Cryptographic Services and Zones

The global zone and each non-global zone has its own /system/cryptosvc service. When the cryptographic service is enabled or refreshed in the global zone, the kcfd daemon starts in the global zone, user-level policy for the global zone is set, and kernel policy for the system is set. When the service is enabled or refreshed in a non-global zone, the kcfd daemon starts in the zone, and user-level policy for the zone is set. Kernel policy was set by the global zone.

For more information on zones, see Part II, Zones, in System Administration Guide: Virtualization Using the Solaris Operating System. For more information on the service management facility that manages persistent applications, see Chapter 16, Managing Services (Overview), in System Administration Guide: Basic Administration and the smf(5) man page.

Previous: Plugins to the Solaris Cryptographic Framework
Next: Chapter??14 Solaris Cryptographic Framework (Tasks)