index Term Link )
  KEYBOARD_ABORT ( Index Term Link )
  noexec_user_stack ( Index Term Link )
  noexec_user_stack_log ( Index Term Link )
  rstchown ( Index Term Link )
  SYSLOG_FAILED_LOGINS ( Index Term Link )
 
 system-wide administration audit class ( Index Term Link )
 
 systems, protecting from risky programs ( Index Term Link )