JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Trusted Extensions Configuration and Administration     Oracle Solaris 11 Information Library
search filter icon
search icon

Document Information


Part I Initial Configuration of Trusted Extensions

1.  Security Planning for Trusted Extensions

2.  Configuration Roadmap for Trusted Extensions

3.  Adding the Trusted Extensions Feature to Oracle Solaris (Tasks)

4.  Configuring Trusted Extensions (Tasks)

5.  Configuring LDAP for Trusted Extensions (Tasks)

Part II Administration of Trusted Extensions

6.  Trusted Extensions Administration Concepts

7.  Trusted Extensions Administration Tools

8.  Security Requirements on a Trusted Extensions System (Overview)

9.  Performing Common Tasks in Trusted Extensions (Tasks)

10.  Users, Rights, and Roles in Trusted Extensions (Overview)

11.  Managing Users, Rights, and Roles in Trusted Extensions (Tasks)

12.  Remote Administration in Trusted Extensions (Tasks)

13.  Managing Zones in Trusted Extensions (Tasks)

14.  Managing and Mounting Files in Trusted Extensions (Tasks)

15.  Trusted Networking (Overview)

16.  Managing Networks in Trusted Extensions (Tasks)

17.  Trusted Extensions and LDAP (Overview)

18.  Multilevel Mail in Trusted Extensions (Overview)

19.  Managing Labeled Printing (Tasks)

20.  Devices in Trusted Extensions (Overview)

21.  Managing Devices for Trusted Extensions (Tasks)

22.  Trusted Extensions Auditing (Overview)

23.  Software Management in Trusted Extensions (Reference)

A.  Site Security Policy

Creating and Managing a Security Policy

Site Security Policy and Trusted Extensions

Computer Security Recommendations

Physical Security Recommendations

Personnel Security Recommendations

Common Security Violations

Additional Security References

B.  Configuration Checklist for Trusted Extensions

Checklist for Configuring Trusted Extensions

C.  Quick Reference to Trusted Extensions Administration

Administrative Interfaces in Trusted Extensions

Oracle Solaris Interfaces Extended by Trusted Extensions

Tighter Security Defaults in Trusted Extensions

Limited Options in Trusted Extensions

D.  List of Trusted Extensions Man Pages

Trusted Extensions Man Pages in Alphabetical Order

Oracle Solaris Man Pages That Are Modified by Trusted Extensions




Trusted Extensions Configuration and Administration provides procedures for enabling and initially configuring the Trusted Extensions feature on the Oracle Solaris operating system (Oracle Solaris OS). This guide also provides procedures for managing users, zones, devices, and hosts on a Trusted Extensions system.

Note - This Oracle Solaris release supports systems that use the SPARC and x86 families of processor architectures. The supported systems appear in the Oracle Solaris OS: Hardware Compatibility Lists. This document cites any implementation differences between the platform types.

Who Should Use This Guide

This guide is for knowledgeable system administrators and security administrators who are configuring and administering Trusted Extensions software. The level of trust that is required by your site security policy, and your level of expertise, determine who can perform the configuration tasks.

Administrators should be familiar with Oracle Solaris administration. In addition, administrators should understand the following:

Trusted Extensions and the Oracle Solaris Operating System

Trusted Extensions runs on top of the Oracle Solaris OS. Because Trusted Extensions software can modify the Oracle Solaris OS, Trusted Extensions can require specific settings for Oracle Solaris installation options. Part I of this guide describes how to prepare the Oracle Solaris OS for Trusted Extensions, how to enable Trusted Extensions, and how to initially configure the software. Part II of this guide describes how to administer the uniquely Trusted Extensions features of the system.

How the Trusted Extensions Guides Are Organized

The following table lists the topics that are covered in the Trusted Extensions guides and the audience for each guide.

Title of Guide
Describes the basic features of Trusted Extensions. This guide contains a glossary.
End users, administrators, developers
Part I describes how to prepare for, enable, and initially configure Trusted Extensions.

Part II describes how to administer a Trusted Extensions system. This guide contains a glossary.

Administrators, developers
Describes how to develop applications with Trusted Extensions.
Developers, administrators
Provides information about how to specify label components in the label encodings file.
Describes the syntax used in the label encodings file. The syntax enforces the various rules for well-formed labels for a system.

Related System Administration Guides

The following guides contain information that is useful when you prepare for and run Trusted Extensions software.

Book Title
Booting and shutting down a system, managing boot services, modifying boot behavior, booting from ZFS, managing the boot archive, and troubleshooting booting on SPARC platforms
Booting and shutting down a system, managing boot services, modifying boot behavior, booting from ZFS, managing the boot archive, and troubleshooting booting on x86 platforms
Using Oracle Solaris commands, booting and shutting down a system, managing user accounts and groups, managing services, hardware faults, system information, system resources, and system performance, managing software, printing, the console and terminals, and troubleshooting system and software problems
Removable media, disks and devices, file systems, and backing up and restoring data
TCP/IP network administration, IPv4 and IPv6 address administration, DHCP, IPsec, IKE, IP Filter, and IPQoS
DNS, NIS, and LDAP naming and directory services, including transitioning from NIS to LDAP
Automatic and manual IP interface configuration including WiFi wireless; administration of bridges, VLANs, aggregations, LLDP, and IPMP; virtual NICs and resource management.
Web cache servers, time-related services, network file systems (NFS and autofs), mail, SLP, and PPP
Resource management features, which enable you to control how applications use available system resources; Oracle Solaris Zones software partitioning technology, which virtualizes operating system services to create an isolated environment for running applications; and Oracle Solaris 10 Zones, which host Oracle Solaris 10 environments running on the Oracle Solaris 11 kernel
Auditing, device management, file security, BART, Kerberos services, PAM, Cryptographic Framework, Key Management, privileges, RBAC, SASL, Secure Shell, and virus scanning
SMB service, which enables you to configure an Oracle Solaris system to make SMB shares available to SMB clients; SMB client, which enables you to access SMB shares; and native identity mapping services, which enables you to map user and group identities between Oracle Solaris systems and Windows systems
ZFS storage pool and file system creation and management, snapshots, clones, backups, using access control lists (ACLs) to protect ZFS files, and using ZFS on an Oracle Solaris system with zones installed
System installation, configuration, and administration that is specific to Trusted Extensions
Securing an Oracle Solaris system, as well as usage scenarios for its security features, such as zones, ZFS, and Trusted Extensions
Provides system administration information and examples for transitioning from Oracle Solaris 10 to Oracle Solaris 11 in the areas of installation, device, disk, and file system management, software management, networking, system management, security, virtualization, desktop features, user account management, and user environments emulated volumes, and troubleshooting and data recovery

Related References

Your site security policy document – Describes the security policy and security procedures at your site

The administrator guide for your currently installed operating system – Describes how to back up system files

Related Third-Party Web Site References

Third-party URLs are referenced in this document and provide additional, related information.

Note - Oracle is not responsible for the availability of third-party web sites that are mentioned in this document. Oracle does not endorse and is not responsible or liable for any content, advertising, products, or other materials that are available on or through such sites or resources. Oracle will not be responsible or liable for any actual or alleged damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any such content, goods, or services that are available on or through such sites or resources.

Access to Oracle Support

Oracle customers have access to electronic support through My Oracle Support. For information, visit or visit if you are hearing impaired.

Typographic Conventions

The following table describes the typographic conventions that are used in this book.

Table P-1 Typographic Conventions

The names of commands, files, and directories, and onscreen computer output
Edit your .login file.

Use ls -a to list all files.

machine_name% you have mail.

What you type, contrasted with onscreen computer output
machine_name% su


Placeholder: replace with a real name or value
The command to remove a file is rm filename.
Book titles, new terms, and terms to be emphasized
Read Chapter 6 in the User's Guide.

A cache is a copy that is stored locally.

Do not save the file.

Note: Some emphasized items appear bold online.

Shell Prompts in Command Examples

The following table shows the default UNIX system prompt and superuser prompt for shells that are included in the Oracle Solaris OS. Note that the default system prompt that is displayed in command examples varies, depending on the Oracle Solaris release.

Table P-2 Shell Prompts

Bash shell, Korn shell, and Bourne shell
Bash shell, Korn shell, and Bourne shell for superuser
C shell
C shell for superuser