|Skip Navigation Links|
|Exit Print View|
|Oracle Solaris 10 8/11 What's New Oracle Solaris 10 8/11 Information Library|
This section describes security enhancements in this release.
The new PKCS#11 provider provides access to Oracle Key Manager (OKM) functionality using standard Cryptographic and Key Management Framework interfaces in Oracle Solaris. The functionality includes:
Creating and storing private Advanced Encryption Standard (AES) keys in the OKM
Encrypting and decrypting the data using the generated keys
Deleting the stored keys
You can use the stored AES keys for symmetric cryptographic operations.
Oracle Solaris supports the following AES cipher suites in the kernel SSL (Secure Sockets Layer):
These suites are defined in RFC 3268 (AES cipher suites for Transport Layer Security). For more information, see the ksslcfg(1M) man page.
Assigning a new password no longer unlocks a locked account. This feature helps system administrators avoid inadvertently enabling a locked account.
Prior to this release, when a user account was locked (either by a system administrator or after a number of failed login attempts), the account could be unlocked in one of the following ways:
Using the passwd -u option
Deleting the password entry using the passwd -d option
Assigning a new password
You can still use passwd -u to unlock an account or passwd -d to delete the password entry and unlock the account. After deleting the password entry to unlock an account, you can then assign a new password.
For more information, see the passwd(1) man page.
Prior to this release, the root user (user id 0) was exempt from any password policy constraints configured in the /etc/default/passwd file. Starting with this release, by default, the configured password policy is applied to the root user. This configuration helps system administrators to avoid setting passwords accidentally that do not comply with the configured policy set for the system.
Starting with this release, the Oracle SSH supports the chroot capability. This feature allows the administrator to change the apparent root directory for a current running process and its children. A program running in the chroot environment cannot access directories or files outside the designated directory tree.
For more information, see the description of the ChrootDirectory option in the sshd_config(4) man page.