Trusted Extensions Configuration and Administration

Exit Print View

 
Updated: July 2014
 
 

Planning User Security in Trusted Extensions

Trusted Extensions software provides reasonable security defaults for users. These security defaults are listed in Table 1–2. Where two values are listed, the first value is the default. The security administrator can modify these defaults to reflect the site's security policy. After the security administrator sets the defaults, the system administrator can create all the users, who inherit the established defaults. For descriptions of the keywords and values for these defaults, see the label_encodings(4) and policy.conf(4) man pages.

Table 1-2  Trusted Extensions Security Defaults for User Accounts
File name
Keyword
Value
/etc/security/policy.conf
IDLECMD
lock | logout
IDLETIME
15
CRYPT_ALGORITHMS_ALLOW
1,2a,md5,5,6
CRYPT_DEFAULT
5 (sha256)
LOCK_AFTER_RETRIES
no | yes
PRIV_DEFAULT
basic
PRIV_LIMIT
all
AUTHS_GRANTED
solaris.device.cdrw
CONSOLE_USER
Console User
PROFS_GRANTED
Basic Solaris User
LOCAL DEFINITIONS section of /etc/security/tsol/label_encodings
Default User Clearance
CNF INTERNAL USE ONLY
Default User Sensitivity Label
PUBLIC
Note - The IDLECMD and IDLETIME variables apply to the login user's session. If the login user assumes a role, the user's IDLECMD and IDLETIME values are in effect for that role.

The system administrator can set up a standard user template that sets appropriate system defaults for every user. For example, by default each user's initial shell is a bash shell. The system administrator can set up a template that gives each user a pfbash shell.

Copyright © 1992, 2014, Oracle and/or its affiliates. All rights reserved. Legal Notices
Previous
Next