Remote Role-Based Administration From Unlabeled Hosts
In Trusted Extensions, users assume roles through the Trusted Path menu. The roles then operate in trusted workspaces. By default, roles cannot be assumed outside of the trusted path. If site policy permits, the security administrator can change the default policy. Administrators of unlabeled hosts that are running Solaris Management Console 2.1 client software can then administer trusted hosts.
-
To change the default policy, see Enable Remote Login by a Role in Trusted Extensions in Oracle Solaris Trusted Extensions Configuration Guide.
-
To administer systems remotely, see How to Log In Remotely From the Command Line in Trusted Extensions.
This policy change only applies when the user on the remote unlabeled system has a user account on the Trusted Extensions host. The Trusted Extensions user must have the ability to assume an administrative role. The role can then use the Solaris Management Console to administer the remote system.
Caution – If remote administration from a non-Trusted Extensions host is enabled, the administrative environment is less protected than a Trusted Extensions administrative workspace. Be cautious when typing passwords and other secure data. As a precaution, shut down all untrusted applications before starting the Solaris Management Console.
- © 2010, Oracle Corporation and/or its affiliates