NAME | SYNOPSIS | DESCRIPTION | ATTRIBUTES | OPTIONS | FILES | SEE ALSO | NOTES
tokmapd implements the SATMP token-mapping protocol to support the labeling of information transferred over the trusted network. The information is labeled using tokens that represent attribute values. tokmapd is responsible for mapping tokens to attribute values and vice versa. tokmapd accepts token-mapping requests from the kernel and from token-mapping servers on other hosts.
tokmapd must be started from the trusted path and must inherit the net_privaddr
, proc_setclr
, and proc_setsl
privileges. tokmapd should
be run at sensitivity label ADMIN_HIGH
.
If tokmapd is stopped and its on-disk cache reinitialized or removed, the machine should be rebooted.
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
---|---|
Availability | SUNWtsu |
Set tokmapd debugging level to level. Debugging level 1 produces minimal output showing when messages are sent and received. Level 3 shows the contents of the headers of messages. Level 5 shows detailed information including buffer addresses and contents. Levels above 5 show additional internal information.
Write any debugging output to logfile. If logfile already exists, the debugging output is appended to it. If this option is not specified, the default logfile /var/tsol/tokmapdlog is used.
Set the size of the token store in-memory cache to cachesize. cachesize specifies how many entries of each attribute type to keep in the cache. The default is 10.
Listen on satmp_port for SATMP and tokmapctl requests. This option is intended for debugging only. If this option is not specified, port 90 is used.
Listen on kernel_port for token-mapping requests from the kernel. This option is intended for debugging only. If this option is not specified, port 10800 is used.
Use timeout seconds as the timeout period before retrying a request that has been sent to another token-mapping server but has received no reply. If this option is not specified, a timeout interval of 5 seconds is used.
Resend requests to other token-mapping servers a maximum of retries times. If this option is not specified, a retry limit of 5 is used.
Use retry_interval milliseconds as the interval between checks for the need to do retries. The default interval is 100 milliseconds.
Place the token store and host-list files in the path directory. If this option is not specified, the files are stored in /etc/security/tsol.
Token store file
Token store file
Token store file
Token store file
Logfile of debugging output
The token store is checked for consistency each time tokmapd is started. If the token store was not properly flushed to disk at the last shutdown, or if other inconsistencies are found, the token-store contents are deleted and the token store is reinitialized.
These interfaces are uncommitted. Although they are not expected to change between minor releases of the Trusted Solaris environment, they may.
NAME | SYNOPSIS | DESCRIPTION | ATTRIBUTES | OPTIONS | FILES | SEE ALSO | NOTES