Security Enhancements

The following networking features and enhancements have been added to the Solaris 10 10/08 release.

Separation of Duty Enforcement Through the Solaris Management Console

This feature enforces that two or more people are required to manage users through the Solaris Management Console (SMC). Separation of duty is enforced by rule. The System Administrator role creates users, but cannot assign passwords and rights. The Security Administrator role assigns passwords and rights, but cannot create users.

Separation of Duty is an accreditation requirement for government customers. SMC now supports this feature and makes it easier to achieve security-level certification.

For more information, see Create Rights Profiles That Enforce Separation of Duty in Solaris Trusted Extensions Configuration Guide.

SHA256/SHA512 crypt(3C) Plug-in

This feature provides an additional pair of crypt(3C) plug-ins based on the SHA256 and SHA512 digest algorithms. This plug-in provides a crypt(3C) hash that uses FIPS 140-2 approved algorithms and discontinues using MD5–based hashes.

pam_list Module

The pam_list module provides functions to validate the user's account on a specific host based on a list of users and netgroups. This module can be used as a quick replacement for account validation through the passwd_compat mode.

For more information, see the pam_list(5) man page.