JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Solaris 11.1 Administration: Security Services     Oracle Solaris 11.1 Information Library
search filter icon
search icon

Document Information

Preface

Part I Security Overview

1.  Security Services (Overview)

Part II System, File, and Device Security

2.  Managing Machine Security (Overview)

3.  Controlling Access to Systems (Tasks)

4.  Virus Scanning Service (Tasks)

5.  Controlling Access to Devices (Tasks)

6.  Verifying File Integrity by Using BART (Tasks)

7.  Controlling Access to Files (Tasks)

Part III Roles, Rights Profiles, and Privileges

8.  Using Roles and Privileges (Overview)

9.  Using Role-Based Access Control (Tasks)

10.  Security Attributes in Oracle Solaris (Reference)

Part IV Cryptographic Services

11.  Cryptographic Framework (Overview)

12.  Cryptographic Framework (Tasks)

13.  Key Management Framework

Part V Authentication Services and Secure Communication

14.  Using Pluggable Authentication Modules

15.  Using Secure Shell

16.  Secure Shell (Reference)

17.  Using Simple Authentication and Security Layer

18.  Network Services Authentication (Tasks)

Part VI Kerberos Service

19.  Introduction to the Kerberos Service

20.  Planning for the Kerberos Service

21.  Configuring the Kerberos Service (Tasks)

22.  Kerberos Error Messages and Troubleshooting

23.  Administering Kerberos Principals and Policies (Tasks)

24.  Using Kerberos Applications (Tasks)

25.  The Kerberos Service (Reference)

Part VII Auditing in Oracle Solaris

26.  Auditing (Overview)

27.  Planning for Auditing

28.  Managing Auditing (Tasks)

29.  Auditing (Reference)

Glossary

Index

Numbers and Symbols

A

B

C

D

E

F

G

H

I

K

L

M

N

O

P

Q

R

S

T

U

V

W

X

Z

D

-D option, ppriv command, index iconHow to Determine Which Privileges a Program Requires
-d option
auditreduce command
index iconHow to Select Audit Events From the Audit Trail
index iconHow to Select Audit Events From the Audit Trail
daemons
kcfd, index iconAdministrative Commands in the Cryptographic Framework
keyserv, index iconHow to Restart the Secure RPC Keyserver
nscd (name service cache daemon), index iconCommands That Manage RBAC
running with privileges, index iconAdministrative Differences on a System With Privileges
ssh-agent, index iconHow to Reduce Password Prompts in Secure Shell
sshd, index iconA Typical Secure Shell Session
table of Kerberos, index iconKerberos Daemons
Data Encryption Standard, See DES encryption
data forwarding, Secure Shell, index iconCommand Execution and Data Forwarding in Secure Shell
databases
auth_attr, index iconauth_attr Database
backing up and propagating KDC, index iconBacking Up and Propagating the Kerberos Database
creating KDC, index iconHow to Manually Configure a Master KDC
cred for Secure RPC, index iconDiffie-Hellman Authentication and Secure RPC
exec_attr, index iconexec_attr Database
KDC propagation, index iconWhich Database Propagation System to Use
NFS secret keys, index iconImplementation of Diffie-Hellman Authentication
prof_attr, index iconprof_attr Database
publickey for Secure RPC, index iconDiffie-Hellman Authentication and Secure RPC
RBAC, index iconRBAC Databases
user_attr, index iconuser_attr Database
deallocate command
allocate error state
index iconAllocate Error State
index iconAllocate Error State
authorizations required
index iconDevice Allocation Commands
index iconSelected Commands That Require Authorizations
device-clean scripts and, index iconDevice-Clean Scripts
using, index iconHow to Deallocate a Device
deallocating
devices, index iconHow to Deallocate a Device
forcibly, index iconHow to Forcibly Deallocate a Device
microphone, index iconHow to Deallocate a Device
debugging sequence number, index iconsequence Token
decrypt command
description, index iconUser-Level Commands in the Cryptographic Framework
syntax, index iconHow to Encrypt and Decrypt a File
decrypting
conversation keys for Secure RPC, index iconImplementation of Diffie-Hellman Authentication
files, index iconHow to Encrypt and Decrypt a File
NFS secret keys, index iconImplementation of Diffie-Hellman Authentication
secret keys, index iconImplementation of Diffie-Hellman Authentication
default/login file, description, index iconSecure Shell Files
default_realm section
krb5.conf file
index iconHow to Manually Configure a Master KDC
index iconHow to Configure a KDC to Use an LDAP Data Server
defaults
audit service, index iconAudit Service
privilege settings in policy.conf file, index iconFiles With Privilege Information
system-wide in policy.conf file, index iconPassword Encryption
umask value, index iconDefault umask Value
definitive control flag, PAM, index iconHow PAM Stacking Works
delegating, RBAC authorizations, index iconDelegation Authority in Authorizations
delete_entry command, ktutil command, index iconHow to Temporarily Disable Authentication for a Service on a Host
deleting
archived audit files, index iconHow to Prevent Audit Trail Overflow
audit files, index iconHow to Merge Audit Files From the Audit Trail
host's service, index iconHow to Temporarily Disable Authentication for a Service on a Host
not_terminated audit files, index iconHow to Clean Up a not_terminated Audit File
policies (Kerberos), index iconHow to Delete a Kerberos Policy
principal (Kerberos), index iconHow to Delete a Kerberos Principal
DenyGroups keyword, sshd_config file, index iconKeywords in Secure Shell
DenyUsers keyword, sshd_config file, index iconKeywords in Secure Shell
DES encryption, kernel provider, index iconHow to List Available Providers
DES encryption, Secure NFS, index iconDES Encryption With Secure NFS
destroying, tickets with kdestroy, index iconDestroying Kerberos Tickets
determining
audit ID of a user, index iconHow to Update the Preselection Mask of Logged In Users
auditing is running, index iconHow to Determine That Auditing Is Running
files with setuid permissions, index iconHow to Find Files With Special File Permissions
privileges on a process, index iconHow to Determine the Privileges on a Process
privileges task map, index iconUsing Privileges (Tasks)
/dev/arp device, getting IP MIB-II information, index iconHow to Retrieve IP MIB-II Information From a /dev/* Device
devfsadm command, description, index iconDevice Policy Commands
device_allocate file
description, index icondevice_allocate File
format, index icondevice_allocate File
sample
index iconHow to Change Which Devices Can Be Allocated
index icondevice_allocate File
device allocation
adding devices, index iconManaging Device Allocation (Task Map)
allocatable devices
index icondevice_allocate File
index icondevice_allocate File
allocate error state, index iconAllocate Error State
allocating devices, index iconHow to Allocate a Device
auditing, index iconHow to Audit Device Allocation
authorizations, index iconDevice Allocation Rights Profiles
authorizations for commands, index iconDevice Allocation Commands
authorizing users to allocate, index iconHow to Authorize Users to Allocate a Device
changing allocatable devices, index iconHow to Change Which Devices Can Be Allocated
commands, index iconDevice Allocation Commands
components of mechanism, index iconComponents of Device Allocation
configuration file, index icondevice_maps File
deallocate command
device-clean scripts and, index iconDevice-Clean Scripts
using, index iconHow to Deallocate a Device
deallocating devices, index iconHow to Deallocate a Device
device_allocate file, index icondevice_allocate File
device-clean scripts
description, index iconDevice-Clean Scripts
options, index iconDevice-Clean Scripts
writing new scripts, index iconDevice-Clean Scripts
device_maps file, index icondevice_maps File
disabling, index iconHow to Enable Device Allocation
enabling
index iconHow to Enable Device Allocation
index iconHow to Enable Device Allocation
examples, index iconHow to Allocate a Device
forcibly allocating devices, index iconHow to Forcibly Allocate a Device
forcibly deallocating devices, index iconHow to Forcibly Deallocate a Device
making device allocatable, index iconHow to Enable Device Allocation
managing devices, index iconManaging Device Allocation (Task Map)
mounting devices, index iconHow to Mount an Allocated Device
not requiring authorization, index iconHow to Change Which Devices Can Be Allocated
preventing, index iconHow to Change Which Devices Can Be Allocated
requiring authorization, index iconHow to Change Which Devices Can Be Allocated
rights profiles, index iconDevice Allocation Rights Profiles
SMF service, index iconDevice Allocation Service
task map, index iconManaging Device Allocation (Task Map)
troubleshooting
index iconHow to Allocate a Device
index iconHow to Mount an Allocated Device
troubleshooting permissions, index iconHow to View Allocation Information About a Device
unmounting allocated device, index iconHow to Deallocate a Device
user procedures, index iconManaging Device Allocation (Tasks)
using, index iconManaging Device Allocation (Tasks)
using allocate command, index iconHow to Allocate a Device
viewing information, index iconHow to View Allocation Information About a Device
device-clean scripts
description, index iconDevice-Clean Scripts
media
index icondevice_allocate File
index iconDevice-Clean Scripts
object reuse, index iconDevice-Clean Scripts
options, index iconDevice-Clean Scripts
writing new scripts, index iconDevice-Clean Scripts
device management, See device policy
Device Management rights profile, index iconDevice Allocation Rights Profiles
device_maps file
description, index icondevice_maps File
format, index icondevice_maps File
sample entries, index icondevice_maps File
device policy
add_drv command, index iconDevice Policy Commands
auditing changes, index iconHow to Audit Changes in Device Policy
commands, index iconDevice Policy Commands
configuring, index iconConfiguring Device Policy (Tasks)
kernel protection, index iconDevice Protection (Reference)
managing devices, index iconConfiguring Device Policy (Task Map)
overview
index iconControlling Access to Devices
index iconDevice Policy (Overview)
task map, index iconConfiguring Device Policy (Task Map)
update_drv command, index iconDevice Policy Commands
viewing, index iconHow to View Device Policy
Device Security rights profile
index iconHow to Enable Device Allocation
index iconDevice Allocation Rights Profiles
devices
allocating for use, index iconManaging Device Allocation (Tasks)
auditing allocation of, index iconHow to Audit Device Allocation
auditing policy changes, index iconHow to Audit Changes in Device Policy
authorizing users to allocate, index iconHow to Authorize Users to Allocate a Device
changing which are allocatable, index iconHow to Change Which Devices Can Be Allocated
deallocating a device, index iconHow to Deallocate a Device
device allocation
See device allocation
forcibly allocating, index iconHow to Forcibly Allocate a Device
forcibly deallocating, index iconHow to Forcibly Deallocate a Device
getting IP MIB-II information, index iconHow to Retrieve IP MIB-II Information From a /dev/* Device
listing, index iconHow to View Device Policy
listing device names, index iconHow to View Allocation Information About a Device
login access control, index iconRemote Logins
making allocatable, index iconHow to Enable Device Allocation
managing, index iconConfiguring Device Policy (Task Map)
managing allocation of, index iconManaging Device Allocation (Task Map)
mounting allocated devices, index iconHow to Mount an Allocated Device
not requiring authorization for use, index iconHow to Change Which Devices Can Be Allocated
policy commands, index iconDevice Policy Commands
preventing use of all, index iconHow to Change Which Devices Can Be Allocated
preventing use of some, index iconHow to Change Which Devices Can Be Allocated
privilege model and, index iconPrivileges and Devices
protecting by device allocation, index iconControlling Access to Devices
protecting in the kernel, index iconControlling Access to Devices
security, index iconControlling Access to Devices
superuser model and, index iconPrivileges and Devices
unmounting allocated device, index iconHow to Deallocate a Device
viewing allocation information, index iconHow to View Allocation Information About a Device
viewing device policy, index iconHow to View Device Policy
zones and, index iconControlling Access to Devices
DH authentication
configuring in NIS, index iconHow to Set Up a Diffie-Hellman Key for an NIS Host
description, index iconDiffie-Hellman Authentication and Secure RPC
for NIS client, index iconHow to Set Up a Diffie-Hellman Key for an NIS Host
mounting files with, index iconHow to Share NFS Files With Diffie-Hellman Authentication
sharing files with, index iconHow to Share NFS Files With Diffie-Hellman Authentication
Diffie-Hellman authentication, See DH authentication
digest command
description, index iconUser-Level Commands in the Cryptographic Framework
example, index iconHow to Compute a Digest of a File
syntax, index iconHow to Compute a Digest of a File
digestmd5.so.1 plug-in, SASL and, index iconSASL Plug-ins
digests
computing for file, index iconHow to Compute a Digest of a File
of files
index iconHow to Compute a Digest of a File
index iconHow to Compute a Digest of a File
direct realms, index iconHow to Establish Direct Cross-Realm Authentication
directories
See also files
displaying files and related information
index iconCommands for Viewing and Securing Files
index iconHow to Display File Information
permissions
defaults, index iconDefault umask Value
description, index iconUNIX File Permissions
public directories, index iconSticky Bit
DisableBanner keyword, ssh_config file, index iconKeywords in Secure Shell
disabling
32-bit executables that compromise security, index iconProtecting Executable Files From Compromising Security
abort sequence, index iconHow to Disable a System's Abort Sequence
audit policy, index iconHow to Change Audit Policy
audit service, index iconHow to Disable the Audit Service
cryptographic mechanisms, index iconHow to Prevent the Use of a User-Level Mechanism
device allocation, index iconHow to Enable Device Allocation
executable stacks, index iconHow to Disable Programs From Using Executable Stacks
hardware mechanisms, index iconHow to Disable Hardware Provider Mechanisms and Features
keyboard abort, index iconHow to Disable a System's Abort Sequence
keyboard shutdown, index iconHow to Disable a System's Abort Sequence
logging of executable stack messages, index iconHow to Disable Programs From Using Executable Stacks
logins temporarily, index iconHow to Temporarily Disable User Logins
programs from using executable stacks, index iconHow to Disable Programs From Using Executable Stacks
remote root access, index iconHow to Restrict and Monitor root Logins
service on a host (Kerberos), index iconHow to Temporarily Disable Authentication for a Service on a Host
system abort sequence, index iconHow to Disable a System's Abort Sequence
user logins, index iconHow to Temporarily Disable User Logins
disk space, for binary audit files, index iconHow to Create ZFS File Systems for Audit Files
disk space requirements, audit files, index iconCost of Storage of Audit Data
displaying
allocatable devices, index iconHow to View Allocation Information About a Device
audit policies, index iconHow to Change Audit Policy
audit policy defaults, index iconHow to Display Audit Service Defaults
audit queue controls
index iconHow to Display Audit Service Defaults
index iconHow to Change Audit Queue Controls
audit record definitions, index iconHow to Display Audit Record Definitions
audit records, index iconHow to View the Contents of Binary Audit Files
audit records in XML format, index iconHow to View the Contents of Binary Audit Files
auditing defaults, index iconHow to Display Audit Service Defaults
definition of audit records, index iconHow to Display Audit Record Definitions
device policy, index iconHow to View Device Policy
exceptions to system-wide auditing, index iconHow to Display Audit Service Defaults
file information, index iconHow to Display File Information
files and related information, index iconCommands for Viewing and Securing Files
providers in the Cryptographic Framework, index iconHow to List Available Providers
roles you can assume
index iconHow to Assume a Role
index iconCommands That Manage RBAC
root access attempts, index iconHow to Restrict and Monitor root Logins
selected audit records, index iconHow to Merge Audit Files From the Audit Trail
su command attempts, index iconHow to Restrict and Monitor root Logins
sublist of principals (Kerberos), index iconHow to View the List of Kerberos Principals
user's login status
index iconHow to Display a User's Login Status
index iconHow to Display a User's Login Status
users with no passwords, index iconHow to Display Users Without Passwords
dminfo command, index icondevice_maps File
DNS, Kerberos and, index iconClient and Service Principal Names
domain_realm section
krb5.conf file
index iconMapping Host Names Onto Realms
index iconHow to Manually Configure a Master KDC
index iconHow to Configure a KDC to Use an LDAP Data Server
dot (.)
authorization name separator, index iconAuthorization Naming Conventions
displaying hidden files, index iconHow to Display File Information
double dollar sign ($$), parent shell process number, index iconHow to Determine the Privileges on a Process
DSAAuthentication keyword, See PubkeyAuthentication keyword
duplicating, principals (Kerberos), index iconHow to Duplicate a Kerberos Principal
DynamicForward keyword, ssh_config file, index iconKeywords in Secure Shell