test

Solaris Trusted Extensions Installation and Configuration for Solaris 10 11/06 and Solaris 10 8/07 Releases

ProcedureInstall a Solaris System to Support Trusted Extensions

This task applies to fresh installations of the Solaris OS. If you are upgrading, see Prepare an Installed Solaris System for Trusted Extensions.

  1. When installing the Solaris OS, take the recommended action on the following installation choices.

    The choices follow the order of Solaris installation questions. Installation questions that are not mentioned in this table do not affect Trusted Extensions.

    Solaris Option 

    Trusted Extensions Behavior 

    Recommended Action 

    NIS naming service 

    NIS+ naming service 

    Trusted Extensions supports files and LDAP for a naming service. For host name resolution, DNS can be used. 

    Do not choose NIS or NIS+. You can choose None, which is equivalent to files. Later, you can configure LDAP to work with Trusted Extensions. 

    Upgrade 

    Trusted Extensions installs labeled zones with particular security characteristics. 

    If you are upgrading, go to Prepare an Installed Solaris System for Trusted Extensions.

    root password

    Administration tools in Trusted Extensions require passwords. If the root user does not have a password, then root cannot configure the system.

    Provide a root password. Do not change the default crypt_unix password encryption method. For details, see Managing Password Information in System Administration Guide: Security Services.

    Developer Group 

    Trusted Extensions uses the Solaris Management Console to administer the network. The End User group and smaller groups do not install the packages for the Solaris Management Console. 

    On any system that you plan to use to administer other systems, do not install the End User, Core, or Reduced Networking Group. 

    Select Products 

    You can install Java ES Software from this screen. 

    Do not select Solaris 10 Extra Value Software. You add Trusted Extensions software later, in Installing the Solaris Trusted Extensions Packages (Tasks).

    Custom Install 

    Because Trusted Extensions installs zones, you might need more disk space in partitions than the default installation supplies. 

    Choose Custom Install, and lay out the partitions. 

    Consider adding extra swap space for roles. If you plan to clone zones, create a 2000 MB partition for the ZFS pool. 

    For auditing files, best practice is to create a dedicated partition.