System Administration Guide: Security Services
    
P
 
 p_minfree attribute, audit_warn condition ( Index Term Link )
 
 packages, Solaris Secure Shell ( Index Term Link )
 
 packet transfers
  firewall security ( Index Term Link )
  packet smashing ( Index Term Link )
 
 PAM
  adding a module ( Index Term Link )
  configuration file
   control flags ( Index Term Link )
   introduction ( Index Term Link )
   stacking diagrams ( Index Term Link )
   stacking example ( Index Term Link )
   stacking explained ( Index Term Link )
   syntax ( Index Term Link )
  /etc/syslog.conf file ( Index Term Link )
  framework ( Index Term Link )
  Kerberos and ( Index Term Link ) ( Index Term Link )
  overview ( Index Term Link )
  planning ( Index Term Link )
  task map ( Index Term Link )
 
 pam.conf file
  See PAM configuration file
  Kerberos and ( Index Term Link )
 
 pam_roles command, description ( Index Term Link )
 
 PAMAuthenticationViaKBDInt keyword, sshd_config file ( Index Term Link )
 
 panels, table of SEAM Administration Tool ( Index Term Link )
 
 passphrases
  changing for Solaris Secure Shell ( Index Term Link )
  encrypt command ( Index Term Link )
  example ( Index Term Link )
  generating in KMF ( Index Term Link )
  mac command ( Index Term Link )
  storing safely ( Index Term Link )
  using for MAC ( Index Term Link )
  using in Solaris Secure Shell ( Index Term Link ) ( Index Term Link )
 
 PASSREQ in Solaris Secure Shell ( Index Term Link )
 
 passwd command
  and kpasswd command ( Index Term Link )
  and name services ( Index Term Link )
  changing password of role ( Index Term Link )
 
 passwd file
  and /etc/d_passwd file ( Index Term Link )
  ASET checks ( Index Term Link )
 
 password authentication, Solaris Secure Shell ( Index Term Link )
 
 PasswordAuthentication keyword, Solaris Secure Shell ( Index Term Link )
 
 passwords
  authentication in Solaris Secure Shell ( Index Term Link )
  changing role password ( Index Term Link )
  changing with kpasswd command ( Index Term Link )
  changing with passwd -r command ( Index Term Link )
  changing with passwd command ( Index Term Link )
  creating for dial-up ( Index Term Link )
  dial-up passwords
   disabling temporarily ( Index Term Link )
   /etc/d_passwd file ( Index Term Link )
  disabling dial-up temporarily ( Index Term Link )
  displaying users with no passwords ( Index Term Link )
  eliminating in Solaris Secure Shell ( Index Term Link )
  eliminating in Solaris Secure Shell in CDE ( Index Term Link )
  encryption algorithms ( Index Term Link )
  finding users with no passwords ( Index Term Link )
  granting access without revealing ( Index Term Link )
  hardware access and ( Index Term Link )
  installing third-party encryption module ( Index Term Link )
  LDAP ( Index Term Link )
   specifying new password algorithm ( Index Term Link )
  local ( Index Term Link )
  login security ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
  managing ( Index Term Link )
  modifying a principal's password ( Index Term Link )
  NIS ( Index Term Link )
   specifying new password algorithm ( Index Term Link )
  NIS+ ( Index Term Link )
   specifying new password algorithm ( Index Term Link )
  policies and ( Index Term Link )
  PROM security mode ( Index Term Link ) ( Index Term Link )
  protecting
   keystore ( Index Term Link )
   PKCS #12 file ( Index Term Link )
  requiring for hardware access ( Index Term Link )
  secret-key decryption for Secure RPC ( Index Term Link )
  specifying algorithm ( Index Term Link )
   in name services ( Index Term Link )
   locally ( Index Term Link )
  suggestions on choosing ( Index Term Link )
  system logins ( Index Term Link ) ( Index Term Link )
  task map ( Index Term Link )
  UNIX and Kerberos ( Index Term Link )
  using Blowfish encryption algorithm for ( Index Term Link )
  using MD5 encryption algorithm for ( Index Term Link )
  using new algorithm ( Index Term Link )
 
 path_attr audit token ( Index Term Link ) ( Index Term Link )
 
 path audit policy, description ( Index Term Link )
 
 path audit token, format ( Index Term Link )
 
 PATH environment variable
  and security ( Index Term Link )
  setting ( Index Term Link )
 
 PATH in Solaris Secure Shell ( Index Term Link )
 
 PERIODIC_SCHEDULE variable (ASET) ( Index Term Link ) ( Index Term Link )
 
 permissions
  ACLs and ( Index Term Link )
  ASET handling of ( Index Term Link ) ( Index Term Link )
  changing file permissions
   absolute mode ( Index Term Link ) ( Index Term Link )
   chmod command ( Index Term Link )
   symbolic mode ( Index Term Link ) ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
  defaults ( Index Term Link )
  directory permissions ( Index Term Link )
  file permissions
   absolute mode ( Index Term Link ) ( Index Term Link )
   changing ( Index Term Link ) ( Index Term Link )
   description ( Index Term Link )
   special permissions ( Index Term Link ) ( Index Term Link )
   symbolic mode ( Index Term Link ) ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
  finding files with setuid permissions ( Index Term Link )
  setgid permissions
   absolute mode ( Index Term Link ) ( Index Term Link )
   description ( Index Term Link )
   symbolic mode ( Index Term Link )
  setuid permissions
   absolute mode ( Index Term Link ) ( Index Term Link )
   description ( Index Term Link )
   security risks ( Index Term Link )
   symbolic mode ( Index Term Link )
  special file permissions ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
  sticky bit ( Index Term Link )
  tune files (ASET) ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
  UFS ACLs and ( Index Term Link )
  umask value ( Index Term Link )
  user classes and ( Index Term Link )
 
 PermitEmptyPasswords keyword, sshd_config file ( Index Term Link )
 
 PermitRootLogin keyword, sshd_config file ( Index Term Link )
 
 permitted privilege set ( Index Term Link )
 
 PermitUserEnvironment keyword, sshd_config file ( Index Term Link )
 
 perzone audit policy
  description ( Index Term Link )
  setting ( Index Term Link )
  using ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
  when to use ( Index Term Link )
 
 pfcsh command, description ( Index Term Link )
 
 pfexec command, description ( Index Term Link )
 
 pfksh command, description ( Index Term Link )
 
 pfsh command, description ( Index Term Link )
 
 physical security, description ( Index Term Link )
 
 PKCS #11 library
  adding provider library ( Index Term Link )
  in Solaris Cryptographic Framework ( Index Term Link )
 
 PKCS #11 softtokens, managing keystore ( Index Term Link )
 
 PKCS #12 files, protecting ( Index Term Link )
 
 pkcs11_kernel.so user-level provider ( Index Term Link )
 
 pkcs11_softtoken.so user-level provider ( Index Term Link )
 
 pkgadd command
  installing third-party providers ( Index Term Link )
  installing third-party software ( Index Term Link )
 
 PKI
  managed by KMF ( Index Term Link )
  policy managed by KMF ( Index Term Link )
 
 pktool command
  creating self-signed certificate ( Index Term Link )
  export subcommand ( Index Term Link )
  gencert subcommand ( Index Term Link )
  generating secret keys ( Index Term Link )
  import subcommand ( Index Term Link )
  list subcommand ( Index Term Link )
  managing PKI objects ( Index Term Link )
  setpin subcommand ( Index Term Link )
 
 plain.so.1 plug-in, SASL and ( Index Term Link )
 
 planning
  auditing ( Index Term Link )
  auditing in zones ( Index Term Link )
  auditing task map ( Index Term Link )
  Kerberos
   client and service principal names ( Index Term Link )
   clock synchronization ( Index Term Link )
   configuration decisions ( Index Term Link )
   database propagation ( Index Term Link )
   number of realms ( Index Term Link )
   ports ( Index Term Link )
   realm hierarchy ( Index Term Link )
   realm names ( Index Term Link )
   realms ( Index Term Link )
   slave KDCs ( Index Term Link )
  PAM ( Index Term Link )
  RBAC ( Index Term Link )
 
 pluggable authentication module, See PAM
 
 plugin line
  audit_control file ( Index Term Link )
  p_* attributes ( Index Term Link )
  qsize attribute ( Index Term Link )
 
 plugin_list option, SASL and ( Index Term Link )
 
 plugins
  in audit service ( Index Term Link )
  in cryptographic framework ( Index Term Link )
  loaded by auditd daemon ( Index Term Link )
  SASL and ( Index Term Link )
 
 plus sign (+)
  ACL entry ( Index Term Link )
  audit class prefix ( Index Term Link )
  entry in sulog file ( Index Term Link )
  file permissions symbol ( Index Term Link )
 
 policies
  administering ( Index Term Link ) ( Index Term Link )
  creating (Kerberos) ( Index Term Link )
  creating new (Kerberos) ( Index Term Link )
  deleting ( Index Term Link )
  for auditing ( Index Term Link )
  modifying ( Index Term Link )
  on devices ( Index Term Link )
  overview ( Index Term Link )
  passwords and ( Index Term Link )
  SEAM Administration Tool panels for ( Index Term Link )
  specifying password algorithm ( Index Term Link )
  task map for administering ( Index Term Link )
  viewing attributes ( Index Term Link )
  viewing list of ( Index Term Link )
 
 policy
  definition in cryptographic framework ( Index Term Link )
  definition in Solaris OS ( Index Term Link )
 
 policy.conf file
  adding password encryption module ( Index Term Link )
  Basic Solaris User rights profile ( Index Term Link )
  description ( Index Term Link ) ( Index Term Link )
  keywords
   for password algorithms ( Index Term Link )
   for privileges ( Index Term Link ) ( Index Term Link )
   for RBAC authorizations ( Index Term Link )
   for rights profiles ( Index Term Link )
  specifying encryption algorithms in ( Index Term Link )
  specifying password algorithm
   in name services ( Index Term Link )
  specifying password algorithms ( Index Term Link )
 
 port forwarding
  configuring in Solaris Secure Shell ( Index Term Link )
  Solaris Secure Shell ( Index Term Link ) ( Index Term Link )
 
 Port keyword, Solaris Secure Shell ( Index Term Link )
 
 ports, for Kerberos KDC ( Index Term Link )
 
 postdated ticket
  definition ( Index Term Link )
  description ( Index Term Link )
 
 postsigterm string, audit_warn script ( Index Term Link )
 
 pound sign (#)
  device_allocate file ( Index Term Link )
  device_maps file ( Index Term Link )
 
 ppriv command
  for debugging ( Index Term Link )
  listing privileges ( Index Term Link )
 
 praudit command
  converting audit records to readable format ( Index Term Link ) ( Index Term Link )
  DTD for -x option ( Index Term Link )
  options ( Index Term Link )
  output formats ( Index Term Link )
  piping auditreduce output to ( Index Term Link )
  use in a script ( Index Term Link )
  viewing audit records ( Index Term Link )
  with no options ( Index Term Link )
  XML format ( Index Term Link )
 
 PreferredAuthentications keyword, ssh_config file ( Index Term Link )
 
 prefixes for audit classes ( Index Term Link )
 
 preselecting, audit classes ( Index Term Link )
 
 preselection in auditing ( Index Term Link )
 
 preselection mask (auditing)
  description ( Index Term Link )
  reducing storage costs ( Index Term Link )
  system-wide ( Index Term Link )
 
 preventing
  access to system hardware ( Index Term Link )
  audit trail overflow ( Index Term Link )
  executables from compromising security ( Index Term Link )
  kernel software provider use ( Index Term Link )
  use of hardware mechanism ( Index Term Link )
 
 primary, in principal names ( Index Term Link )
 
 Primary Administrator (RBAC)
  assuming role ( Index Term Link )
  recommended role ( Index Term Link )
  rights profile contents ( Index Term Link )
 
 primary audit directory ( Index Term Link )
 
 principal
  adding administration ( Index Term Link ) ( Index Term Link )
  adding service principal to keytab ( Index Term Link ) ( Index Term Link )
  administering ( Index Term Link ) ( Index Term Link )
  automating creation of ( Index Term Link )
  creating ( Index Term Link )
  creating clntconfig ( Index Term Link ) ( Index Term Link )
  creating host ( Index Term Link ) ( Index Term Link )
  deleting ( Index Term Link )
  duplicating ( Index Term Link )
  Kerberos ( Index Term Link )
  modifying ( Index Term Link )
  principal name ( Index Term Link )
  removing from keytab file ( Index Term Link )
  removing service principal from keytab ( Index Term Link )
  SEAM Administration Tool panels for ( Index Term Link )
  service principal ( Index Term Link )
  setting up defaults ( Index Term Link )
  task map for administering ( Index Term Link )
  user ID comparison ( Index Term Link )
  user principal ( Index Term Link )
  viewing attributes ( Index Term Link )
  viewing list of ( Index Term Link )
  viewing sublist of principals ( Index Term Link )
 
 principal file, description ( Index Term Link )
 
 principal.kadm5 file, description ( Index Term Link )
 
 principal.kadm5.lock file, description ( Index Term Link )
 
 principal.ok file, description ( Index Term Link )
 
 principal.ulog file, description ( Index Term Link )
 
 principle of least privilege ( Index Term Link )
 
 print format field, arbitrary token ( Index Term Link )
 
 Printer Management rights profile ( Index Term Link )
 
 printing, audit log ( Index Term Link )
 
 PrintMotd keyword, sshd_config file ( Index Term Link )
 
 priv.debug entry, syslog.conf file ( Index Term Link )
 
 PRIV_DEFAULT keyword
  policy.conf file ( Index Term Link ) ( Index Term Link )
 
 PRIV_LIMIT keyword
  policy.conf file ( Index Term Link ) ( Index Term Link )
 
 PRIV_PROC_LOCK_MEMORY privilege ( Index Term Link ) ( Index Term Link )
 
 privacy
  availability ( Index Term Link )
  Kerberos and ( Index Term Link )
  security service ( Index Term Link )
 
 private keys
  See also secret keys
  definition in Kerberos ( Index Term Link )
  Solaris Secure Shell identity files ( Index Term Link )
 
 private protection level ( Index Term Link )
 
 privilege audit token ( Index Term Link ) ( Index Term Link )
 
 privilege checking, in applications ( Index Term Link )
 
 privilege sets
  adding privileges to ( Index Term Link )
  basic ( Index Term Link )
  effective ( Index Term Link )
  inheritable ( Index Term Link )
  limit ( Index Term Link )
  listing ( Index Term Link )
  permitted ( Index Term Link )
  removing privileges from ( Index Term Link )
 
 privileged application
  authorization checking ( Index Term Link )
  description ( Index Term Link )
  ID checking ( Index Term Link )
  privilege checking ( Index Term Link )
 
 privileged ports, alternative to Secure RPC ( Index Term Link )
 
 privileges
  adding to command ( Index Term Link )
  administering ( Index Term Link )
  assigning to a command ( Index Term Link )
  assigning to a script ( Index Term Link )
  assigning to a user ( Index Term Link )
  assigning to user or role ( Index Term Link )
  auditing and ( Index Term Link )
  categories ( Index Term Link )
  commands ( Index Term Link )
  compared to superuser model ( Index Term Link )
  debugging ( Index Term Link ) ( Index Term Link )
  description ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
  determining directly assigned ones ( Index Term Link )
  devices and ( Index Term Link )
  differences from superuser model ( Index Term Link )
  effects on SEAM Administration Tool ( Index Term Link )
  escalation ( Index Term Link )
  executing commands with privilege ( Index Term Link )
  files ( Index Term Link )
  finding missing ( Index Term Link )
  how to use ( Index Term Link )
  implemented in sets ( Index Term Link )
  inherited by processes ( Index Term Link )
  limiting use by user or role ( Index Term Link )
  listing on a process ( Index Term Link )
  PRIV_PROC_LOCK_MEMORY ( Index Term Link ) ( Index Term Link )
  processes with assigned privileges ( Index Term Link )
  programs aware of privileges ( Index Term Link )
  protecting kernel processes ( Index Term Link )
  removing from a user ( Index Term Link )
  removing from basic set ( Index Term Link )
  removing from limit set ( Index Term Link )
  task map ( Index Term Link )
  troubleshooting requirements for ( Index Term Link )
  using in shell script ( Index Term Link )
 
 privileges file, description ( Index Term Link )
 
 PROC privileges ( Index Term Link )
 
 process audit characteristics
  audit ID ( Index Term Link )
  audit session ID ( Index Term Link )
  process preselection mask ( Index Term Link )
  terminal ID ( Index Term Link )
 
 process audit class ( Index Term Link )
 
 process audit token, format ( Index Term Link )
 
 process modify audit class ( Index Term Link )
 
 process preselection mask, description ( Index Term Link )
 
 process privileges ( Index Term Link )
 
 process rights management, See privileges
 
 process start audit class ( Index Term Link )
 
 processing time costs, of audit service ( Index Term Link )
 
 prof_attr database
  description ( Index Term Link )
  summary ( Index Term Link )
 
 .profile file, path variable entry ( Index Term Link )
 
 profile shells, description ( Index Term Link )
 
 profiles, See rights profiles
 
 profiles command, description ( Index Term Link )
 
 PROFS_GRANTED keyword, policy.conf file ( Index Term Link )
 
 programs
  checking for RBAC authorizations ( Index Term Link )
  privilege-aware ( Index Term Link ) ( Index Term Link )
 
 project.max-locked-memory resource control ( Index Term Link ) ( Index Term Link )
 
 PROM security mode ( Index Term Link )
 
 propagation
  KDC database ( Index Term Link )
  Kerberos database ( Index Term Link )
 
 protecting
  BIOS, pointer to ( Index Term Link )
  by using passwords with cryptographic framework ( Index Term Link )
  contents of keystore ( Index Term Link )
  files with cryptographic framework ( Index Term Link )
  PROM ( Index Term Link )
  system from risky programs ( Index Term Link )
 
 protecting files
  task map ( Index Term Link )
  user procedures ( Index Term Link )
  with ACLs ( Index Term Link )
  with ACLs task map ( Index Term Link )
  with UFS ACLs ( Index Term Link )
  with UNIX permissions ( Index Term Link ) ( Index Term Link )
  with UNIX permissions task map ( Index Term Link )
 
 protection level
  clear ( Index Term Link )
  private ( Index Term Link )
  safe ( Index Term Link )
  setting in ftp ( Index Term Link )
 
 Protocol keyword, ssh_config file ( Index Term Link )
 
 providers
  adding library ( Index Term Link )
  adding software provider ( Index Term Link )
  adding user-level software provider ( Index Term Link )
  connecting to cryptographic framework ( Index Term Link )
  definition as plugins ( Index Term Link ) ( Index Term Link )
  definition in cryptographic framework ( Index Term Link )
  disabling hardware mechanisms ( Index Term Link )
  installing ( Index Term Link )
  listing hardware providers ( Index Term Link )
  listing in cryptographic framework ( Index Term Link )
  preventing use of kernel software provider ( Index Term Link )
  registering ( Index Term Link )
  restoring use of kernel software provider ( Index Term Link )
  signing ( Index Term Link )
 
 proxiable ticket, definition ( Index Term Link )
 
 proxy ticket, definition ( Index Term Link )
 
 ProxyCommand keyword, ssh_config file ( Index Term Link )
 
 pseudo-tty, use in Solaris Secure Shell ( Index Term Link )
 
 PubkeyAuthentication keyword, Solaris Secure Shell ( Index Term Link )
 
 public audit policy
  description ( Index Term Link )
  read-only events ( Index Term Link )
 
 public directories
  auditing ( Index Term Link )
  sticky bit and ( Index Term Link )
 
 public key authentication, Solaris Secure Shell ( Index Term Link )
 
 public key cryptography
  AUTH_DH client-server session ( Index Term Link )
  changing NFS public keys and secret keys ( Index Term Link )
  common keys
   calculation ( Index Term Link )
  database of public keys for Secure RPC ( Index Term Link )
  generating keys
   conversation keys for Secure NFS ( Index Term Link )
   using Diffie-Hellman ( Index Term Link )
  NFS secret keys ( Index Term Link )
 
 public key technologies, See PKI
 
 public keys
  changing passphrase ( Index Term Link )
  DH authentication and ( Index Term Link )
  generating public-private key pair ( Index Term Link )
  Solaris Secure Shell identity files ( Index Term Link )
 
 public objects, auditing ( Index Term Link )
 
 publickey map, DH authentication ( Index Term Link )
 
 pwcheck_method option, SASL and ( Index Term Link )