test

Trusted Solaris Installation and Configuration

Add and Assign Remote Host Templates

Note -

If your site is using a site-specific label encodings file, you must ensure that the templates in the tnrhtp(4) accurately reflect the label_encodings file.

If you plan to mount file systems from unlabeled hosts at a label available to users, or enable communications using services such as ftp, or route through an unlabeled host, you must have a template to assign those unlabeled hosts. If you are using the label_encodings file provided on the Trusted Solaris installation CD, the tnrhtp shipped on the installation CD contains possible templates.

The tnrhdb should include the host type and IP addresses of the workstations on your network and the host type and IP addresses of any other subnets and hosts with which your Trusted Solaris 8 network can communicate. The system administrator collects the IP addresses. The security administrator determines what networks can contact the Trusted Solaris 8 network; for a list of host types, see Table 1-3.

  1. Follow the procedure for editing the tnrhtp described in "How to Add a Remote Host Template".

    Note -

    You can skip this step if your site is using two files that are provided Trusted Solaris installation CD: the label_encodings file and the tnrhtp file. If you have installed your own label encodings file, you must ensure that the templates in the tnrhtp file accurately describe the hosts, labeled and unlabeled, that communicate with your site.

  2. Follow the procedure for assigning templates to remote hosts described in "How to Assign a Remote Host Template".

    This step is required to set up a working Trusted Solaris network.

Summary

The tnrhdb database must have an IP address and template name for every host or subnet that the computers in the Trusted Solaris 8 domain can communicate with:

  1. The NIS master server (that is, this host)

  2. Every NIS client that will be in the Trusted Solaris 8 domain, or its subnet wildcard mechanism nnn.nnn.nnn.0

  3. Every static router (open network only)

  4. Every other workstation with which the domain can communicate, or a wildcard address for its subnet (open network only)