Network Interface Accreditation Range

The Minimum Label and the Maximum Label are used to set the range of labels for data that can be sent through the interface.

Full communications within a Trusted Solaris domain require an accreditation range of ADMIN_LOW to ADMIN_HIGH.

To be able to leave certain fields empty in a single template assigned to one computer or to a group of computers that is accessed through the same network interface, the Security Administrator role can specify the values in an entry that applies to that network interface.

The entries assigned to network interfaces are looked at only if certain fields are left empty in the template assigned to a computer. If a value is not found either in the template that covers the host or in an entry that applies to the interface through which the remote computer is accessed, then a set of default values is applied.

Restrict the accreditation range on a network interface with care. Network services fail unless the network interface is configured with an accreditation range that includes the labels upon which those services depend. For example, audit clients cannot write ADMIN_HIGH audit data onto the audit server unless the ADMIN_HIGH label is in the range. Full communications within a Trusted Solaris domain require an accreditation range of ADMIN_LOW to ADMIN_HIGH.