JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle VM Server for SPARC 2.0 Administration Guide
Oracle Technology Network
Library
PDF
Print View
Feedback
search filter icon
search icon

Document Information

Preface

1.  Overview of the Oracle VM Server for SPARC Software

2.  Installing and Enabling Software

3.  Security

Logical Domains Manager Authorization

Creating Authorization and Profiles and Assigning Roles for User Accounts

Managing User Authorizations

Add an Authorization for a User

Delete All Authorizations for a User

Managing User Profiles

Add a Profile for a User

Delete All Profiles for a User

Assigning Roles to Users

Create a Role and Assign the Role to a User

Configuring RBAC for Guest Console Access

Enabling and Using BSM Auditing

Enable BSM Auditing

Verify That BSM Auditing Is Enabled

Disable BSM Auditing

Print Audit Output

Rotate Audit Logs

4.  Setting Up Services and the Control Domain

5.  Setting Up Guest Domains

6.  Setting Up I/O Domains

7.  Using Virtual Disks

8.  Using Virtual Networks

9.  Migrating Domains

10.  Managing Resources

11.  Managing Configurations

12.  Performing Other Administration Tasks

A.  Oracle VM Server for SPARC Physical-to-Virtual Conversion Tool

B.  Oracle VM Server for SPARC Configuration Assistant

C.  Logical Domains Manager Discovery

D.  Using the XML Interface With the Logical Domains Manager

E.  Logical Domains Manager XML Schemas

Glossary

Index

Configuring RBAC for Guest Console Access

The vntsd daemon provides an SMF property named vntsd/authorization. This property can be configured to enable the authorization checking of users and roles for a domain console or a console group. To enable authorization checking, use the svccfg command to set the value of this property to true. While this option is enabled, vntsd listens and accepts connections only on localhost. If the listen_addr property specifies an alternate IP address when vntsd/authorization is enabled, vntsd ignores the alternate IP address and continues to listen only on localhost.

By default, an authorization to access all guest consoles is added to the auth_attr database, when the vntsd service is enabled.

solaris.vntsd.consoles:::Access All LDoms Guest Consoles::

Superuser can use the usermod command to assign the required authorizations to other users or roles. This permits only the user or role who has the required authorizations to access a given domain console or console groups.

The following example gives user terry the authorization to access all domain consoles:

# usermod -A "solaris.vntsd.consoles" terry

The following example adds a new authorization for a specific domain console with the name ldg1 and assigns that authorization to a user sam:

  1. Add the new authorization entry to the auth_attr file for domain ldg1.

    solaris.vntsd.console-ldg1:::Access Specific LDoms Guest Console::

  2. Assign this authorization to user sam:

    # usermod -A "solaris.vntsd.console-ldg1" sam

For more information about authorizations and RBAC, see System Administration Guide: Security Services.

Copyright © 2007, 2010, Oracle and/or its affiliates. All rights reserved. Legal Notices
Previous Next