System Administration Guide: Security Services


C

	`-C` option, `auditreduce` command ( )

	C shell, privileged version ( )

	`c2audit:audit_load` entry, `system` file ( )

	`c2audit` module, verifying is loaded ( )

	cache, credential ( )

	`canon_user_plugin` option, SASL and ( )

	caret (`^`) in audit class prefixes ( )

	CD-ROM drives
		allocating ( )
		security ( )

	`cdrw` command, authorizations required ( )

	certificates
		exporting for use by another system ( )
		generating with `pktool gencert` command ( )
		importing into keystore ( )

	`ChallengeResponseAuthentication` keyword, See `KbdInteractiveAuthentication` keyword

	`changepw` principal ( )

	changing
		ACL entries ( )
		allocatable devices ( )
		`audit_class` file ( )
		`audit_control` file ( )
		`audit_event` file ( )
		default password algorithm ( )
		device policy ( )
		file ownership ( )
		file permissions
			absolute mode ( )
			special ( )
			symbolic mode ( )
		group ownership of file ( )
		NFS secret keys ( )
		passphrase for Solaris Secure Shell ( )
		password algorithm for a domain ( )
		password algorithm task map ( )
		password of role ( )
		properties of role ( )
		rights profile contents ( )
		rights profile from command line ( )
		`root` user into role ( )
		special file permissions ( )
		user properties from command line ( )
		your password with `kpasswd` ( )
		your password with `passwd` ( )

	`CheckHostIP` keyword, `ssh_config` file ( )

	`chgrp` command
		description ( )
		syntax ( )

	`chkey` command ( ) ( )

	`chmod` command
		changing special permissions ( ) ( )
		description ( )
		syntax ( )

	choosing, your password ( )

	`chown` command, description ( )

	`Cipher` keyword, `sshd_config` file ( )

	`Ciphers` keyword, Solaris Secure Shell ( )

	`cklist.rpt` file ( ) ( )

	`CKLISTPATH_level` variable (ASET) ( )

	classes, See audit classes

	cleaning up, binary audit files ( )

	clear protection level ( )

	`ClearAllForwardings` keyword, Solaris Secure Shell port forwarding ( )

	client names, planning for in Kerberos ( )

	`ClientAliveCountMax` keyword, Solaris Secure Shell port forwarding ( )

	`ClientAliveInterval` keyword, Solaris Secure Shell port forwarding ( )

	clients
		`AUTH_DH` client-server session ( )
		configuring for Solaris Secure Shell ( ) ( )
		configuring Kerberos ( )
		definition in Kerberos ( )

	`clntconfig` principal
		creating ( ) ( )

	clock skew
		Kerberos and ( )
		Kerberos planning and ( )

	clock synchronizing
		Kerberos master KDC and ( ) ( )
		Kerberos planning and ( )
		Kerberos slave KDC and ( )
		Kerberos slave server and ( )

	`cmd` audit token ( ) ( )

	`cnt` audit policy, description ( )

	combining audit files
		`auditreduce` command ( ) ( )
		from different zones ( )

	command execution, Solaris Secure Shell ( )

	command-line equivalents of SEAM Administration Tool ( )

	commands
		See also individual commands
		ACL commands ( )
		auditing commands ( )
		cryptographic framework commands ( )
		determining user's privileged commands ( )
		device allocation commands ( )
		device policy commands ( )
		file protection commands ( )
		for administering privileges ( )
		Kerberos ( )
		RBAC administration commands ( )
		Secure RPC commands ( )
		Solaris Secure Shell commands ( )
		that assign privileges ( )
		that check for privileges ( )
		user-level cryptographic commands ( )

	common keys
		calculating ( )
		DH authentication and ( )

	components
		BART ( )
		device allocation mechanism ( )
		RBAC ( )
		Solaris Secure Shell user session ( )

	`Compression` keyword, Solaris Secure Shell ( )

	`CompressionLevel` keyword, `ssh_config` file ( )

	Computer Emergency Response Team/Coordination Center (CERT/CC) ( )

	computer security, See system security

	computing
		DH key ( )
		digest of a file ( )
		MAC of a file ( )
		secret key ( ) ( )

	configuration decisions
		auditing
			file storage ( )
			policy ( )
			who and what to audit ( )
			zones ( )
		Kerberos
			client and service principal names ( )
			clients ( )
			clock synchronization ( )
			database propagation ( )
			encryption types ( )
			KDC server ( )
			mapping host names onto realms ( )
			number of realms ( )
			ports ( )
			realm hierarchy ( )
			realm names ( )
			realms ( )
			slave KDCs ( )
		password algorithm ( )

	configuration files
		ASET ( )
		`audit_class` file ( )
		`audit_control` file ( ) ( ) ( )
		`audit_event` file ( )
		`audit_startup` script ( )
		`audit_user` database ( )
		`device_maps` file ( )
		`nsswitch.conf` file ( )
		for password algorithms ( )
		`policy.conf` file ( ) ( ) ( )
		Solaris Secure Shell ( )
		`syslog.conf` file ( ) ( ) ( )
		`system` file ( )
		with privilege information ( )

	configuring
		`ahlt` audit policy ( )
		ASET ( ) ( )
		`audit_class` file ( )
		`audit_control` file ( )
		`audit_event` file ( )
		audit files ( )
		audit files task map ( )
		audit policy ( )
		audit policy temporarily ( )
		audit service task map ( )
		`audit_startup` script ( )
		audit trail overflow prevention ( )
		`audit_user` database ( )
		`audit_warn` script ( )
		`auditconfig` command ( )
		auditing in zones ( ) ( )
		custom roles ( )
		device allocation ( )
		device policy ( )
		devices task map ( )
		DH key for NIS+ user ( )
		DH key for NIS user ( )
		DH key in NIS ( )
		DH key in NIS+ ( )
		dial-up logins ( )
		hardware security ( )
		host-based authentication for Solaris Secure Shell ( )
		identical auditing for non-global zones ( )
		Kerberos
			adding administration principals ( ) ( )
			clients ( )
			cross-realm authentication ( )
			master KDC server ( )
			master KDC server using LDAP ( )
			NFS servers ( )
			overview ( )
			slave KDC server ( )
			task map ( )
		name service ( )
		password for hardware access ( )
		per-zone auditing ( )
		`perzone` audit policy ( )
		port forwarding in Solaris Secure Shell ( )
		RBAC ( ) ( )
		RBAC task map ( )
		rights profile from command line ( )
		rights profiles ( ) ( )
		roles ( ) ( )
			from command line ( )
		`root` user as role ( )
		Solaris Secure Shell ( )
			clients ( )
			servers ( )
		Solaris Secure Shell task map ( )
		`ssh-agent` daemon ( )
		textual audit logs ( )

	configuring application servers ( )

	`ConnectionAttempts` keyword, `ssh_config` file ( )

	console, displaying `su` command attempts ( )

	`CONSOLE` in Solaris Secure Shell ( )

	consumers, definition in cryptographic framework ( )

	context-sensitive help, SEAM Administration Tool ( )

	control manifests (BART) ( )

	controlling
		access to system hardware ( )
		system access ( )
		system usage ( )

	conversation keys
		decrypting in secure RPC ( )
		generating in secure RPC ( )

	converting
		audit records to readable format ( ) ( )

	copying
		ACL entries ( )
		files using Solaris Secure Shell ( )

	copying audit messages to single file ( )

	cost control, and auditing ( )

	`crammd5.so.1` plug-in, SASL and ( )

	creating
		audit trail
			`auditd` daemon ( )
			`auditd` daemon's role ( )
		credential table ( )
		customized role ( )
		`d_passwd` file ( )
		dial-up passwords ( ) ( )
		`/etc/d_passwd` file ( )
		file digests ( )
		keytab file ( ) ( )
		local user ( )
		new device-clean scripts ( )
		new policy (Kerberos) ( ) ( )
		new principal (Kerberos) ( )
		Operator role ( )
		partitions for binary audit files ( )
		passwords for temporary user ( )
		rights profiles ( )
		rights profiles with Solaris Management Console ( )
		roles
			for particular profiles ( )
			on command line ( )
			with limited scope ( )
		`root` user as role ( )
		secret keys
			for encryption ( ) ( )
		security-related roles ( )
		Solaris Secure Shell keys ( )
		stash file ( ) ( )
		System Administrator role ( )
		tickets with `kinit` ( )

	`cred` database
		adding client credential ( )
		adding user credential ( )
		DH authentication ( )

	`cred` table
		DH authentication and ( )
		information stored by server ( )

	credential
		cache ( )
		description ( ) ( )
		obtaining for a server ( )
		obtaining for a TGS ( )
		or tickets ( )

	credential table, adding single entry to ( )

	credentials, mapping ( )

	`crontab` files
		authorizations required ( )
		running ASET periodically ( )
		stop running ASET periodically ( )

	cross-realm authentication, configuring ( )

	`CRYPT_ALGORITHMS_ALLOW` keyword, `policy.conf` file ( )

	`CRYPT_ALGORITHMS_DEPRECATE` keyword, `policy.conf` file ( )

	`crypt_bsdbf` password algorithm ( )

	`crypt_bsdmd5` password algorithm ( )

	`crypt` command, file security ( )

	`crypt.conf` file
		changing with new password module ( )
		third-party password modules ( )

	`CRYPT_DEFAULT` keyword, `policy.conf` file ( )

	`CRYPT_DEFAULT` system variable ( )

	`crypt_sha256` password algorithm ( )

	`crypt_sunmd5` password algorithm ( ) ( )

	`crypt_unix` password algorithm ( ) ( )

	Crypto Management (RBAC)
		creating role ( )
		use of rights profile ( ) ( )

	`cryptoadm` command
		`-m` option ( ) ( )
		`-p` option ( ) ( )
		description ( )
		disabling cryptographic mechanisms ( ) ( )
		disabling hardware mechanisms ( )
		installing PKCS #11 library ( )
		listing providers ( )
		restoring kernel software provider ( )

	`cryptoadm install` command, installing PKCS #11 library ( )

	cryptographic framework
		administering with role ( )
		connecting providers ( )
		consumers ( )
		`cryptoadm` command ( ) ( )
		definition of terms ( )
		description ( )
		`elfsign` command ( ) ( )
		error messages ( )
		hardware plugins ( )
		installing providers ( )
		interacting with ( )
		listing providers ( ) ( )
		PKCS #11 library ( )
		providers ( ) ( )
		refreshing ( )
		registering providers ( )
		restarting ( )
		signing providers ( )
		task maps ( )
		user-level commands ( )
		zones and ( ) ( )

	cryptographic services, See cryptographic framework

	Cryptoki, See PKCS #11 library

	`csh` command, privileged version ( )

	`.cshrc` file, path variable entry ( )

	Custom Operator (RBAC), creating role ( )

	customizing, manifests ( )

	customizing a report (BART) ( )