1. Overview of the Oracle VM Server for SPARC Software
2. Installing and Enabling Software
Logical Domains Manager Authorization
Creating Authorization and Profiles and Assigning Roles for User Accounts
Add an Authorization for a User
Delete All Authorizations for a User
Delete All Profiles for a User
Create a Role and Assign the Role to a User
Enabling and Using BSM Auditing
Verify That BSM Auditing Is Enabled
4. Setting Up Services and the Control Domain
12. Performing Other Administration Tasks
A. Oracle VM Server for SPARC Physical-to-Virtual Conversion Tool
B. Oracle VM Server for SPARC Configuration Assistant
C. Logical Domains Manager Discovery
D. Using the XML Interface With the Logical Domains Manager
The vntsd daemon provides an SMF property named vntsd/authorization. This property can be configured to enable the authorization checking of users and roles for a domain console or a console group. To enable authorization checking, use the svccfg command to set the value of this property to true. While this option is enabled, vntsd listens and accepts connections only on localhost. If the listen_addr property specifies an alternate IP address when vntsd/authorization is enabled, vntsd ignores the alternate IP address and continues to listen only on localhost.
By default, an authorization to access all guest consoles is added to the auth_attr database, when the vntsd service is enabled.
solaris.vntsd.consoles:::Access All LDoms Guest Consoles::
Superuser can use the usermod command to assign the required authorizations to other users or roles. This permits only the user or role who has the required authorizations to access a given domain console or console groups.
The following example gives user terry the authorization to access all domain consoles:
# usermod -A "solaris.vntsd.consoles" terry
The following example adds a new authorization for a specific domain console with the name ldg1 and assigns that authorization to a user sam:
Add the new authorization entry to the auth_attr file for domain ldg1.
solaris.vntsd.console-ldg1:::Access Specific LDoms Guest Console::
Assign this authorization to user sam:
# usermod -A "solaris.vntsd.console-ldg1" sam
For more information about authorizations and RBAC, see System Administration Guide: Security Services.