System Administration Guide: Security Services
    
C
 
 -C option, auditreduce command ( Index Term Link )
 
 C shell, privileged version ( Index Term Link )
 
 c2audit:audit_load entry, system file ( Index Term Link )
 
 c2audit module, verifying is loaded ( Index Term Link )
 
 cache, credential ( Index Term Link )
 
 canon_user_plugin option, SASL and ( Index Term Link )
 
 caret (^) in audit class prefixes ( Index Term Link )
 
 CD-ROM drives
  allocating ( Index Term Link )
  security ( Index Term Link )
 
 cdrw command, authorizations required ( Index Term Link )
 
 certificates
  exporting for use by another system ( Index Term Link )
  generating with pktool gencert command ( Index Term Link )
  importing into keystore ( Index Term Link )
 
 ChallengeResponseAuthentication keyword, See KbdInteractiveAuthentication keyword
 
 changing
  ACL entries ( Index Term Link )
  allocatable devices ( Index Term Link )
  audit_class file ( Index Term Link )
  audit_control file ( Index Term Link )
  audit_event file ( Index Term Link )
  default password algorithm ( Index Term Link )
  device policy ( Index Term Link )
  file ownership ( Index Term Link )
  file permissions
   absolute mode ( Index Term Link )
   special ( Index Term Link )
   symbolic mode ( Index Term Link )
  group ownership of file ( Index Term Link )
  NFS secret keys ( Index Term Link )
  passphrase for Solaris Secure Shell ( Index Term Link )
  password algorithm for a domain ( Index Term Link )
  password algorithm task map ( Index Term Link )
  password of role ( Index Term Link )
  properties of role ( Index Term Link )
  rights profile contents ( Index Term Link )
  rights profile from command line ( Index Term Link )
  root user into role ( Index Term Link )
  special file permissions ( Index Term Link )
  user properties from command line ( Index Term Link )
  your password with kpasswd ( Index Term Link )
  your password with passwd ( Index Term Link )
 
 CheckHostIP keyword, ssh_config file ( Index Term Link )
 
 chgrp command
  description ( Index Term Link )
  syntax ( Index Term Link )
 
 chkey command ( Index Term Link ) ( Index Term Link )
 
 chmod command
  changing special permissions ( Index Term Link ) ( Index Term Link )
  description ( Index Term Link )
  syntax ( Index Term Link )
 
 choosing, your password ( Index Term Link )
 
 chown command, description ( Index Term Link )
 
 Cipher keyword, sshd_config file ( Index Term Link )
 
 Ciphers keyword, Solaris Secure Shell ( Index Term Link )
 
 classes, See audit classes
 
 cleaning up, binary audit files ( Index Term Link )
 
 clear protection level ( Index Term Link )
 
 ClearAllForwardings keyword, Solaris Secure Shell port forwarding ( Index Term Link )
 
 client names, planning for in Kerberos ( Index Term Link )
 
 ClientAliveCountMax keyword, Solaris Secure Shell port forwarding ( Index Term Link )
 
 ClientAliveInterval keyword, Solaris Secure Shell port forwarding ( Index Term Link )
 
 clients
  AUTH_DH client-server session ( Index Term Link )
  configuring for Solaris Secure Shell ( Index Term Link ) ( Index Term Link )
  configuring Kerberos ( Index Term Link )
  definition in Kerberos ( Index Term Link )
 
 clntconfig principal
  creating ( Index Term Link ) ( Index Term Link )
 
 clock skew
  Kerberos and ( Index Term Link )
  Kerberos planning and ( Index Term Link )
 
 clock synchronizing
  Kerberos master KDC and ( Index Term Link ) ( Index Term Link )
  Kerberos planning and ( Index Term Link )
  Kerberos slave KDC and ( Index Term Link )
  Kerberos slave server and ( Index Term Link )
 
 cmd audit token ( Index Term Link )
 
 cnt audit policy, description ( Index Term Link )
 
 combining audit files
  auditreduce command ( Index Term Link ) ( Index Term Link )
  from different zones ( Index Term Link )
 
 command execution, Solaris Secure Shell ( Index Term Link )
 
 command-line equivalents of SEAM Administration Tool ( Index Term Link )
 
 commands
  See also individual commands
  ACL commands ( Index Term Link )
  auditing commands ( Index Term Link )
  cryptographic framework commands ( Index Term Link )
  determining user's privileged commands ( Index Term Link )
  device allocation commands ( Index Term Link )
  device policy commands ( Index Term Link )
  file protection commands ( Index Term Link )
  for administering privileges ( Index Term Link )
  Kerberos ( Index Term Link )
  RBAC administration commands ( Index Term Link )
  Secure RPC commands ( Index Term Link )
  Solaris Secure Shell commands ( Index Term Link )
  that assign privileges ( Index Term Link )
  that check for privileges ( Index Term Link )
  user-level cryptographic commands ( Index Term Link )
 
 common keys
  calculating ( Index Term Link )
  DH authentication and ( Index Term Link )
 
 components
  BART ( Index Term Link )
  device allocation mechanism ( Index Term Link )
  RBAC ( Index Term Link )
  Solaris Secure Shell user session ( Index Term Link )
 
 Compression keyword, Solaris Secure Shell ( Index Term Link )
 
 CompressionLevel keyword, ssh_config file ( Index Term Link )
 
 Computer Emergency Response Team/Coordination Center (CERT/CC) ( Index Term Link )
 
 computer security, See system security
 
 computing
  DH key ( Index Term Link )
  digest of a file ( Index Term Link )
  MAC of a file ( Index Term Link )
  secret key ( Index Term Link ) ( Index Term Link )
 
 configuration decisions
  auditing
   file storage ( Index Term Link )
   policy ( Index Term Link )
   who and what to audit ( Index Term Link )
   zones ( Index Term Link )
  Kerberos
   client and service principal names ( Index Term Link )
   clients ( Index Term Link )
   clock synchronization ( Index Term Link )
   database propagation ( Index Term Link )
   encryption types ( Index Term Link )
   KDC server ( Index Term Link )
   mapping host names onto realms ( Index Term Link )
   number of realms ( Index Term Link )
   ports ( Index Term Link )
   realm hierarchy ( Index Term Link )
   realm names ( Index Term Link )
   realms ( Index Term Link )
   slave KDCs ( Index Term Link )
  password algorithm ( Index Term Link )
 
 configuration files
  audit_class file ( Index Term Link )
  audit_control file ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
  audit_event file ( Index Term Link )
  audit_user database ( Index Term Link )
  device_maps file ( Index Term Link )
  nsswitch.conf file ( Index Term Link )
  for password algorithms ( Index Term Link )
  policy.conf file ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
  Solaris Secure Shell ( Index Term Link )
  syslog.conf file ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
  system file ( Index Term Link )
  with privilege information ( Index Term Link )
 
 configuring
  ahlt audit policy ( Index Term Link )
  audit_class file ( Index Term Link )
  audit_control file ( Index Term Link )
  audit_event file ( Index Term Link )
  audit files ( Index Term Link )
  audit files task map ( Index Term Link )
  audit policy ( Index Term Link )
  audit policy temporarily ( Index Term Link )
  audit queue parameters ( Index Term Link ) ( Index Term Link )
  audit service task map ( Index Term Link )
  audit trail overflow prevention ( Index Term Link )
  audit_user database ( Index Term Link )
  audit_warn script ( Index Term Link )
  auditconfig command ( Index Term Link )
  auditd queue parameters ( Index Term Link )
  auditd service policy ( Index Term Link )
  auditing ( Index Term Link )
  auditing in zones ( Index Term Link ) ( Index Term Link )
  custom roles ( Index Term Link )
  device allocation ( Index Term Link )
  device policy ( Index Term Link )
  devices task map ( Index Term Link )
  DH key for NIS+ user ( Index Term Link )
  DH key for NIS user ( Index Term Link )
  DH key in NIS ( Index Term Link )
  DH key in NIS+ ( Index Term Link )
  dial-up logins ( Index Term Link )
  exceptions to Solaris Secure Shell system defaults ( Index Term Link )
  hardware security ( Index Term Link )
  host-based authentication for Solaris Secure Shell ( Index Term Link )
  identical auditing for non-global zones ( Index Term Link )
  Kerberos
   adding administration principals ( Index Term Link ) ( Index Term Link )
   clients ( Index Term Link )
   cross-realm authentication ( Index Term Link )
   master KDC server ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
   master KDC server using LDAP ( Index Term Link )
   NFS servers ( Index Term Link )
   overview ( Index Term Link )
   slave KDC server ( Index Term Link ) ( Index Term Link ) ( Index Term Link )
   task map ( Index Term Link )
  name service ( Index Term Link )
  password for hardware access ( Index Term Link )
  per-zone auditing ( Index Term Link )
  perzone audit policy ( Index Term Link )
  port forwarding in Solaris Secure Shell ( Index Term Link )
  RBAC ( Index Term Link ) ( Index Term Link )
  RBAC task map ( Index Term Link )
  rights profile from command line ( Index Term Link )
  rights profiles ( Index Term Link ) ( Index Term Link )
  roles ( Index Term Link ) ( Index Term Link )
   from command line ( Index Term Link )
  root user as role ( Index Term Link )
  Solaris Secure Shell ( Index Term Link )
   clients ( Index Term Link )
   servers ( Index Term Link )
  Solaris Secure Shell task map ( Index Term Link )
  textual audit logs ( Index Term Link )
 
 configuring application servers ( Index Term Link )
 
 ConnectionAttempts keyword, ssh_config file ( Index Term Link )
 
 console, displaying su command attempts ( Index Term Link )
 
 CONSOLE in Solaris Secure Shell ( Index Term Link )
 
 Console User (RBAC), rights profile ( Index Term Link )
 
 CONSOLE_USER keyword, policy.conf file ( Index Term Link )
 
 consumers, definition in cryptographic framework ( Index Term Link )
 
 context-sensitive help, SEAM Administration Tool ( Index Term Link )
 
 control manifests (BART) ( Index Term Link )
 
 controlling
  access to system hardware ( Index Term Link )
  system access ( Index Term Link )
  system usage ( Index Term Link )
 
 conversation keys
  decrypting in secure RPC ( Index Term Link )
  generating in secure RPC ( Index Term Link )
 
 converting
  audit records to readable format ( Index Term Link ) ( Index Term Link )
 
 copying
  ACL entries ( Index Term Link )
  files using Solaris Secure Shell ( Index Term Link )
 
 copying audit messages to single file ( Index Term Link )
 
 cost control, and auditing ( Index Term Link )
 
 crammd5.so.1 plug-in, SASL and ( Index Term Link )
 
 creating
  audit trail
   auditd daemon ( Index Term Link )
   auditd daemon's role ( Index Term Link )
  credential table ( Index Term Link )
  customized role ( Index Term Link )
  d_passwd file ( Index Term Link )
  dial-up passwords ( Index Term Link ) ( Index Term Link )
  /etc/d_passwd file ( Index Term Link )
  file digests ( Index Term Link )
  local user ( Index Term Link )
  new device-clean scripts ( Index Term Link )
  new policy (Kerberos) ( Index Term Link ) ( Index Term Link )
  new principal (Kerberos) ( Index Term Link )
  Operator role ( Index Term Link )
  partitions for binary audit files ( Index Term Link )
  passwords for temporary user ( Index Term Link )
  rights profiles ( Index Term Link )
  rights profiles with Solaris Management Console ( Index Term Link )
  roles
   for particular profiles ( Index Term Link )
   on command line ( Index Term Link )
   with limited scope ( Index Term Link )
  root user as role ( Index Term Link )
  secret keys
   for encryption ( Index Term Link ) ( Index Term Link )
  security-related roles ( Index Term Link )
  Solaris Secure Shell keys ( Index Term Link )
  stash file ( Index Term Link ) ( Index Term Link )
  System Administrator role ( Index Term Link )
  tickets with kinit ( Index Term Link )
 
 cred database
  adding client credential ( Index Term Link )
  adding user credential ( Index Term Link )
  DH authentication ( Index Term Link )
 
 cred table
  DH authentication and ( Index Term Link )
  information stored by server ( Index Term Link )
 
 credential
  cache ( Index Term Link )
  description ( Index Term Link ) ( Index Term Link )
  obtaining for a server ( Index Term Link )
  obtaining for a TGS ( Index Term Link )
  or tickets ( Index Term Link )
 
 credential table, adding single entry to ( Index Term Link )
 
 credentials, mapping ( Index Term Link )
 
 crontab files, authorizations required ( Index Term Link )
 
 cross-realm authentication, configuring ( Index Term Link )
 
 CRYPT_ALGORITHMS_ALLOW keyword, policy.conf file ( Index Term Link )
 
 CRYPT_ALGORITHMS_DEPRECATE keyword, policy.conf file ( Index Term Link )
 
 crypt_bsdbf password algorithm ( Index Term Link )
 
 crypt_bsdmd5 password algorithm ( Index Term Link )
 
 crypt command, file security ( Index Term Link )
 
 crypt.conf file
  changing with new password module ( Index Term Link )
  third-party password modules ( Index Term Link )
 
 CRYPT_DEFAULT keyword, policy.conf file ( Index Term Link )
 
 CRYPT_DEFAULT system variable ( Index Term Link )
 
 crypt_sha256 password algorithm ( Index Term Link )
 
 crypt_sunmd5 password algorithm ( Index Term Link ) ( Index Term Link )
 
 crypt_unix password algorithm ( Index Term Link ) ( Index Term Link )
 
 Crypto Management (RBAC)
  creating role ( Index Term Link )
  use of rights profile ( Index Term Link ) ( Index Term Link )
 
 cryptoadm command
  -m option ( Index Term Link ) ( Index Term Link )
  -p option ( Index Term Link ) ( Index Term Link )
  description ( Index Term Link )
  disabling cryptographic mechanisms ( Index Term Link ) ( Index Term Link )
  disabling hardware mechanisms ( Index Term Link )
  installing PKCS #11 library ( Index Term Link )
  listing providers ( Index Term Link )
  restoring kernel software provider ( Index Term Link )
 
 cryptoadm install command, installing PKCS #11 library ( Index Term Link )
 
 cryptographic framework
  administering with role ( Index Term Link )
  connecting providers ( Index Term Link )
  consumers ( Index Term Link )
  cryptoadm command ( Index Term Link ) ( Index Term Link )
  definition of terms ( Index Term Link )
  description ( Index Term Link )
  elfsign command ( Index Term Link ) ( Index Term Link )
  error messages ( Index Term Link )
  hardware plugins ( Index Term Link )
  installing providers ( Index Term Link )
  interacting with ( Index Term Link )
  listing providers ( Index Term Link ) ( Index Term Link )
  PKCS #11 library ( Index Term Link )
  providers ( Index Term Link ) ( Index Term Link )
  refreshing ( Index Term Link )
  registering providers ( Index Term Link )
  restarting ( Index Term Link )
  signing providers ( Index Term Link )
  task maps ( Index Term Link )
  user-level commands ( Index Term Link )
  zones and ( Index Term Link ) ( Index Term Link )
 
 cryptographic services, See cryptographic framework
 
 Cryptoki, See PKCS #11 library
 
 csh command, privileged version ( Index Term Link )
 
 Custom Operator (RBAC), creating role ( Index Term Link )
 
 customizing, manifests ( Index Term Link )
 
 customizing a report (BART) ( Index Term Link )