How to Configure an IPv6 CIPSO Network in Trusted Extensions - Trusted Extensions Configuration and Administration

Trusted Extensions Configuration and Administration

Exit Print View

» ...Documentation Home » Oracle Solaris 11.2 Information Library » Trusted Extensions Configuration and ... » Initial Configuration of Trusted Extensions » Configuring Trusted Extensions » Setting Up the Global Zone in Trusted Extensions » How to Configure an IPv6 CIPSO Network in ...

Updated: July 2014

Trusted Extensions Configuration and Administration

Document Information

Using This Documentation

Part I Initial Configuration of Trusted Extensions

Chapter 1 Security Planning for Trusted Extensions

What's New in Trusted Extensions in Oracle Solaris 11.2

Planning for Security in Trusted Extensions

Results of Enabling Trusted Extensions From an Administrator's Perspective

Chapter 2 Configuration Roadmap for Trusted Extensions

Task Map: Preparing for and Enabling Trusted Extensions

Task Map: Choosing a Trusted Extensions Configuration

Task Map: Configuring Trusted Extensions With the Provided Defaults

Task Map: Configuring Trusted Extensions to Meet Your Site's Requirements

Chapter 3 Adding the Trusted Extensions Feature to Oracle Solaris

Initial Setup Team Responsibilities

Resolving Security Issues Before Installing Trusted Extensions

Installing and Enabling Trusted Extensions

Chapter 4 Configuring Trusted Extensions

Setting Up the Global Zone in Trusted Extensions

How to Check and Install Your Label Encodings File

How to Configure an IPv6 CIPSO Network in Trusted Extensions

How to Configure a Different Domain of Interpretation

Creating Labeled Zones

How to Create a Default Trusted Extensions System

How to Create Labeled Zones Interactively

How to Assign Labels to Two Zone Workspaces

How to Create Labeled Zones by Using the zonecfg Command

Configuring the Network Interfaces in Trusted Extensions

How to Share a Single IP Address With All Zones

How to Add an IP Instance to a Labeled Zone

How to Add a Virtual Network Interface to a Labeled Zone

How to Connect a Trusted Extensions System to Other Trusted Extensions Systems

How to Configure a Separate Name Service for Each Labeled Zone

Creating Roles and Users in Trusted Extensions

How to Create the Security Administrator Role in Trusted Extensions

How to Create a System Administrator Role

How to Create Users Who Can Assume Roles in Trusted Extensions

How to Verify That the Trusted Extensions Roles Work

How to Enable Users to Log In to a Labeled Zone

Creating Centralized Home Directories in Trusted Extensions

How to Create the Home Directory Server in Trusted Extensions

How to Enable Users to Access Their Remote Home Directories at Every Label by Logging In to Each NFS Server

How to Enable Users to Access Their Remote Home Directories by Configuring the Automounter on Each Server

Troubleshooting Your Trusted Extensions Configuration

How to Move Desktop Panels to the Bottom of the Screen

Additional Trusted Extensions Configuration Tasks

How to Create a Secondary Labeled Zone

How to Create and Share a Multilevel Dataset

How to Copy Files to Portable Media in Trusted Extensions

How to Copy Files From Portable Media in Trusted Extensions

How to Remove Trusted Extensions From the System

Chapter 5 Configuring LDAP for Trusted Extensions

Configuring LDAP on a Trusted Extensions Network

Configuring an LDAP Proxy Server on a Trusted Extensions System

Configuring the Oracle Directory Server Enterprise Edition on a Trusted Extensions System

Creating a Trusted Extensions Proxy for an Existing Oracle Directory Server Enterprise Edition

Creating a Trusted Extensions LDAP Client

Part II Administration of Trusted Extensions

Appendix A Site Security Policy

Appendix B Configuration Checklist for Trusted Extensions

Appendix C Quick Reference to Trusted Extensions Administration

Appendix D List of Trusted Extensions Man Pages

Language:

How to Configure an IPv6 CIPSO Network in Trusted Extensions

For IPv6, Trusted Extensions uses the Common Architecture Label IPv6 Security Option (CALIPSO) as the security labeling protocol. No configuration is required. If you must communicate with systems that run the obsolete Trusted Extensions IPv6 CIPSO protocol, perform this procedure. To communicate with other CALIPSO systems, do not perform this procedure.

Caution

Caution - A system that uses the CALIPSO for IPv6 protocol cannot communicate with any systems that use the obsolete TX IPv6 CIPSO protocol because these protocols are incompatible.

The obsolete Trusted Extensions IPv6 CIPSO options do not have an Internet Assigned Numbers Authority (IANA) number to use in the IPv6 Option Type field of a packet. The entry that you set in this procedure supplies a number to use on the local network.

Before You Begin

Perform this procedure if you must communicate with systems that use the proprietary yet obsolete Trusted Extensions IPv6 CIPSO security labeling option.

You are in the root role in the global zone.

Type the following entry into the /etc/system file:
```
set ip:ip6opt_ls = 0x0a
```

Troubleshooting

If error messages during boot indicate that your IPv6 CIPSO configuration is incorrect, correct the entry. For example, a misspelled entry produces the following message: sorry, variable 'ip6opt_1d' is not defined in the 'ip' module. Verify that the entry is spelled correctly.

Correct the entry.
Verify that the system has been rebooted after adding the correct entry to the /etc/system file.

Next Steps

You must reboot the system before configuring LDAP or creating labeled zones.

Copyright © 1992, 2014, Oracle and/or its affiliates. All rights reserved. Legal Notices