|Skip Navigation Links|
|Exit Print View|
|Oracle Solaris Trusted Extensions Configuration and Administration Oracle Solaris 11 Express 11/10|
As in the Oracle Solaris OS, a setting in the /etc/default/login file on each host must be changed to allow remote logins. Additionally, the pam.conf file might need to be modified. In Trusted Extensions, the security administrator is responsible for the change. For the procedures, see Enable Remote Login by root User in Trusted Extensions and Enable Remote Login by a Role in Trusted Extensions.
On both Trusted Extensions and Oracle Solaris hosts, remote logins might or might not require authorization. Remote Login Management in Trusted Extensions describes the conditions and types of logins that require authorization. By default, roles have the Remote Login authorization.
In Trusted Extensions, users assume roles through the Trusted Path menu. The roles then operate in trusted workspaces. By default, roles cannot be assumed outside of the trusted path. If site policy permits, the security administrator can change the default policy.
To change the default policy, see Enable Remote Login by a Role in Trusted Extensions.
To administer systems remotely, see How to Log In Remotely From the Command Line in Trusted Extensions.
This policy change only applies when the user on the remote unlabeled system has a user account on the Trusted Extensions host. The Trusted Extensions user must have the ability to assume an administrative role.
Caution - If remote administration from a non-Trusted Extensions host is enabled, the administrative environment is less protected than a Trusted Extensions administrative workspace. Be cautious when typing passwords and other secure data.
A remote login between two Trusted Extensions hosts is considered to be an extension of the current login session.
An authorization is not required when the rlogin command does not prompt for a password. If an /etc/hosts.equiv file or a .rhosts file in the user's home directory on the remote host lists either the username or the host from which the remote login is being attempted, no password is required. For more information, see the rhosts(4) and rlogin(1) man pages.
For all other remote logins, including logins with the ftp command, the Remote Login authorization is required.
To create a rights profile that includes the Remote Login authorization, see Managing Users and Rights (Task Map).