| | | | |
| P |
| |
| | p_minfree attribute, audit_warn condition (  ) |
| |
| | packages, Solaris Secure Shell ( ) |
| |
| | packet transfers |
| | | firewall security ( ) |
| | | packet smashing ( ) |
| |
| | PAM |
| | | adding a module ( ) |
| | | configuration file |
| | | | control flags ( ) |
| | | | introduction ( ) |
| | | | stacking diagrams ( ) |
| | | | stacking example ( ) |
| | | | stacking explained ( ) |
| | | | syntax ( ) |
| | | /etc/syslog.conf file ( ) |
| | | framework ( ) |
| | | Kerberos and ( ) ( ) |
| | | overview ( ) |
| | | planning ( ) |
| | | task map ( ) |
| |
| | pam.conf file |
| | | See PAM configuration file | |
| | | Kerberos and ( ) |
| |
| | pam_roles command, description ( ) |
| |
| | PAMAuthenticationViaKBDInt keyword, sshd_config file ( ) |
| |
| | panels, table of SEAM Administration Tool ( ) |
| |
| | passphrases |
| | | changing for Solaris Secure Shell ( ) |
| | | encrypt command ( ) |
| | | example ( ) |
| | | generating in KMF ( ) |
| | | mac command ( ) |
| | | storing safely ( ) |
| | | using for MAC ( ) |
| | | using in Solaris Secure Shell ( ) ( ) |
| |
| | PASSREQ in Solaris Secure Shell ( ) |
| |
| | passwd command |
| | | and kpasswd command ( ) |
| | | and name services ( ) |
| | | changing password of role ( ) |
| |
| | passwd file |
| | | and /etc/d_passwd file ( ) |
| | | ASET checks ( ) |
| |
| | password authentication, Solaris Secure Shell ( ) |
| |
| | PasswordAuthentication keyword, Solaris Secure Shell ( ) |
| |
| | passwords |
| | | authentication in Solaris Secure Shell ( ) |
| | | changing role password ( ) |
| | | changing with kpasswd command ( ) |
| | | changing with passwd -r command ( ) |
| | | changing with passwd command ( ) |
| | | creating for dial-up ( ) |
| | | dial-up passwords |
| | | | disabling temporarily ( ) |
| | | | /etc/d_passwd file ( ) |
| | | disabling dial-up temporarily ( ) |
| | | displaying users with no passwords ( ) |
| | | eliminating in Solaris Secure Shell ( ) |
| | | eliminating in Solaris Secure Shell in CDE ( ) |
| | | encryption algorithms ( ) |
| | | finding users with no passwords ( ) |
| | | granting access without revealing ( ) |
| | | hardware access and ( ) |
| | | installing third-party encryption module ( ) |
| | | LDAP ( ) |
| | | | specifying new password algorithm ( ) |
| | | local ( ) |
| | | login security ( ) ( ) ( ) |
| | | managing ( ) |
| | | modifying a principal's password ( ) |
| | | NIS ( ) |
| | | | specifying new password algorithm ( ) |
| | | NIS+ ( ) |
| | | | specifying new password algorithm ( ) |
| | | policies and ( ) |
| | | PROM security mode ( ) ( ) |
| | | protecting |
| | | | keystore ( ) |
| | | | PKCS #12 file ( ) |
| | | requiring for hardware access ( ) |
| | | secret-key decryption for Secure RPC ( ) |
| | | specifying algorithm ( ) |
| | | | in name services ( ) |
| | | | locally ( ) |
| | | suggestions on choosing ( ) |
| | | system logins ( ) ( ) |
| | | task map ( ) |
| | | UNIX and Kerberos ( ) |
| | | using Blowfish encryption algorithm for ( ) |
| | | using MD5 encryption algorithm for ( ) |
| | | using new algorithm ( ) |
| |
| | path_attr audit token ( ) ( ) |
| |
| | path audit policy, description ( ) |
| |
| | path audit token, format ( ) |
| |
| | PATH environment variable |
| | | and security ( ) |
| | | setting ( ) |
| |
| | PATH in Solaris Secure Shell ( ) |
| |
| | PERIODIC_SCHEDULE variable (ASET) ( ) ( ) |
| |
| | permissions |
| | | ACLs and ( ) |
| | | ASET handling of ( ) ( ) |
| | | changing file permissions |
| | | | absolute mode ( ) ( ) |
| | | | chmod command ( ) |
| | | | symbolic mode ( ) ( ) ( ) ( ) |
| | | defaults ( ) |
| | | directory permissions ( ) |
| | | file permissions |
| | | | absolute mode ( ) ( ) |
| | | | changing ( ) ( ) |
| | | | description ( ) |
| | | | special permissions ( ) ( ) |
| | | | symbolic mode ( ) ( ) ( ) ( ) |
| | | finding files with setuid permissions ( ) |
| | | setgid permissions |
| | | | absolute mode ( ) ( ) |
| | | | description ( ) |
| | | | symbolic mode ( ) |
| | | setuid permissions |
| | | | absolute mode ( ) ( ) |
| | | | description ( ) |
| | | | security risks ( ) |
| | | | symbolic mode ( ) |
| | | special file permissions ( ) ( ) ( ) |
| | | sticky bit ( ) |
| | | tune files (ASET) ( ) ( ) ( ) |
| | | UFS ACLs and ( ) |
| | | umask value ( ) |
| | | user classes and ( ) |
| |
| | PermitEmptyPasswords keyword, sshd_config file ( ) |
| |
| | PermitRootLogin keyword, sshd_config file ( ) |
| |
| | permitted privilege set ( ) |
| |
| | PermitUserEnvironment keyword, sshd_config file ( ) |
| |
| | perzone audit policy |
| | | description ( ) |
| | | setting ( ) |
| | | using ( ) ( ) ( ) |
| | | when to use ( ) |
| |
| | pfcsh command, description ( ) |
| |
| | pfexec command, description ( ) |
| |
| | pfksh command, description ( ) |
| |
| | pfsh command, description ( ) |
| |
| | physical security, description ( ) |
| |
| | PKCS #11 library |
| | | adding provider library ( ) |
| | | in Solaris Cryptographic Framework ( ) |
| |
| | PKCS #11 softtokens, managing keystore ( ) |
| |
| | PKCS #12 files, protecting ( ) |
| |
| | pkcs11_kernel.so user-level provider ( ) |
| |
| | pkcs11_softtoken.so user-level provider ( ) |
| |
| | pkgadd command |
| | | installing third-party providers ( ) |
| | | installing third-party software ( ) |
| |
| | PKI |
| | | managed by KMF ( ) |
| | | policy managed by KMF ( ) |
| |
| | pktool command |
| | | creating self-signed certificate ( ) |
| | | export subcommand ( ) |
| | | gencert subcommand ( ) |
| | | generating secret keys ( ) |
| | | import subcommand ( ) |
| | | list subcommand ( ) |
| | | managing PKI objects ( ) |
| | | setpin subcommand ( ) |
| |
| | plain.so.1 plug-in, SASL and ( ) |
| |
| | planning |
| | | auditing ( ) |
| | | auditing in zones ( ) |
| | | auditing task map ( ) |
| | | Kerberos |
| | | | client and service principal names ( ) |
| | | | clock synchronization ( ) |
| | | | configuration decisions ( ) |
| | | | database propagation ( ) |
| | | | number of realms ( ) |
| | | | ports ( ) |
| | | | realm hierarchy ( ) |
| | | | realm names ( ) |
| | | | realms ( ) |
| | | | slave KDCs ( ) |
| | | PAM ( ) |
| | | RBAC ( ) |
| |
| | pluggable authentication module, See PAM |
| |
| | plugin line |
| | | audit_control file ( ) |
| | | p_* attributes ( ) |
| | | qsize attribute ( ) |
| |
| | plugin_list option, SASL and ( ) |
| |
| | plugins |
| | | in audit service ( ) |
| | | in cryptographic framework ( ) |
| | | loaded by auditd daemon ( ) |
| | | SASL and ( ) |
| |
| | plus sign (+) |
| | | ACL entry ( ) |
| | | audit class prefix ( ) |
| | | entry in sulog file ( ) |
| | | file permissions symbol ( ) |
| |
| | policies |
| | | administering ( ) ( ) |
| | | creating (Kerberos) ( ) |
| | | creating new (Kerberos) ( ) |
| | | deleting ( ) |
| | | for auditing ( ) |
| | | modifying ( ) |
| | | on devices ( ) |
| | | overview ( ) |
| | | passwords and ( ) |
| | | SEAM Administration Tool panels for ( ) |
| | | specifying password algorithm ( ) |
| | | task map for administering ( ) |
| | | viewing attributes ( ) |
| | | viewing list of ( ) |
| |
| | policy |
| | | definition in cryptographic framework ( ) |
| | | definition in Solaris OS ( ) |
| |
| | policy.conf file |
| | | adding password encryption module ( ) |
| | | Basic Solaris User rights profile ( ) |
| | | description ( ) ( ) |
| | | keywords |
| | | | for password algorithms ( ) |
| | | | for privileges ( ) ( ) |
| | | | for RBAC authorizations ( ) |
| | | | for rights profiles ( ) |
| | | specifying encryption algorithms in ( ) |
| | | specifying password algorithm |
| | | | in name services ( ) |
| | | specifying password algorithms ( ) |
| |
| | port forwarding |
| | | configuring in Solaris Secure Shell ( ) |
| | | Solaris Secure Shell ( ) ( ) |
| |
| | Port keyword, Solaris Secure Shell ( ) |
| |
| | ports, for Kerberos KDC ( ) |
| |
| | postdated ticket |
| | | definition ( ) |
| | | description ( ) |
| |
| | postsigterm string, audit_warn script ( ) |
| |
| | pound sign (#) |
| | | device_allocate file ( ) |
| | | device_maps file ( ) |
| |
| | ppriv command |
| | | for debugging ( ) |
| | | listing privileges ( ) |
| |
| | praudit command |
| | | converting audit records to readable format ( ) ( ) |
| | | DTD for -x option ( ) |
| | | options ( ) |
| | | output formats ( ) |
| | | piping auditreduce output to ( ) |
| | | use in a script ( ) |
| | | viewing audit records ( ) |
| | | with no options ( ) |
| | | XML format ( ) |
| |
| | PreferredAuthentications keyword, ssh_config file ( ) |
| |
| | prefixes for audit classes ( ) |
| |
| | preselecting, audit classes ( ) |
| |
| | preselection in auditing ( ) |
| |
| | preselection mask (auditing) |
| | | description ( ) |
| | | reducing storage costs ( ) |
| | | system-wide ( ) |
| |
| | preventing |
| | | access to system hardware ( ) |
| | | audit trail overflow ( ) |
| | | executables from compromising security ( ) |
| | | kernel software provider use ( ) |
| | | use of hardware mechanism ( ) |
| |
| | primary, in principal names ( ) |
| |
| | Primary Administrator (RBAC) |
| | | assuming role ( ) |
| | | recommended role ( ) |
| | | rights profile contents ( ) |
| |
| | primary audit directory ( ) |
| |
| | principal |
| | | adding administration ( ) ( ) |
| | | adding service principal to keytab ( ) ( ) |
| | | administering ( ) ( ) |
| | | automating creation of ( ) |
| | | creating ( ) |
| | | creating clntconfig ( ) ( ) |
| | | creating host ( ) ( ) |
| | | deleting ( ) |
| | | duplicating ( ) |
| | | Kerberos ( ) |
| | | modifying ( ) |
| | | principal name ( ) |
| | | removing from keytab file ( ) |
| | | removing service principal from keytab ( ) |
| | | SEAM Administration Tool panels for ( ) |
| | | service principal ( ) |
| | | setting up defaults ( ) |
| | | task map for administering ( ) |
| | | user ID comparison ( ) |
| | | user principal ( ) |
| | | viewing attributes ( ) |
| | | viewing list of ( ) |
| | | viewing sublist of principals ( ) |
| |
| | principal file, description ( ) |
| |
| | principal.kadm5 file, description ( ) |
| |
| | principal.kadm5.lock file, description ( ) |
| |
| | principal.ok file, description ( ) |
| |
| | principal.ulog file, description ( ) |
| |
| | principle of least privilege ( ) |
| |
| | print format field, arbitrary token ( ) |
| |
| | Printer Management rights profile ( ) |
| |
| | printing, audit log ( ) |
| |
| | PrintMotd keyword, sshd_config file ( ) |
| |
| | priv.debug entry, syslog.conf file ( ) |
| |
| | PRIV_DEFAULT keyword |
| | | policy.conf file ( ) ( ) |
| |
| | PRIV_LIMIT keyword |
| | | policy.conf file ( ) ( ) |
| |
| | PRIV_PROC_LOCK_MEMORY privilege ( ) ( ) |
| |
| | privacy |
| | | availability ( ) |
| | | Kerberos and ( ) |
| | | security service ( ) |
| |
| | private keys |
| | | See also secret keys | |
| | | definition in Kerberos ( ) |
| | | Solaris Secure Shell identity files ( ) |
| |
| | private protection level ( ) |
| |
| | privilege audit token ( ) ( ) |
| |
| | privilege checking, in applications ( ) |
| |
| | privilege sets |
| | | adding privileges to ( ) |
| | | basic ( ) |
| | | effective ( ) |
| | | inheritable ( ) |
| | | limit ( ) |
| | | listing ( ) |
| | | permitted ( ) |
| | | removing privileges from ( ) |
| |
| | privileged application |
| | | authorization checking ( ) |
| | | description ( ) |
| | | ID checking ( ) |
| | | privilege checking ( ) |
| |
| | privileged ports, alternative to Secure RPC ( ) |
| |
| | privileges |
| | | adding to command ( ) |
| | | administering ( ) |
| | | assigning to a command ( ) |
| | | assigning to a script ( ) |
| | | assigning to a user ( ) |
| | | assigning to user or role ( ) |
| | | auditing and ( ) |
| | | categories ( ) |
| | | commands ( ) |
| | | compared to superuser model ( ) |
| | | debugging ( ) ( ) |
| | | description ( ) ( ) ( ) |
| | | determining directly assigned ones ( ) |
| | | devices and ( ) |
| | | differences from superuser model ( ) |
| | | effects on SEAM Administration Tool ( ) |
| | | escalation ( ) |
| | | executing commands with privilege ( ) |
| | | files ( ) |
| | | finding missing ( ) |
| | | how to use ( ) |
| | | implemented in sets ( ) |
| | | inherited by processes ( ) |
| | | limiting use by user or role ( ) |
| | | listing on a process ( ) |
| | | PRIV_PROC_LOCK_MEMORY ( ) ( ) |
| | | processes with assigned privileges ( ) |
| | | programs aware of privileges ( ) |
| | | protecting kernel processes ( ) |
| | | removing from a user ( ) |
| | | removing from basic set ( ) |
| | | removing from limit set ( ) |
| | | task map ( ) |
| | | troubleshooting requirements for ( ) |
| | | using in shell script ( ) |
| |
| | privileges file, description ( ) |
| |
| | PROC privileges ( ) |
| |
| | process audit characteristics |
| | | audit ID ( ) |
| | | audit session ID ( ) |
| | | process preselection mask ( ) |
| | | terminal ID ( ) |
| |
| | process audit class ( ) |
| |
| | process audit token, format ( ) |
| |
| | process modify audit class ( ) |
| |
| | process preselection mask, description ( ) |
| |
| | process privileges ( ) |
| |
| | process rights management, See privileges |
| |
| | process start audit class ( ) |
| |
| | processing time costs, of audit service ( ) |
| |
| | prof_attr database |
| | | description ( ) |
| | | summary ( ) |
| |
| | .profile file, path variable entry ( ) |
| |
| | profile shells, description ( ) |
| |
| | profiles, See rights profiles |
| |
| | profiles command, description ( ) |
| |
| | PROFS_GRANTED keyword, policy.conf file ( ) |
| |
| | programs |
| | | checking for RBAC authorizations ( ) |
| | | privilege-aware ( ) ( ) |
| |
| | project.max-locked-memory resource control ( ) ( ) |
| |
| | PROM security mode ( ) |
| |
| | propagation |
| | | KDC database ( ) |
| | | Kerberos database ( ) |
| |
| | protecting |
| | | BIOS, pointer to ( ) |
| | | by using passwords with cryptographic framework ( ) |
| | | contents of keystore ( ) |
| | | files with cryptographic framework ( ) |
| | | PROM ( ) |
| | | system from risky programs ( ) |
| |
| | protecting files |
| | | task map ( ) |
| | | user procedures ( ) |
| | | with ACLs ( ) |
| | | with ACLs task map ( ) |
| | | with UFS ACLs ( ) |
| | | with UNIX permissions ( ) ( ) |
| | | with UNIX permissions task map ( ) |
| |
| | protection level |
| | | clear ( ) |
| | | private ( ) |
| | | safe ( ) |
| | | setting in ftp ( ) |
| |
| | Protocol keyword, ssh_config file ( ) |
| |
| | providers |
| | | adding library ( ) |
| | | adding software provider ( ) |
| | | adding user-level software provider ( ) |
| | | connecting to cryptographic framework ( ) |
| | | definition as plugins ( ) ( ) |
| | | definition in cryptographic framework ( ) |
| | | disabling hardware mechanisms ( ) |
| | | installing ( ) |
| | | listing hardware providers ( ) |
| | | listing in cryptographic framework ( ) |
| | | preventing use of kernel software provider ( ) |
| | | registering ( ) |
| | | restoring use of kernel software provider ( ) |
| | | signing ( ) |
| |
| | proxiable ticket, definition ( ) |
| |
| | proxy ticket, definition ( ) |
| |
| | ProxyCommand keyword, ssh_config file ( ) |
| |
| | pseudo-tty, use in Solaris Secure Shell ( ) |
| |
| | PubkeyAuthentication keyword, Solaris Secure Shell ( ) |
| |
| | public audit policy |
| | | description ( ) |
| | | read-only events ( ) |
| |
| | public directories |
| | | auditing ( ) |
| | | sticky bit and ( ) |
| |
| | public key authentication, Solaris Secure Shell ( ) |
| |
| | public key cryptography |
| | | AUTH_DH client-server session ( ) |
| | | changing NFS public keys and secret keys ( ) |
| | | common keys |
| | | | calculation ( ) |
| | | database of public keys for Secure RPC ( ) |
| | | generating keys |
| | | | conversation keys for Secure NFS ( ) |
| | | | using Diffie-Hellman ( ) |
| | | NFS secret keys ( ) |
| |
| | public key technologies, See PKI |
| |
| | public keys |
| | | changing passphrase ( ) |
| | | DH authentication and ( ) |
| | | generating public-private key pair ( ) |
| | | Solaris Secure Shell identity files ( ) |
| |
| | public objects, auditing ( ) |
| |
| | publickey map, DH authentication ( ) |
| |
| | pwcheck_method option, SASL and ( ) |
