test

Trusted Solaris Installation and Configuration

Add and Assign Remote Host Templates

Note -

If your site is using a site-specific label encodings file, you must ensure that the templates in the tnrhtp(4) accurately reflect the label_encodings file.

If you plan to mount file systems from unlabeled hosts at a label available to users, or enable communications using services such as ftp, or route through an unlabeled host, you must have a template to assign those unlabeled hosts. If you are using the label_encodings file provided on the Trusted Solaris installation CD, the tnrhtp shipped on the installation CD contains possible templates.

The tnrhdb should include the host type and IP addresses of the workstations on your network and the host type and IP addresses of any other subnets and hosts with which your Trusted Solaris 8 network can communicate. The system administrator collects the IP addresses. The security administrator determines what networks can contact the Trusted Solaris 8 network; for a list of host types, see Table 1-3.

Add an Unlabeled Remote Host Template to the tnrhtp

This procedure adds a new template, unlab_userlabel, to the tnrhtp(4) database. Creating a template for an unlabeled host type is a prerequisite to mounting an unlabeled host at a user label, such as Confidential.

Note -

You can skip this step if your site is using two files that are provided Trusted Solaris installation CD: the label_encodings file and the tnrhtp file. If you have installed your own label encodings file, you must ensure that the templates in the tnrhtp file accurately describe the hosts, labeled and unlabeled, that communicate with your site.

    Follow the procedure "How to Add a Remote Host Template".

Assign Templates to Remote Hosts

The following procedure is required to set up a working Trusted Solaris network.

    Follow the procedure "How to Assign a Remote Host Template".

Summary

The tnrhdb database must have an IP address and template name for every host or subnet that the computers in the Trusted Solaris 8 domain can communicate with:

  1. The NIS master server (that is, this host)

  2. Every NIS client that will be in the Trusted Solaris 8 domain, or its subnet wildcard mechanism nnn.nnn.nnn.0

  3. Every static router (open network only)

  4. Every other workstation with which the domain can communicate, or a wildcard address for its subnet (open network only)