Edit the Trusted Network Files

The trusted network remote host database (tnrhdb) file enables the workstation to communicate with other hosts. It should include the host type and IP addresses of the workstations on your network and the host type and IP addresses of any other subnets and hosts with which your Trusted Solaris 7 network can communicate. The security administrator determines what networks can contact the Trusted Solaris 7 network; for a list of host types, see Table 1-2. The system administrator collects the IP addresses.

If you plan to mount file systems from unlabeled hosts at a label available to users, or enable communications using services such as ftp, or route through an unlabeled host, do "To Edit the Tnrhtp Database (Example)" first. Otherwise, go to "To Edit the Tnrhdb Database ".

You can change the network details later. For customizing the tnrhdb and its associated templates database, tnrhtp, see "Creating Entries in the Trusted Network Databases" in Trusted Solaris Administrator's Procedures.

To Edit the Tnrhtp Database (Example)

This example adds a new template, unlab_userlabel, to the tnrhtp(4) database. This procedure is a prerequisite to mounting an unlabeled host at a user label, such as Confidential. "Set the Label for Unlabeled File Systems (Example)" completes the setup.

1. Open the Tnrhtp database in the Database Manager using no naming service.

   See "To Open and Modify a Solstice_Apps Database" if you are unfamiliar with the steps.

2. Choose Edit > Add from the Tnrhtp menu.

3. In the Template Manager (Add) window, create a new template with the an unlabeled host type named unlab_userlabel, no UID, no GID, no forced privileges, with an admin_high clearance and a CMW label of Admin_Low[low_user_label].

   1. Enter unlab_userlabel for the template name.

   2. Select Unlabeled from the list of Host Types.

   3. Click the Def! button to use the defaults for User ID, Group ID, and Forced Privileges.

      The button is to the right of each attribute.

   4. Click the Clearance button to set the default clearance to admin_high.

      The default Failed Cross Reference Format must dominate the default label. The label admin_high dominates all labels.

      1. In the label builder, click ADMIN_HIGH.

      2. Click OK.

   5. Click the Label button to set the default CMW label to [userlabel].

      Select a Failed Cross Reference Formatavailable to users. The sensitivity label [ADMIN_LOW] is not available to users.

      1. Click the SL button and click a user sensitivity label, such as Confidential.

      2. Click OK.

4. Exit the database when the template is complete.

To Edit the Tnrhdb Database

1. Open the Tnrhdb database in the Database Manager using no naming service.

   See "To Open and Modify a Solstice_Apps Database" if you are unfamiliar with the steps.

2. Use the IP address fallback mechanism to assign one template to all hosts on your Trusted Solaris 7 subnet.

   1. Enter the subnet IP address and the template name.

      For example, enter 129.150.110.0 and tsol. The final zero signifies a subnet address; all hosts on that subnet are recognized as tsol hosts.

   2. For any exceptions on the subnet, enter the exception's IP address and its correct template.

      For example, 129.150.110.3 and unlab. This host on the subnet is an unlabeled host, an exception to the tsol fallback entry.

3. Hint: To more easily copy the IP addresses from your Hosts database, open the /etc/hosts file in the Admin Editor. You can then copy and paste the IP addresses from the editor to the tnrhdb.

4. Enter the IP address of every host in your /etc/defaultrouter or /etc/tsolgateways file, and assign to each an appropriate template name.

5. Enter the details of other subnets and hosts.

   1. Enter the fallback designation of each subnet and an appropriate template name for the subnet.

   2. Individually assign a different template to any host that is an exception to its subnet's assigned template.

      Use the details provided by your system administrator, then choose the appropriate template name from the menu. See Table 1-2 for host types and their associated templates provided by Trusted Solaris.

6. Exit the Tnrhdb database when the entries are complete.

7. Close the /etc/hosts file if you used it for copying IP addresses.

Summary

The tnrhdb database should have an IP address and template name for:

• The NIS+ root master (that is, this host)

• Every NIS+ client that will be in the Trusted Solaris 7 domain, or its subnet fallback mechanism nnn.nnn.nnn.0

• Every static router (open network only)

• Every other workstation with which the domain can communicate, or a fallback address for its subnet (open network only)