Index (Solaris Trusted Extensions Administrator's Procedures)

Solaris Trusted Extensions Administrator's Procedures


Numbers and Symbols

	`-o nobanner` option to `lp` command ( )


A

	access, See computer access

	access policy
		devices ( )
		Discretionary Access Control (DAC) ( ) ( )
		Mandatory Access Control (MAC) ( )

	accessing
		administrative tools ( )
		audit records by label ( )
		devices ( )
		global zone ( )
		home directories ( )
		printers ( )
		remote multilevel desktop ( )
		Solaris Management Console ( )
		ZFS dataset mounted in lower-level zone from higher-level zone ( )

	accessing the X server ( )

	account locking, preventing ( )

	accounts
		See roles
		See also users
		creating ( )
		planning ( )

	accreditation checks ( )

	accreditation ranges, `label_encodings` file ( )

	`Action failed. Reconnect to Solaris Zone?` ( )

	`add_allocatable` command ( )

	adding
		default routes for labeled zones ( )
		LDAP toolbox ( )
		local role with `roleadd` ( )
		local user with `useradd` ( )
		network databases to LDAP server ( )
		`nscd` daemon to every labeled zone ( )
		roles ( )
		shared network interfaces ( )
		Trusted Extensions to a Solaris system ( )
		users by using `lpaddent` ( )
		users who can assume roles ( )
		zone-specific network interface ( )
		zone-specific `nscd` daemon ( )

	Additional Trusted Extensions Configuration Tasks ( )

	`ADMIN_HIGH` label ( )

	`ADMIN_LOW` label
		lowest label ( )
		protecting administrative files ( )

	administering
		account locking ( )
		assigning device authorizations ( )
		auditing in Trusted Extensions ( )
		changing label of information ( )
		convenient authorizations for users ( )
		device allocation ( )
		device authorizations ( )
		devices ( ) ( )
		file systems
			mounting ( )
			overview ( )
			troubleshooting ( )
		files
			backing up ( )
			restoring ( )
		from the global zone ( )
		hiding labels from users ( )
		labeled printing ( )
		LDAP ( )
		mail ( )
		multilevel ports ( )
		network in Trusted Extensions ( )
		network of users ( )
		PostScript printing ( )
		printing in Trusted Extensions ( )
		printing interoperability with Trusted Solaris 8 ( )
		quick reference for administrators ( )
		remote host database ( )
		remote host templates ( )
		remotely ( )
		remotely by a role ( )
		remotely from command line ( )
		remotely with Solaris Management Console ( ) ( )
		routes with security attributes ( )
		serial line for login ( )
		sharing file systems ( )
		startup files for users ( )
		system files ( )
		third-party software ( )
		timeout when relabeling information ( )
		trusted network databases ( )
		trusted networking ( )
		unlabeled printing ( )
		user privileges ( )
		users ( ) ( )
		zones ( )
		zones from Trusted JDS ( )

	Administering Trusted Extensions Remotely (Task Map) ( )

	administrative labels ( )

	administrative roles, See roles

	Administrative Roles tool ( )

	administrative tools
		accessing ( )
		commands ( )
		configuration files ( )
		description ( )
		Device Manager ( )
		label builder ( )
		Labeled Zone Manager ( )
		Solaris Management Console ( ) ( )
		`txzonemgr` script ( )

	`allocate` command ( )

	Allocate Device authorization ( ) ( ) ( ) ( )

	allocate error state, correcting ( )

	allocating, using Device Manager ( )

	allocating devices
		for copying data ( )
		tape drive ( )

	Always Print Banner checkbox ( )

	applications
		evaluating for security ( )
		installing ( )
		trusted and trustworthy ( )

	assigning
		editor as the trusted editor ( )
		privileges to users ( )
		rights profiles ( )

	Assume Role menu item ( )

	assuming, roles ( )

	`atohexlabel` command ( ) ( )

	audio devices, preventing remote allocation ( )

	audit classes for Trusted Extensions, list of new X audit classes ( )

	audit events for Trusted Extensions, list of ( )

	audit planning ( )

	audit policy in Trusted Extensions ( )

	audit records in Trusted Extensions, policy ( )

	Audit Review profile, reviewing audit records ( )

	Audit Tasks of the System Administrator ( )

	audit tokens for Trusted Extensions
		`label` token ( )
		list of ( )
		`xatom` token ( )
		`xclient` token ( )
		`xcolormap` token ( )
		`xcursor` token ( )
		`xfont` token ( )
		`xgc` token ( )
		`xpixmap` token ( )
		`xproperty` token ( )
		`xselect` token ( )
		`xwindow` token ( )

	`auditconfig` command ( )

	auditing, planning ( )

	auditing in Trusted Extensions
		additional audit events ( )
		additional audit policies ( )
		additional audit tokens ( )
		additions to existing auditing commands ( )
		differences from Solaris auditing ( )
		reference ( )
		roles for administering ( )
		security administrator tasks ( )
		system administrator tasks ( )
		tasks ( )
		X audit classes ( )

	`auditreduce` command ( )

	authorizations
		adding new device authorizations ( )
		Allocate Device ( ) ( ) ( )
		assigning ( )
		assigning device authorizations ( )
		authorizing a user or role to change label ( )
		Configure Device Attributes ( )
		convenient for users ( )
		creating customized device authorizations ( )
		creating local and remote device authorizations ( )
		customizing for devices ( )
		granted ( )
		Print PostScript ( )
		Print Postscript ( )
		profiles that include device allocation authorizations ( )
		Revoke or Reclaim Device ( ) ( )
		`solaris.print.nobanner` ( )
		`solaris.print.ps` ( )

	authorizing
		device allocation ( )
		PostScript printing ( )
		unlabeled printing ( )

	`automount` command ( )


B

	backing up, previous system before installation ( )

	Backing Up, Sharing, and Mounting Labeled Files (Task Map) ( )

	banner pages
		description of labeled ( )
		difference from trailer page ( )
		printing without labels ( )
		typical ( )

	body pages
		description of labeled ( )
		unlabeled for all users ( )
		unlabeled for specific users ( )


C

	`Cannot reach global zone` ( )

	CD-ROM drives, accessing ( )

	Change Password menu item
		description ( )
		using to change `root` password ( )

	changing
		`IDLETIME` keyword ( )
		labels by authorized users ( )
		rules for label changes ( )
		security level of data ( )
		system security defaults ( )
		user privileges ( )

	checking
		`label_encodings` file ( )
		roles are working ( )

	checklists for initial setup team ( )

	`chk_encodings` command ( ) ( )

	choosing, See selecting

	classification label component ( )

	clearances, label overview ( )

	collecting information
		before enabling Trusted Extensions ( )
		for LDAP service ( )
		planning Trusted Extensions configuration ( )

	colors, indicating label of workspace ( )

	commands
		executing with privilege ( )
		troubleshooting networking ( )
		`trusted_edit` trusted editor ( )

	commercial applications, evaluating ( )

	Common Tasks in Trusted Extensions (Task Map) ( )

	compartment label component ( )

	component definitions, `label_encodings` file ( )

	computer access
		administrator responsibilities ( )
		restricting ( )

	Computers and Networks tool
		adding known hosts ( ) ( )
		modifying `tnrhdb` database ( )

	Computers and Networks tool set ( )

	configuration files, copying ( )

	Configure Device Attributes authorization ( )

	configuring
		access to headless Trusted Extensions ( )
		as a role or as superuser? ( )
		auditing ( )
		authorizations for devices ( )
		devices ( )
		labeled printing ( )
		LDAP for Trusted Extensions ( )
		LDAP proxy server for Trusted Extensions clients ( )
		network interfaces ( )
		routes with security attributes ( )
		serial line for login ( )
		Solaris Management Console for LDAP ( )
		startup files for users ( )
		Trusted Extensions labeled zones ( )
		Trusted Extensions software ( )
		trusted network ( )

	Configuring an LDAP Proxy Server on a Trusted Extensions Host (Task Map) ( )

	Configuring an LDAP Server on a Trusted Extensions Host (Task Map) ( )

	Configuring Labeled IPsec (Task Map) ( )

	Configuring Labeled Printing (Task Map) ( )

	Configuring Routes and Checking Network Information in Trusted Extensions (Task Map) ( )

	Configuring the Solaris Management Console for LDAP (Task Map) ( )

	configuring Trusted Extensions
		checklist for install team ( )
		headless access ( )
		initial procedures ( )
		labeled zones ( )
		task maps ( )

	Configuring Trusted Network Databases (Task Map) ( )

	controlling, See restricting

	`.copy_files` file
		description ( )
		setting up for users ( ) ( )
		startup file ( )

	Create a new zone menu item ( )

	creating
		accounts ( )
		accounts during or after configuration ( )
		authorizations for devices ( )
		home directories ( ) ( )
		home directory server ( )
		labeled zones ( )
		LDAP client ( )
		LDAP proxy server for Trusted Extensions clients ( )
		LDAP toolbox ( )
		local role with `roleadd` ( )
		local user with `useradd` ( )
		roles ( )
		users who can assume roles ( )
		zones ( )

	Creating Labeled Zones ( )

	credentials, registering LDAP with the Solaris Management Console ( )

	customizing
		device authorizations ( )
		`label_encodings` file ( )
		unlabeled printing ( )
		user accounts ( )

	Customizing Device Authorizations in Trusted Extensions (Task Map) ( )

	Customizing User Environment for Security (Task Map) ( )

	cut and paste, and labels ( )

	cutting and pasting, configuring rules for label changes ( )


D

	DAC, See discretionary access control (DAC)

	databases
		in LDAP ( )
		trusted network ( )

	datasets, See ZFS

	`deallocate` command ( )

	deallocating, forcing ( )

	debugging, See troubleshooting

	deciding
		to configure as a role or as superuser ( )
		to use a Sun-supplied encodings file ( )

	decisions to make
		based on site security policy ( )
		before enabling Trusted Extensions ( )

	default routes, specifying for labeled zones ( )

	deleting, labeled zones ( )

	desktops
		accessing multilevel remotely ( )
		logging in to a failsafe session ( )
		workspace color changes ( )

	`/dev/kmem` kernel image file, security violation ( )

	developer responsibilities ( )

	device allocation
		authorizing ( )
		overview ( )
		profiles that include allocation authorizations ( )

	`device-clean` scripts
		adding to devices ( )
		requirements ( )

	Device Manager
		administrative tool ( )
		description ( )
		use by administrators ( )

	devices
		access policy ( )
		accessing ( )
		adding customized authorizations ( )
		adding `device_clean` script ( )
		administering ( )
		administering with Device Manager ( )
		allocating ( )
		configuring devices ( )
		configuring serial line ( )
		creating new authorizations ( )
		in Trusted Extensions ( )
		policy defaults ( )
		preventing remote allocation of audio ( )
		protecting ( )
		protecting nonallocatable ( )
		reclaiming ( )
		setting label range for nonallocatable ( )
		setting policy ( )
		troubleshooting ( )
		using ( )

	`dfstab` file, for `public` zone ( )

	differences
		administrative interfaces in Trusted Extensions ( )
		between Trusted Extensions and Solaris auditing ( )
		between Trusted Extensions and Solaris OS ( )
		defaults in Trusted Extensions ( )
		extending Solaris interfaces ( )
		limited options in Trusted Extensions ( )

	directories
		accessing lower-level ( )
		authorizing a user or role to change label of ( )
		for naming service setup ( )
		mounting ( )
		sharing ( )

	disabling, Trusted Extensions ( )

	discretionary access control (DAC) ( )

	diskettes, accessing ( )

	displaying
		labels of file systems in labeled zone ( )
		status of every zone ( )

	DOI, remote host templates ( )

	domain of interpretation (DOI), entry in `/etc/system` file ( )

	dominance of labels ( )

	Downgrade DragNDrop or CutPaste Info authorization ( )

	Downgrade File Label authorization ( )

	downgrading labels, configuring rules for selection confirmer ( )

	`dpadm` service ( )

	DragNDrop or CutPaste without viewing contents authorization ( )

	`dsadm` service ( )

	`dtsession` command, running `updatehome` ( )

	`dtterm` terminal, forcing the sourcing of `.profile` ( )


E

	editing
		system files ( )
		using trusted editor ( )

	enabling
		DOI different from `1` ( )
		`dpadm` service ( )
		`dsadm` service ( )
		IPv6 network ( )
		keyboard shutdown ( )
		`labeld` service ( )
		LDAP administration from a client ( )
		login to labeled zone ( )
		Trusted Extensions on a Solaris system ( )

	encodings file, See `label_encodings` file

	error messages, troubleshooting ( )

	`/etc/default/kbd` file, how to edit ( )

	`/etc/default/login` file, how to edit ( )

	`/etc/default/passwd` file, how to edit ( )

	`/etc/default/print` file ( )

	`/etc/dfs/dfstab` file for `public` zone ( )

	`/etc/hosts` file ( ) ( )

	`/etc/security/policy.conf` file
		defaults ( )
		enabling PostScript printing ( )
		how to edit ( )
		modifying ( )

	`/etc/security/tsol/label_encodings` file ( )

	`/etc/system` file
		modifying for DOI different from `1` ( )
		modifying for IPv6 network ( )

	evaluating programs for security ( )

	exporting, See sharing


F

	failsafe session, logging in ( )

	fallback mechanism
		for remote hosts ( )
		in `tnrhdb` ( )
		using for network configuration ( )

	file systems
		mounting in global and labeled zones ( )
		NFS mounts ( )
		sharing ( )
		sharing in global and labeled zones ( )

	files
		accessing from dominating labels ( )
		authorizing a user or role to change label of ( )
		backing up ( )
		`.copy_files` ( ) ( ) ( )
		copying from removable media ( )
		editing with trusted editor ( )
		`/etc/default/kbd` ( )
		`/etc/default/login` ( )
		`/etc/default/passwd` ( )
		`/etc/default/print` ( )
		`/etc/security/policy.conf` ( ) ( ) ( )
		`getmounts` ( )
		`getzonelabels` ( )
		`.gtkrc-mine` ( )
		`.link_files` ( ) ( ) ( )
		loopback mounting ( )
		`office-install-directory/VCL.xcu` ( )
		`policy.conf` ( )
		PostScript ( )
		preventing access from dominating labels ( )
		relabeling privileges ( )
		`resolv.conf` ( )
		restoring ( )
		`sel_config` file ( )
		startup ( )
		`tsoljdsselmgr` ( )
		`/usr/bin/tsoljdsselmgr` ( )
		`/usr/lib/lp/postscript/tsol_separator.ps` ( )
		`/usr/sbin/txzonemgr` ( ) ( )
		`/usr/share/gnome/sel_config` ( )
		`VCL.xcu` ( )

	files and file systems
		mounting ( )
		naming ( )
		sharing ( )

	finding
		label equivalent in hexadecimal ( )
		label equivalent in text format ( )

	Firefox, lengthening timeout when relabeling ( )

	floppies, See diskettes

	floppy disks, See diskettes


G

	gateways
		accreditation checks ( )
		example of ( )

	`getlabel` command ( )

	`getmounts` script ( )

	Getting Started as a Trusted Extensions Administrator (Task Map) ( )

	`getzonelabels` script ( )

	`getzonepath` command ( )

	global zone
		difference from labeled zones ( )
		entering ( )
		exiting ( )
		remote login by users ( )

	GNOME ToolKit (GTK) library, lengthening timeout when relabeling ( )

	groups
		deletion precautions ( )
		security requirements ( )

	`.gtkrc-mine` file ( )


H

	Handling Devices in Trusted Extensions (Task Map) ( )

	Handling Other Tasks in the Solaris Management Console (Task Map) ( )

	hardware planning ( )

	Headless System Configuration in Trusted Extensions (Task Map) ( )

	`hextoalabel` command ( ) ( )

	hiding labels from users ( )

	home directories
		accessing ( )
		creating ( ) ( )
		creating server for ( )
		logging in and getting ( )

	host types
		networking ( ) ( )
		remote host templates ( )
		table of templates and protocols ( )

	hosts
		assigning a template ( ) ( )
		assigning to security template ( )
		entering in network files ( )
		networking concepts ( )

	hot key, regaining control of desktop focus ( )


I

	`IDLECMD` keyword, changing default ( )

	`IDLETIME` keyword, changing default ( )

	`ifconfig` command ( ) ( )

	`ikeadm` command ( )

	importing, software ( )

	`in.iked` command ( )

	initial setup team, checklist for configuring Trusted Extensions ( )

	initializing, Solaris Management Console ( )

	installation menu, Create a new zone ( )

	installing
		`label_encodings` file ( )
		Solaris OS for Trusted Extensions ( )
		Sun Java System Directory Server ( )

	interfaces
		assigning to security template ( )
		verifying they are up ( )

	internationalizing, See localizing

	interoperability, Trusted Solaris 8 and printing ( )

	IP addresses
		fallback mechanism in `tnrhdb` ( )
		in `tnrhdb` database ( )
		in `tnrhdb` file ( )

	`ipseckey` command ( ) ( )

	IPv6
		entry in `/etc/system` file ( )
		troubleshooting ( )


J

	Java archive (JAR) files, installing ( )


K

	key combinations, testing if grab is trusted ( )

	keyboard shutdown, enabling ( )

	`kmem` kernel image file ( )


L

	`label` audit token ( )

	`label_encodings` file
		checking ( )
		contents ( )
		installing ( )
		localizing ( )
		modifying ( )
		reference for labeled printing ( )
		source of accreditation ranges ( )

	label ranges
		restricting printer label range ( )
		setting on frame buffers ( )
		setting on printers ( )

	`labeld` service ( )
		disabling ( )

	labeled printing
		banner pages ( )
		body pages ( )
		PostScript files ( )
		removing label ( )
		removing PostScript restriction ( )
		without banner page ( ) ( )

	Labeled Zone Manager, See `txzonemgr` script

	labeled zones, See zones

	labeling
		turning on labels ( )
		zones ( )

	labels
		See also label ranges
		authorizing a user or role to change label of data ( )
		classification component ( )
		compartment component ( )
		configuring rules for label changes ( )
		default in remote host templates ( )
		described ( )
		determining text equivalents ( )
		displaying in hexadecimal ( )
		displaying labels of file systems in labeled zone ( )
		dominance ( )
		downgrading and upgrading ( )
		hiding from users ( )
		of processes ( )
		of user processes ( )
		on printer output ( )
		overview ( )
		planning ( )
		printing without page labels ( )
		relationships ( )
		repairing in internal databases ( )
		specifying for zones ( )
		troubleshooting ( )
		well-formed ( )

	LDAP
		displaying entries ( )
		enabling administration from a client ( )
		managing the naming service ( )
		naming service for Trusted Extensions ( )
		planning ( )
		starting ( )
		stopping ( )
		troubleshooting ( )
		Trusted Extensions databases ( )

	LDAP configuration
		creating client ( )
		for Trusted Extensions ( )
		Sun Ray servers, and ( )

	LDAP server
		collecting information for ( )
		configuring multilevel port ( )
		configuring naming service ( )
		configuring proxy for Trusted Extensions clients ( )
		creating proxy for Trusted Extensions clients ( )
		installing in Trusted Extensions ( )
		planning for separation of duty ( )
		protecting log files ( )
		registering credentials with Solaris Management Console ( )

	lengthening timeout, for relabeling ( )

	limiting, defined hosts on the network ( )

	`.link_files` file
		description ( )
		setting up for users ( )
		startup file ( )

	`list_devices` command ( )

	localizing, changing labeled printer output ( )

	log files, protecting Directory Server logs ( )

	logging in
		to a home directory server ( )
		using `rlogin` command ( )

	login
		by roles ( )
		configuring serial line ( )
		remote ( )
		remote by roles ( )

	logout, requiring ( )

	`lpaddent` command ( )


M

	MAC, See mandatory access control (MAC)

	mail
		administering ( )
		implementation in Trusted Extensions ( )
		multilevel ( )

	man pages, quick reference for Trusted Extensions administrators ( )

	managing, See administering

	Managing Devices in Trusted Extensions (Task Map) ( )

	Managing Printing in Trusted Extensions (Task Map) ( )

	Managing Software in Trusted Extensions (Tasks) ( )

	Managing Trusted Networking (Task Map) ( )

	Managing Users and Rights With the Solaris Management Console (Task Map) ( )

	Managing Zones (Task Map) ( )

	mandatory access control (MAC)
		enforcing on the network ( )
		in Trusted Extensions ( )

	maximum labels, remote host templates ( )

	media, copying files from removable ( )

	minimum labels, remote host templates ( )

	MLPs, See multilevel ports (MLPs)

	modifying, `label_encodings` file ( )

	mounting
		file systems ( )
		files by loopback mounting ( )
		overview ( )
		troubleshooting ( )
		ZFS dataset on labeled zone ( )

	Mozilla, lengthening timeout when relabeling ( )

	multiheaded system, trusted stripe ( )

	multilevel mounts, NFS protocol versions ( )

	multilevel ports (MLPs)
		administering ( )
		example of NFSv3 MLP ( )
		example of web proxy MLP ( )

	multilevel printing
		accessing by print client ( )
		configuring ( )

	multilevel server, planning ( )


N

	name service cache daemon, See `nscd` daemon

	names, specifying for zones ( )

	names of file systems ( )

	naming, zones ( )

	naming services
		databases unique to Trusted Extensions ( )
		LDAP ( )
		managing LDAP ( )

	`net_mac_aware` privilege ( )

	`netstat` command ( ) ( ) ( )

	network
		See Trusted Extensions network
		See trusted network

	network databases
		description ( )
		in LDAP ( )

	network packets ( )

	networking concepts ( )

	NFS mounts
		accessing lower-level directories ( )
		in global and labeled zones ( )

	`No route available` ( )

	nonallocatable devices
		protecting ( )
		setting label range ( )

	`nscd` daemon, adding to every labeled zone ( )


O

	`office-install-directory/VCL.xcu` ( )

	OpenOffice, See StarOffice


P

	packages, accessing the media ( )

	passwords
		assigning ( )
		Change Password menu item ( ) ( )
		changing for `root` ( )
		changing user passwords ( )
		storage ( )
		testing if password prompt is trusted ( )

	`plabel` command ( )

	planning
		See also Trusted Extensions use
		account creation ( )
		administration strategy ( )
		auditing ( )
		data migration ( )
		hardware ( )
		labels ( )
		LDAP naming service ( )
		network ( )
		NFS server ( )
		printing ( )
		Trusted Extensions ( )
		Trusted Extensions configuration strategy ( )
		zones ( )

	`policy.conf` file
		changing defaults ( )
		changing Trusted Extensions keywords ( )
		defaults ( )
		how to edit ( )

	PostScript
		enabling to print ( )
		printing restrictions in Trusted Extensions ( )

	preventing, See protecting

	Print Postscript authorization ( ) ( ) ( )

	Print without Banner authorization ( ) ( )

	Print without Label authorization ( )

	printer output, See printing

	printers, setting label range ( )

	printing
		adding conversion filters ( )
		and `label_encodings` file ( )
		authorizations for unlabeled output from a public system ( )
		configuring for multilevel labeled output ( )
		configuring for print client ( )
		configuring labeled zone ( )
		configuring labels and text ( )
		configuring public print jobs ( )
		in local language ( )
		internationalizing labeled output ( )
		interoperability with Trusted Solaris 8 ( )
		labeling a Solaris print server ( )
		localizing labeled output ( )
		managing ( )
		model scripts ( )
		planning ( )
		PostScript files ( )
		PostScript restrictions in Trusted Extensions ( )
		preventing labels on output ( )
		public jobs from a Solaris print server ( )
		removing PostScript restriction ( )
		restricting label range ( )
		using a Solaris print server ( )
		without labeled banners and trailers ( ) ( )
		without page labels ( ) ( )

	privileges
		changing defaults for users ( )
		non-obvious reasons for requiring ( )
		removing `proc_info` from basic set ( )
		restricting users' ( )
		when executing commands ( )

	`proc_info` privilege, removing from basic set ( )

	procedures, See tasks and task maps

	processes
		labels of ( )
		labels of user processes ( )
		preventing users from seeing others' processes ( )

	profiles, See rights profiles

	programs, See applications

	protecting
		devices ( ) ( )
		devices from remote allocation ( )
		file systems by using non-proprietary names ( )
		files at lower labels from being accessed ( )
		from access by arbitrary hosts ( )
		information with labels ( )
		labeled hosts from contact by arbitrary unlabeled hosts ( )
		nonallocatable devices ( )

	publications, security and UNIX ( )


R

	real UID of root, required for applications ( )

	rebooting
		activating labels ( )
		enabling login to labeled zone ( )

	Reducing Printing Restrictions in Trusted Extensions (Task Map) ( )

	regaining control of desktop focus ( )

	registering, LDAP credentials with the Solaris Management Console ( )

	regular users, See users

	relabeling information ( )

	remote administration
		defaults ( )
		methods ( )

	remote host templates
		assigning ( )
		assigning to hosts ( )
		creating ( )
		tool for administering ( )

	remote hosts, using fallback mechanism in `tnrhdb` ( )

	Remote Login authorization ( )

	remote logins, enabling for roles ( )

	remote multilevel desktop, accessing ( )

	removable media, mounting ( )

	`remove_allocatable` command ( )

	removing
		labels on printer output ( )
		zone-specific `nscd` daemon ( )

	removing Trusted Extensions, See disabling

	repairing, labels in internal databases ( )

	requirements for Trusted Extensions
		Solaris installation options ( )
		Solaris installed systems ( )

	`resolv.conf` file, loading during configuration ( )

	restoring control of desktop focus ( )

	restricting
		access to computer based on label ( )
		access to devices ( )
		access to global zone ( )
		access to lower-level files ( )
		access to printers with labels ( )
		mounts of lower-level files ( )
		printer access with labels ( )
		printer label range ( )
		remote access ( )

	Revoke or Reclaim Device authorization ( ) ( )

	rights, See rights profiles

	rights profiles
		assigning ( )
		Convenient Authorizations ( )
		customizing for separation of duty ( )
		with Allocate Device authorization ( )
		with device allocation authorizations ( )
		with new device authorizations ( )

	Rights tool ( )

	roadmaps
		Task Map: Configuring Trusted Extensions ( )
		Task Map: Preparing a Solaris System for Trusted Extensions ( )
		Task Map: Preparing For and Enabling Trusted Extensions ( )

	role workspace, global zone ( )

	`roleadd` command ( )

	roles
		adding local role with `roleadd` ( )
		administering auditing ( )
		administering remotely ( ) ( )
		assigning rights ( )
		assuming ( ) ( )
		creating ( )
		creating Security Administrator ( )
		determining when to create ( )
		leaving role workspace ( )
		logging in remotely ( )
		remote login ( )
		role assumption from unlabeled host ( )
		separation of duty ( ) ( )
		trusted application access ( )
		verifying they work ( )
		workspaces ( )

	root passwords, required in Trusted Extensions ( )

	root UID, required for applications ( )

	`route` command ( ) ( )

	routing ( )
		accreditation checks ( )
		commands in Trusted Extensions ( )
		concepts ( )
		example of ( )
		specifying default routes for labeled zones ( )
		static with security attributes ( )
		tables ( ) ( )
		using `route` command ( )


S

	scripts
		`getmounts` ( )
		`getzonelabels` ( )
		`/usr/sbin/txzonemgr` ( ) ( )

	secure attention, key combination ( )

	security
		initial setup team ( )
		publications ( )
		root password ( )
		site security policy ( )

	Security Administrator role
		administering network of users ( )
		administering PostScript restriction ( )
		administering printer security ( )
		assigning authorizations to users ( )
		audit tasks ( )
		configuring a device ( )
		configuring serial line for login ( )
		creating ( )
		creating Convenient Authorizations rights profile ( )
		enabling unlabeled body pages from a public system ( )
		enforcing security ( )
		protecting nonallocatable devices ( )

	security administrators, See Security Administrator role

	security attributes ( )
		modifying defaults for all users ( )
		modifying user defaults ( )
		setting for remote hosts ( )
		using in routing ( )

	security information, on printer output ( )

	security label set, remote host templates ( )

	security mechanisms
		extensible ( )
		Solaris ( )

	security policy
		auditing ( )
		training users ( )
		users and devices ( )

	security templates, See remote host templates

	Security Templates tool ( ) ( )
		assigning templates ( )
		modifying `tnrhdb` ( ) ( )
		using ( )

	`sel_config` file ( )
		configuring selection transfer rules ( )

	selecting, audit records by label ( )

	Selection Manager
		changing timeout ( )
		configuring rules for selection confirmer ( )

	Selection Manager application ( )

	separation of duty
		creating rights profiles ( )
		planning for ( )
		planning for LDAP ( )

	serial line, configuring for logins ( )

	service management framework (SMF)
		`dpadm` ( )
		`dsadm` ( )
		`labeld` service ( )

	session range ( )

	sessions, failsafe ( )

	`setlabel` command ( )

	sharing, ZFS dataset from labeled zone ( )

	Shutdown authorization ( )

	similarities
		between Trusted Extensions and Solaris auditing ( )
		between Trusted Extensions and Solaris OS ( )

	single-label operation ( )

	single-label printing, configuring for a zone ( )

	site security policy
		common violations ( )
		personnel recommendations ( )
		physical access recommendations ( )
		recommendations ( )
		tasks involved ( )
		Trusted Extensions configuration decisions ( )
		understanding ( )

	`smtnrhdb` command ( )

	`smtnrhtp` command ( )

	`smtnzonecfg` command ( )

	`snoop` command ( ) ( )

	software
		administering third-party ( )
		importing ( )
		installing Java programs ( )

	Solaris installation options, requirements ( )

	Solaris installed systems, requirements for Trusted Extensions ( )

	Solaris Management Console
		administering trusted network ( )
		administering users ( )
		Computers and Networks tool ( )
		configuring for LDAP ( )
		configuring LDAP toolbox ( )
		description of tools and toolboxes ( )
		enabling LDAP toolbox to be used ( )
		initializing ( )
		loading a Trusted Extensions toolbox ( )
		registering LDAP credentials ( )
		Security Templates tool ( ) ( )
		starting ( )
		toolboxes ( )
		troubleshooting ( ) ( )
		Trusted Network Zones tool ( )
		working with Sun Java System Directory Server ( )

	Solaris OS
		differences from Trusted Extensions ( )
		differences from Trusted Extensions auditing ( )
		similarities with Trusted Extensions ( )
		similarities with Trusted Extensions auditing ( )

	`solaris.print.nobanner` authorization ( ) ( )

	`solaris.print.ps` authorization ( )

	`solaris.print.unlabeled` authorization ( )

	Solaris Trusted Extensions, See Trusted Extensions

	StarOffice, lengthening timeout when relabeling ( )

	startup files, procedures for customizing ( )

	`Stop-A`, enabling ( )

	Sun Java System Directory Server, See LDAP server

	Sun Ray systems
		enabling initial contact between client and server ( )
		LDAP servers, and ( )
		preventing users from seeing others' processes ( )
		`tnrhdb` address for client contact ( )
		web site for documentation ( )

	System Administrator role
		adding `device_clean` script ( )
		adding print conversion filters ( )
		administering printers ( )
		audit tasks ( )
		reclaiming a device ( )
		restricting ( )
		reviewing audit records ( )

	system files
		editing ( ) ( )
		Solaris `/etc/default/print` ( )
		Solaris `policy.conf` ( )
		Trusted Extensions `sel_config` ( )
		Trusted Extensions `tsol_separator.ps` ( )


T

	tape devices
		accessing ( )
		allocating ( )

	`tar` command ( )

	Task Map: Configuring Trusted Extensions ( )

	Task Map: Preparing a Solaris System for Trusted Extensions ( )

	Task Map: Preparing For and Enabling Trusted Extensions ( )

	tasks and task maps
		Additional Trusted Extensions Configuration Tasks ( )
		Administering Trusted Extensions Remotely (Task Map) ( )
		Audit Tasks of the Security Administrator ( )
		Audit Tasks of the System Administrator ( )
		Backing Up, Sharing, and Mounting Labeled Files (Task Map) ( )
		Common Tasks in Trusted Extensions (Task Map) ( )
		Configuring an LDAP Proxy Server on a Trusted Extensions Host (Task Map) ( )
		Configuring an LDAP Server on a Trusted Extensions Host (Task Map) ( )
		Configuring Labeled IPsec (Task Map) ( )
		Configuring Labeled Printing (Task Map) ( )
		Configuring Routes and Checking Network Information in Trusted Extensions (Task Map) ( )
		Configuring the Solaris Management Console for LDAP (Task Map) ( )
		Configuring Trusted Network Databases (Task Map) ( )
		Creating Labeled Zones ( )
		Customizing Device Authorizations in Trusted Extensions (Task Map) ( )
		Customizing User Environment for Security (Task Map) ( )
		Getting Started as a Trusted Extensions Administrator (Task Map) ( )
		Handling Devices in Trusted Extensions (Task Map) ( )
		Handling Other Tasks in the Solaris Management Console (Task Map) ( )
		Headless System Configuration in Trusted Extensions (Task Map) ( )
		Managing Devices in Trusted Extensions (Task Map) ( )
		Managing Printing in Trusted Extensions (Task Map) ( )
		Managing Software in Trusted Extensions (Tasks) ( )
		Managing Trusted Networking (Task Map) ( )
		Managing Users and Rights With the Solaris Management Console ( )
		Managing Zones (Task Map) ( )
		Reducing Printing Restrictions in Trusted Extensions (Task Map) ( )
		Troubleshooting the Trusted Network (Task Map) ( )
		Using Devices in Trusted Extensions (Tasks Map) ( )

	`tcp_listen=true` LDAP setting ( )

	text label equivalents, determining ( )

	Thunderbird, lengthening timeout when relabeling ( )

	`tnchkdb` command
		description ( )
		summary ( )

	`tnctl` command
		description ( )
		summary ( )
		updating kernel cache ( )
		using ( )

	`tnd` command
		description ( )
		summary ( )

	`tninfo` command
		description ( )
		summary ( )
		using ( ) ( )

	`tnrhdb` database
		0.0.0.0 host address ( ) ( )
		0.0.0.0 wildcard address ( )
		adding to ( )
		configuring ( )
		entry for Sun Ray servers ( )
		fallback mechanism ( ) ( )
		tool for administering ( )
		wildcard address ( )

	`tnrhtp` database
		adding to ( )
		tool for administering ( )

	toolboxes
		adding LDAP server to `tsol_ldap.tbx` ( )
		defined ( )
		loading in Trusted Extensions ( )
		Scope=LDAP ( )

	tools, See administrative tools

	trailer pages, See banner pages

	translation, See localizing

	troubleshooting
		accessing X server ( )
		failed login ( )
		IPv6 configuration ( )
		LDAP ( )
		mounted file systems ( )
		network ( )
		reclaiming a device ( )
		repairing labels in internal databases ( )
		Solaris Management Console ( ) ( )
		Trusted Extensions configuration ( )
		trusted network ( )
		verifying interface is up ( )
		viewing ZFS dataset mounted in lower-level zone ( )

	Troubleshooting the Trusted Network (Task Map) ( )

	trusted applications, in a role workspace ( )

	`trusted_edit` trusted editor ( )

	trusted editor
		assigning your favorite editor ( )
		starting ( )

	Trusted Extensions
		See also Trusted Extensions planning
		collecting information before enabling ( )
		decisions to make before enabling ( )
		differences from Solaris administrator's perspective ( )
		differences from Solaris auditing ( )
		differences from Solaris OS ( )
		disabling ( )
		enabling ( )
		man pages quick reference ( )
		memory requirements ( )
		planning configuration strategy ( )
		planning for ( )
		planning hardware ( )
		planning network ( )
		preparing for ( ) ( )
		quick reference to administration ( )
		results before configuration ( )
		separation of duty ( )
		similarities with Solaris auditing ( )
		similarities with Solaris OS ( )
		two-role configuration strategy ( )

	Trusted Extensions configuration
		adding network databases to LDAP server ( )
		changing default DOI value ( )
		databases for LDAP ( )
		division of tasks ( )
		evaluated configuration ( )
		headless systems ( )
		initial procedures ( )
		initial setup team responsibilities ( )
		labeled zones ( )
		LDAP ( )
		reboot to activate labels ( )
		task maps ( )
		troubleshooting ( )

	Trusted Extensions network
		adding zone-specific interface ( )
		adding zone-specific `nscd` daemon ( )
		enabling IPv6 ( )
		planning ( )
		removing zone-specific `nscd` daemon ( )
		specifying default routes for labeled zones ( )

	Trusted Extensions requirements
		root password ( )
		Solaris installation ( )
		Solaris installed systems ( )

	trusted grab, key combination ( )

	trusted network
		0.0.0.0 `tnrhdb` entry ( )
		administering with Solaris Management Console ( )
		checking syntax of files ( )
		concepts ( )
		default labeling ( )
		editing local files ( )
		example of routing ( )
		host types ( )
		labels and MAC enforcement ( )
		using templates ( )

	Trusted Network tools
		description ( )
		using ( )

	Trusted Network Zones tool
		configuring a multilevel port ( )
		configuring a multilevel print server ( )
		creating a multilevel port ( )
		description ( ) ( )

	Trusted Path, Device Manager ( )

	trusted path attribute, when available ( )

	Trusted Path menu, Assume Role ( )

	trusted programs
		adding ( )
		defined ( )

	trusted stripe
		on multiheaded system ( )
		warping pointer to ( )

	trustworthy programs ( )

	`tsol_ldap.tbx` file ( )

	`tsol_separator.ps` file
		configurable values ( )
		customizing labeled printing ( )

	`tsoljdsselmgr` application ( )

	`txzonemgr` script ( ) ( )


U

	unlabeled printing, configuring ( )

	`updatehome` command ( ) ( )

	Upgrade DragNDrop or CutPaste Info authorization ( )

	Upgrade File Label authorization ( )

	upgrading labels, configuring rules for selection confirmer ( )

	User Accounts tool ( )

	`useradd` command ( )

	users
		accessing devices ( ) ( )
		accessing printers ( )
		adding from NIS server ( )
		adding local user with `useradd` ( )
		assigning authorizations to ( )
		assigning labels ( )
		assigning passwords ( )
		assigning rights ( )
		assigning roles to ( )
		authorizations for ( )
		Change Password menu item ( )
		changing default privileges ( )
		creating ( )
		creating initial users ( )
		customizing environment ( )
		deletion precautions ( )
		labels of processes ( )
		lengthening timeout when relabeling ( )
		logging in remotely to the global zone ( )
		logging in to a failsafe session ( )
		modifying security defaults ( )
		modifying security defaults for all users ( )
		planning for ( )
		preventing account locking ( )
		preventing from seeing others' processes ( )
		printing ( )
		removing some privileges ( )
		requiring two roles to create user ( )
		requiring two roles to create users ( )
		restoring control of desktop focus ( )
		security precautions ( )
		security training ( ) ( ) ( )
		session range ( )
		setting up skeleton directories ( )
		startup files ( )
		using `.copy_files` file ( )
		using `.link_files` file ( )
		using devices ( )

	Using Devices in Trusted Extensions (Task Map) ( )

	`/usr/bin/tsoljdsselmgr` application ( )

	`/usr/dt/bin/trusted_edit` trusted editor ( )

	`/usr/lib/lp/postscript/tsol_separator.ps` file, labeling printer output ( )

	`/usr/local/scripts/getmounts` script ( )

	`/usr/local/scripts/getzonelabels` script ( )

	`/usr/sbin/txzonemgr` script ( ) ( )

	`/usr/sbin/txzonemgr` script ( ) ( )

	`/usr/share/gnome/sel_config` file ( )

	`utadm` command, default Sun Ray server configuration ( )


V

	`VCL.xcu` file ( )

	verifying
		interface is up ( )
		`label_encodings` file ( )
		roles are working ( )
		syntax of network databases ( )
		zone status ( )

	viewing, See accessing

	virtual network computing (vnc), See Xvnc systems running Trusted Extensions


W

	well-formed labels ( )

	wildcard address, See fallback mechanism

	workspaces
		color changes ( )
		colors indicating label of ( )
		global zone ( )


X

	X audit classes ( )

	`xatom` audit token ( )

	`xc` audit class ( )

	`xclient` audit token ( )

	`xcolormap` audit token ( )

	`xcursor` audit token ( )

	`xfont` audit token ( )

	`xgc` audit token ( )

	`xp` audit class ( )

	`xpixmap` audit token ( )

	`xproperty` audit token ( )

	`xs` audit class ( )

	`xselect` audit token ( )

	Xvnc systems running Trusted Extensions
		remote access to ( ) ( )

	`xwindow` audit token ( )

	`xx` audit class ( )


Z

	`zenity` script ( )

	ZFS
		adding dataset to labeled zone ( )
		fast zone creation method ( )
		mounting dataset read-write on labeled zone ( )
		viewing mounted dataset read-only from higher-level zone ( )

	`/zone/public/etc/dfs/dfstab` file ( )

	zones
		adding network interface ( )
		adding `nscd` daemon to each labeled zone ( )
		administering ( )
		administering from Trusted JDS ( )
		creating MLP ( )
		creating MLP for NFSv3 ( )
		deciding creation method ( )
		deleting ( )
		displaying labels of file systems ( )
		displaying status ( )
		enabling login to ( )
		global ( )
		in Trusted Extensions ( )
		isolating with default routes ( )
		managing ( )
		`net_mac_aware` privilege ( )
		removing `nscd` daemon from labeled zones ( )
		specifying default routes ( )
		specifying labels ( )
		specifying names ( )
		tool for labeling ( )
		troubleshooting access ( )
		`txzonemgr` script ( )
		`/usr/sbin/txzonemgr` script ( )
		verifying status ( )