Oracle Solaris Trusted Extensions Administrator's Procedures


Numbers and Symbols

	`-o nobanner` option to `lp` command ( )


A

	access, See computer access

	access policy
		devices ( )
		Discretionary Access Control (DAC) ( ) ( )
		Mandatory Access Control (MAC) ( )

	accessing
		Admin Editor action ( )
		administrative tools ( )
		audit records by label ( )
		devices ( )
		global zone ( )
		home directories ( )
		printers ( )
		remote multilevel desktop ( )
		Solaris Management Console ( )
		trusted CDE actions ( )
		ZFS dataset mounted in lower-level zone from higher-level zone ( )

	account locking, preventing ( )

	accounts
		See roles
		See also users

	accreditation checks ( )

	accreditation ranges, `label_encodings` file ( )

	actions
		See also individual actions by name
		adding new Trusted CDE actions ( )
		Admin Editor ( )
		Device Allocation Manager ( ) ( )
		list of trusted CDE ( )
		Name Service Switch ( )
		restricted by rights profiles ( )
		use differences between CDE and Trusted CDE ( )

	`add_allocatable` command ( )

	Add Allocatable Device action ( )

	Admin Editor action ( )
		opening ( )

	`ADMIN_HIGH` label ( )

	`ADMIN_LOW` label
		lowest label ( )
		protecting administrative files ( )

	administering
		account locking ( )
		assigning device authorizations ( )
		audio device to play music ( )
		auditing in Trusted Extensions ( )
		changing label of information ( )
		convenient authorizations for users ( )
		device allocation ( )
		device authorizations ( )
		devices ( ) ( )
		file systems
			mounting ( )
			overview ( )
			troubleshooting ( )
		files
			backing up ( )
			restoring ( )
		from the global zone ( )
		labeled printing ( )
		LDAP ( )
		mail ( )
		multilevel ports ( )
		network in Trusted Extensions ( )
		network of users ( )
		PostScript printing ( )
		printing in Trusted Extensions ( )
		printing interoperability with Trusted Solaris 8 ( )
		quick reference for administrators ( )
		remote host database ( )
		remote host templates ( )
		remotely ( )
		remotely from command line ( )
		remotely with `dtappsession` ( )
		remotely with Solaris Management Console ( ) ( )
		routes with security attributes ( )
		serial line for login ( )
		sharing file systems ( )
		startup files for users ( )
		Sun Ray printing ( )
		system files ( )
		third-party software ( )
		timeout when relabeling information ( )
		trusted network databases ( )
		trusted networking ( )
		unlabeled printing ( )
		user privileges ( )
		users ( ) ( )
		zones ( )
		zones from Trusted JDS ( )

	Administering Trusted Extensions Remotely (Task Map) ( )

	administrative actions
		See also actions
		accessing ( )
		in CDE ( )
		in Trusted_Extensions folder ( )
		list of trusted CDE ( )
		starting remotely ( ) ( )
		trusted ( )

	administrative labels ( )

	administrative roles, See roles

	Administrative Roles tool ( )

	administrative tools
		accessing ( )
		commands ( )
		description ( )
		Device Allocation Manager ( )
		in Trusted_Extensions folder ( )
		label builder ( )
		Labeled Zone Manager ( )
		Solaris Management Console ( ) ( )
		Trusted CDE actions ( )
		`txzonemgr` script ( )

	`allocate` command ( )

	Allocate Device authorization ( ) ( ) ( ) ( )

	allocate error state, correcting ( )

	allocating, using Device Allocation Manager ( )

	applications
		evaluating for security ( )
		installing ( )
		trusted and trustworthy ( )

	assigning
		editor as the trusted editor ( )
		privileges to users ( )
		rights profiles ( )

	Assume Role menu item ( )

	assuming, roles ( )

	`atohexlabel` command ( ) ( )

	audio devices
		automatically starting an audio player ( )
		preventing remote allocation ( )

	`audit_class` file, action for editing ( )

	Audit Classes action ( )

	audit classes for Trusted Extensions, list of new X audit classes ( )

	Audit Control action ( )

	`audit_control` file, action for editing ( )

	`audit_event` file ( )

	Audit Events action ( )

	audit events for Trusted Extensions, list of ( )

	audit policy in Trusted Extensions ( )

	audit records in Trusted Extensions, policy ( )

	Audit Review profile, reviewing audit records ( )

	Audit Startup action ( )

	`audit_startup` command, action for editing ( )

	Audit Tasks of the System Administrator ( )

	audit tokens for Trusted Extensions
		`label` token ( )
		list of ( )
		`xatom` token ( )
		`xclient` token ( )
		`xcolormap` token ( )
		`xcursor` token ( )
		`xfont` token ( )
		`xgc` token ( )
		`xpixmap` token ( )
		`xproperty` token ( )
		`xselect` token ( )
		`xwindow` token ( )

	`auditconfig` command ( )

	auditing in Trusted Extensions
		additional audit events ( )
		additional audit policies ( )
		additional audit tokens ( )
		additions to existing auditing commands ( )
		differences from Solaris auditing ( )
		reference ( )
		roles for administering ( )
		security administrator tasks ( )
		system administrator tasks ( )
		tasks ( )
		X audit classes ( )

	`auditreduce` command ( )

	authorizations
		adding new device authorizations ( )
		Allocate Device ( ) ( ) ( )
		assigning ( )
		assigning device authorizations ( )
		authorizing a user or role to change label ( )
		Configure Device Attributes ( )
		convenient for users ( )
		creating customized device authorizations ( )
		creating local and remote device authorizations ( )
		customizing for devices ( )
		granted ( )
		Print Postscript ( )
		Print PostScript ( )
		profiles that include device allocation authorizations ( )
		Revoke or Reclaim Device ( ) ( )
		`solaris.print.nobanner` ( )
		`solaris.print.ps` ( )

	authorizing
		device allocation ( )
		PostScript printing ( )
		unlabeled printing ( )

	`automount` command ( )


B

	Backing Up, Sharing, and Mounting Labeled Files (Task Map) ( )

	banner pages
		description of labeled ( )
		difference from trailer page ( )
		printing without labels ( )
		typical ( )

	body pages
		description of labeled ( )
		unlabeled for all users ( )
		unlabeled for specific users ( )


C

	cascade printing ( )

	CD-ROM drives
		accessing ( )
		playing music automatically ( )

	CDE actions, See actions

	Change Password menu item
		description ( )
		using to change `root` password ( )

	changing
		`IDLETIME` keyword ( )
		labels by authorized users ( )
		rules for label changes ( )
		security level of data ( )
		Selection Confirmer defaults ( )
		system security defaults ( )
		user privileges ( )

	Check Encodings action ( )

	Check TN Files action ( )

	`chk_encodings` command ( )
		action for invoking ( )

	choosing, See selecting

	classification label component ( )

	clearances, label overview ( )

	Clone Zone action ( )

	colors, indicating label of workspace ( )

	commands
		executing with privilege ( )
		troubleshooting networking ( )
		`trusted_edit` trusted editor ( )

	commercial applications, evaluating ( )

	Common Tasks in Trusted Extensions (Task Map) ( )

	compartment label component ( )

	component definitions, `label_encodings` file ( )

	computer access
		administrator responsibilities ( )
		restricting ( )

	Computers and Networks tool
		adding known hosts ( ) ( )
		modifying `tnrhdb` database ( )

	Computers and Networks tool set ( )

	Configure Device Attributes authorization ( )

	Configure Selection Confirmation action ( )

	Configure Zone action ( )

	configuring
		audio device to play music ( )
		auditing ( )
		authorizations for devices ( )
		devices ( )
		labeled printing ( )
		routes with security attributes ( )
		serial line for login ( )
		startup files for users ( )
		trusted network ( )

	Configuring Labeled Printing (Task Map) ( )

	Configuring Routes and Checking Network Information in Trusted Extensions (Task Map) ( )

	Configuring Trusted Network Databases (Task Map) ( )

	controlling, See restricting

	`.copy_files` file
		description ( )
		setting up for users ( ) ( )
		startup file ( )

	Copy Zone action ( )

	Create LDAP Client action ( )

	creating
		authorizations for devices ( )
		home directories ( )

	customizing
		device authorizations ( )
		`label_encodings` file ( )
		unlabeled printing ( )
		user accounts ( )

	Customizing Device Authorizations in Trusted Extensions (Task Map) ( )

	Customizing User Environment for Security (Task Map) ( )

	cut and paste, and labels ( )

	cutting and pasting, configuring rules for label changes ( )


D

	DAC, See discretionary access control (DAC)

	databases
		devices ( )
		in LDAP ( )
		trusted network ( )

	datasets, See ZFS

	`deallocate` command ( )

	deallocating, forcing ( )

	debugging, See troubleshooting

	desktops
		accessing multilevel remotely ( )
		logging in to a failsafe session ( )
		workspace color changes ( )

	`/dev/kmem` kernel image file, security violation ( )

	developer responsibilities ( )

	device allocation
		authorizing ( )
		overview ( )
		preventing File Manager display ( )
		profiles that include allocation authorizations ( )

	Device Allocation Manager
		administrative tool ( )
		description ( )

	`device-clean` scripts
		adding to devices ( )
		requirements ( )

	device databases, action for editing ( )

	Device Manager
		administrative tool ( )
		use by administrators ( )

	devices
		access policy ( )
		accessing ( ) ( )
		adding customized authorizations ( )
		adding `device_clean` script ( )
		administering ( )
		administering with Device Manager ( )
		allocating ( )
		automatically starting an audio player ( )
		configuring devices ( )
		configuring serial line ( )
		creating new authorizations ( )
		in Trusted Extensions ( )
		policy defaults ( )
		preventing remote allocation of audio ( )
		protecting ( )
		protecting nonallocatable ( )
		reclaiming ( )
		setting label range for nonallocatable ( )
		setting policy ( )
		setting up audio ( )
		troubleshooting ( )
		using ( )

	`dfstab` file
		action for editing ( )
		for `public` zone ( )

	differences
		administrative interfaces in Trusted Extensions ( )
		between Trusted Extensions and Solaris auditing ( )
		between Trusted Extensions and Solaris OS ( )
		defaults in Trusted Extensions ( )
		extending Solaris interfaces ( )
		limited options in Trusted Extensions ( )

	directories
		accessing lower-level ( )
		authorizing a user or role to change label of ( )
		mounting ( )
		sharing ( )

	discretionary access control (DAC) ( )

	diskettes, accessing ( )

	displaying
		labels of file systems in labeled zone ( )
		status of every zone ( )

	DOI, remote host templates ( )

	dominance of labels ( )

	Downgrade DragNDrop or CutPaste Info authorization ( )

	Downgrade File Label authorization ( )

	downgrading labels, configuring rules for selection confirmer ( )

	DragNDrop or CutPaste without viewing contents authorization ( )

	`dtappsession` command ( )

	`dtsession` command, running `updatehome` ( )

	`dtterm` terminal, forcing the sourcing of `.profile` ( )

	`dtwm` command ( )


E

	Edit Encodings action ( )

	editing
		system files ( )
		using trusted editor ( )

	enabling
		DOI different from `1` ( )
		keyboard shutdown ( )

	`/etc/default/kbd` file, how to edit ( )

	`/etc/default/login` file, how to edit ( )

	`/etc/default/passwd` file, how to edit ( )

	`/etc/default/print` file ( )

	`/etc/dfs/dfstab` file ( )

	`/etc/dfs/dfstab` file for `public` zone ( )

	`/etc/dt/config/sel_config` file ( )

	`/etc/hosts` file ( ) ( )

	`/etc/motd` file, action for editing ( )

	`/etc/nsswitch.conf` file ( )

	`/etc/resolv.conf` file ( )

	`/etc/rmmount.conf` file ( ) ( )

	`/etc/security/audit_class` file ( )

	`/etc/security/audit_control` file ( )

	`/etc/security/audit_event` file ( )

	`/etc/security/audit_startup` file ( )

	`/etc/security/policy.conf` file
		defaults ( )
		enabling PostScript printing ( )
		how to edit ( )
		modifying ( )

	`/etc/security/tsol/label_encodings` file ( )

	evaluating programs for security ( )

	exporting, See sharing


F

	failsafe session, logging in ( )

	fallback mechanism
		for remote hosts ( )
		in `tnrhdb` ( )
		using for network configuration ( )

	File Manager, preventing display after device allocation ( )

	file systems
		mounting in global and labeled zones ( )
		NFS mounts ( )
		NFSv3 ( )
		sharing ( )
		sharing in global and labeled zones ( )

	files
		accessing from dominating labels ( )
		authorizing a user or role to change label of ( )
		backing up ( )
		`.copy_files` ( ) ( ) ( )
		editing with trusted editor ( )
		`/etc/default/kbd` ( )
		`/etc/default/login` ( )
		`/etc/default/passwd` ( )
		`/etc/default/print` ( )
		`/etc/dfs/dfstab` ( )
		`/etc/dt/config/sel_config` ( )
		`/etc/motd` ( )
		`/etc/nsswitch.conf` ( )
		`/etc/resolv.conf` ( )
		`/etc/rmmount.conf` ( )
		`/etc/security/audit_class` ( )
		`/etc/security/audit_control` ( )
		`/etc/security/audit_event` ( )
		`/etc/security/audit_startup` ( )
		`/etc/security/policy.conf` ( ) ( ) ( )
		`/etc/security/tsol/label_encodings` ( )
		`getmounts` ( )
		`getzonelabels` ( )
		`.gtkrc-mine` ( )
		`.link_files` ( ) ( ) ( )
		loopback mounting ( )
		`office-install-directory/VCL.xcu` ( )
		`policy.conf` ( )
		PostScript ( )
		preventing access from dominating labels ( )
		relabeling privileges ( )
		restoring ( )
		`sel_config` file ( )
		startup ( )
		`/usr/dt/bin/sel_mgr` ( )
		`/usr/dt/config/sel_config` ( ) ( )
		`/usr/lib/lp/postscript/tsol_separator.ps` ( )
		`/usr/sbin/txzonemgr` ( ) ( )
		`/usr/share/gnome/sel_config` ( )
		`VCL.xcu` ( )

	files and file systems
		mounting ( )
		naming ( )
		sharing ( )

	finding
		label equivalent in hexadecimal ( )
		label equivalent in text format ( )

	Firefox, lengthening timeout when relabeling ( )

	floppies, See diskettes

	floppy disks, See diskettes

	Front Panel, Device Allocation Manager ( )


G

	gateways
		accreditation checks ( )
		example of ( )

	`getlabel` command ( )

	`getmounts` script ( )

	Getting Started as a Trusted Extensions Administrator (Task Map) ( )

	`getzonelabels` script ( )

	`getzonepath` command ( )

	global zone
		difference from labeled zones ( )
		entering ( )
		exiting ( )
		remote login by users ( )

	GNOME ToolKit (GTK) library, lengthening timeout when relabeling ( )

	groups
		deletion precautions ( )
		security requirements ( )

	`.gtkrc-mine` file ( )


H

	Handling Devices in Trusted Extensions (Task Map) ( )

	Handling Other Tasks in the Solaris Management Console (Task Map) ( )

	`hextoalabel` command ( ) ( )

	home directories
		accessing ( )
		creating ( )

	host types
		networking ( ) ( )
		remote host templates ( )
		table of templates and protocols ( )

	hosts
		assigning a template ( ) ( )
		assigning to security template ( )
		entering in network files ( )
		networking concepts ( )

	hot key, regaining control of desktop focus ( )


I

	icon visibility
		in the File Manager ( )
		in the Workspace Menu ( )

	`IDLECMD` keyword, changing default ( )

	`IDLETIME` keyword, changing default ( )

	`ifconfig` command ( ) ( )

	importing, software ( )

	Initialize Zone for LDAP action ( )

	Install Zone action ( )

	interfaces
		assigning to security template ( )
		verifying they are up ( )

	internationalizing, See localizing

	interoperability, Trusted Solaris 8 and printing ( )

	IP addresses
		fallback mechanism in `tnrhdb` ( )
		in `tnrhdb` database ( )
		in `tnrhdb` file ( )


J

	Java archive (JAR) files, installing ( )


K

	key combinations, testing if grab is trusted ( )

	keyboard shutdown, enabling ( )

	`kmem` kernel image file ( )


L

	`label` audit token ( )

	`label_encodings` file
		action for editing and checking ( )
		contents ( )
		reference for labeled printing ( )
		source of accreditation ranges ( )

	label ranges
		restricting printer label range ( )
		setting on frame buffers ( )
		setting on printers ( )

	labeled printing
		banner pages ( )
		body pages ( )
		PostScript files ( )
		removing label ( )
		removing PostScript restriction ( )
		Sun Ray clients ( )
		without banner page ( ) ( )

	labeled zones, See zones

	labels
		See also label ranges
		authorizing a user or role to change label of data ( )
		classification component ( )
		compartment component ( )
		configuring rules for label changes ( )
		default in remote host templates ( )
		described ( )
		determining text equivalents ( )
		displaying in hexadecimal ( )
		displaying labels of file systems in labeled zone ( )
		dominance ( )
		downgrading and upgrading ( )
		of processes ( )
		of user processes ( )
		on printer output ( )
		overview ( )
		printing without page labels ( )
		relationships ( )
		repairing in internal databases ( )
		troubleshooting ( )
		well-formed ( )

	LDAP
		action for creating global zone clients ( )
		displaying entries ( )
		managing the naming service ( )
		naming service for Trusted Extensions ( )
		starting ( )
		stopping ( )
		troubleshooting ( )
		Trusted Extensions databases ( )

	lengthening timeout, for relabeling ( )

	limiting, defined hosts on the network ( )

	`.link_files` file
		description ( )
		setting up for users ( )
		startup file ( )

	`list_devices` command ( )

	localizing, changing labeled printer output ( )

	login
		by roles ( )
		configuring serial line ( )
		remote by roles ( )

	logout, requiring ( )


M

	MAC, See mandatory access control (MAC)

	mail
		administering ( )
		implementation in Trusted Extensions ( )
		multilevel ( )

	man pages, quick reference for Trusted Extensions administrators ( )

	managing, See administering

	Managing Devices in Trusted Extensions (Task Map) ( )

	Managing Printing in Trusted Extensions (Task Map) ( )

	Managing Software in Trusted Extensions (Tasks) ( )

	Managing Trusted Networking (Task Map) ( )

	Managing Users and Rights With the Solaris Management Console (Task Map) ( )

	Managing Zones (Task Map) ( )

	mandatory access control (MAC)
		enforcing on the network ( )
		in Trusted Extensions ( )

	maximum labels, remote host templates ( )

	minimum labels, remote host templates ( )

	MLPs, See multilevel ports (MLPs)

	modifying, `sel_config` file ( )

	`motd` file, action for editing ( )

	mounting
		file systems ( )
		files by loopback mounting ( )
		NFSv3 file systems ( )
		overview ( )
		troubleshooting ( )
		ZFS dataset on labeled zone ( )

	Mozilla, lengthening timeout when relabeling ( )

	multiheaded system, trusted stripe ( )

	multilevel mounts, NFS protocol versions ( )

	multilevel ports (MLPs)
		administering ( )
		example of NFSv3 MLP ( )
		example of web proxy MLP ( )

	multilevel printing
		accessing by print client ( )
		configuring ( )
		Sun Ray clients ( )


N

	Name Service Switch action ( ) ( )

	names of file systems ( )

	naming services
		databases unique to Trusted Extensions ( )
		LDAP ( )
		managing LDAP ( )

	`net_mac_aware` privilege ( )

	`netstat` command ( ) ( ) ( )

	network, See trusted network

	network databases
		action for checking ( )
		description ( )
		in LDAP ( )

	network packets ( )

	networking concepts ( )

	NFS mounts
		accessing lower-level directories ( )
		in global and labeled zones ( )

	nonallocatable devices
		protecting ( )
		setting label range ( )

	`nsswitch.conf` file, action for editing ( )


O

	`office-install-directory/VCL.xcu` ( )

	OpenOffice, See StarOffice


P

	packages, accessing the media ( )

	passwords
		assigning ( )
		Change Password menu item ( ) ( )
		changing for `root` ( )
		changing user passwords ( )
		storage ( )
		testing if password prompt is trusted ( )

	`plabel` command ( )

	`policy.conf` file
		changing defaults ( )
		changing Trusted Extensions keywords ( )
		defaults ( )
		how to edit ( )

	PostScript
		enabling to print ( )
		printing restrictions in Trusted Extensions ( )

	preventing, See protecting

	Print Postscript authorization ( ) ( ) ( )

	Print without Banner authorization ( ) ( )

	Print without Label authorization ( )

	printer output, See printing

	printers, setting label range ( )

	printing
		adding conversion filters ( )
		and `label_encodings` file ( )
		authorizations for unlabeled output from a public system ( )
		configuring for multilevel labeled output ( )
		configuring for print client ( )
		configuring for Sun Ray clients ( )
		configuring labeled zone ( )
		configuring labels and text ( )
		configuring public print jobs ( )
		in local language ( )
		internationalizing labeled output ( )
		interoperability with Trusted Solaris 8 ( )
		labeling a Solaris print server ( )
		localizing labeled output ( )
		managing ( )
		model scripts ( )
		PostScript files ( )
		PostScript restrictions in Trusted Extensions ( )
		preventing labels on output ( )
		public jobs from a Solaris print server ( )
		removing PostScript restriction ( )
		restricting label range ( )
		using a Solaris print server ( )
		without labeled banners and trailers ( ) ( )
		without page labels ( ) ( )

	privileges
		changing defaults for users ( )
		non-obvious reasons for requiring ( )
		removing `proc_info` from basic set ( )
		restricting users' ( )
		when executing commands ( )

	`proc_info` privilege, removing from basic set ( )

	procedures, See tasks and task maps

	processes
		labels of ( )
		labels of user processes ( )
		preventing users from seeing others' processes ( )

	profiles, See rights profiles

	programs, See applications

	protecting
		devices ( ) ( )
		devices from remote allocation ( )
		file systems by using non-proprietary names ( )
		files at lower labels from being accessed ( )
		from access by arbitrary hosts ( )
		information with labels ( )
		labeled hosts from contact by arbitrary unlabeled hosts ( )
		nonallocatable devices ( )


R

	real UID of root, required for applications ( )

	Reducing Printing Restrictions in Trusted Extensions (Task Map) ( )

	regaining control of desktop focus ( )

	regular users, See users

	relabeling information ( )

	remote administration
		defaults ( )
		methods ( )

	remote host templates
		assigning ( )
		assigning to hosts ( )
		creating ( )
		tool for administering ( )

	remote hosts, using fallback mechanism in `tnrhdb` ( )

	Remote Login authorization ( )

	remote multilevel desktop, accessing ( )

	removable media, mounting ( )

	`remove_allocatable` command ( )

	removing, labels on printer output ( )

	repairing, labels in internal databases ( )

	`resolv.conf` file, action for editing ( )

	Restart Zone action ( )

	restoring control of desktop focus ( )

	restricting
		access to computer based on label ( )
		access to devices ( )
		access to global zone ( )
		access to lower-level files ( )
		access to printers with labels ( )
		actions by rights profiles ( )
		mounts of lower-level files ( )
		printer access with labels ( )
		printer label range ( )
		remote access ( )

	Revoke or Reclaim Device authorization ( ) ( )

	rights, See rights profiles

	rights profiles
		assigning ( )
		controlling the use of actions ( )
		Convenient Authorizations ( )
		with Allocate Device authorization ( )
		with device allocation authorizations ( )
		with new device authorizations ( )

	Rights tool ( )

	`rmmount.conf` file ( ) ( )

	role workspace, global zone ( )

	roles
		administering auditing ( )
		administering remotely ( ) ( )
		assigning rights ( )
		assuming ( ) ( )
		creating ( )
		leaving role workspace ( )
		remote login ( )
		role assumption from unlabeled host ( )
		trusted application access ( )
		workspaces ( )

	root UID, required for applications ( )

	`route` command ( ) ( )

	routing ( )
		accreditation checks ( )
		commands in Trusted Extensions ( )
		concepts ( )
		example of ( )
		static with security attributes ( )
		tables ( ) ( )
		using `route` command ( )


S

	scripts
		`getmounts` ( )
		`getzonelabels` ( )
		`/usr/sbin/txzonemgr` ( ) ( )

	secure attention, key combination ( )

	Security Administrator role
		administering network of users ( )
		administering PostScript restriction ( )
		administering printer security ( )
		assigning authorizations to users ( )
		audit tasks ( )
		configuring a device ( )
		configuring serial line for login ( )
		creating Convenient Authorizations rights profile ( )
		enabling unlabeled body pages from a public system ( )
		enforcing security ( )
		modifying window configuration files ( )
		protecting nonallocatable devices ( )

	security administrators, See Security Administrator role

	security attributes ( )
		modifying defaults for all users ( )
		modifying user defaults ( )
		setting for remote hosts ( )
		using in routing ( )

	security information, on printer output ( )

	security label set, remote host templates ( )

	security mechanisms
		extensible ( )
		Solaris ( )

	security policy
		auditing ( )
		training users ( )
		users and devices ( )

	security templates, See remote host templates

	Security Templates tool ( ) ( )
		assigning templates ( )
		modifying `tnrhdb` ( ) ( )
		using ( )

	`sel_config` file ( )
		action for editing ( )
		configuring selection transfer rules ( )

	`sel_mgr` application ( )

	selecting, audit records by label ( )

	Selection Confirmer, changing defaults ( )

	Selection Manager
		changing timeout ( )
		configuring rules for selection confirmer ( )

	Selection Manager application ( )

	serial line, configuring for logins ( )

	service management facility (SMF), Trusted Extensions service ( )

	session range ( )

	sessions, failsafe ( )

	Set Daily Message action ( )

	Set Default Routes action ( )

	Set DNS Servers action ( )

	`setlabel` command ( )

	Share Filesystems action ( )

	Share Logical Interface action ( )

	Share Physical Interface action ( )

	sharing, ZFS dataset from labeled zone ( )

	Shut Down Zone action ( )

	Shutdown authorization ( )

	similarities
		between Trusted Extensions and Solaris auditing ( )
		between Trusted Extensions and Solaris OS ( )

	single-label operation ( )

	single-label printing, configuring for a zone ( )

	`smtnrhdb` command ( )

	`smtnrhtp` command ( )

	`smtnzonecfg` command ( )

	`snoop` command ( ) ( )

	software
		administering third-party ( )
		importing ( )
		installing Java programs ( )

	Solaris Management Console
		administering trusted network ( )
		administering users ( )
		Computers and Networks tool ( )
		description of tools and toolboxes ( )
		Security Templates tool ( ) ( )
		starting ( )
		toolboxes ( )
		Trusted Network Zones tool ( )

	Solaris OS
		differences from Trusted Extensions ( )
		differences from Trusted Extensions auditing ( )
		similarities with Trusted Extensions ( )
		similarities with Trusted Extensions auditing ( )

	`solaris.print.nobanner` authorization ( ) ( )

	`solaris.print.ps` authorization ( )

	`solaris.print.unlabeled` authorization ( )

	StarOffice, lengthening timeout when relabeling ( )

	Start Zone action ( )

	startup files, procedures for customizing ( )

	`Stop-A`, enabling ( )

	Sun Ray systems
		configuring network printer ( )
		enabling initial contact between client and server ( )
		preventing users from seeing others' processes ( )
		`tnrhdb` address for client contact ( )

	System Administrator role
		adding `device_clean` script ( )
		adding print conversion filters ( )
		administering printers ( )
		audit tasks ( )
		enabling music to play automatically ( )
		preventing File Manager display ( )
		reclaiming a device ( )
		reviewing audit records ( )

	system files
		editing ( ) ( )
		Solaris `/etc/default/print` ( )
		Solaris `policy.conf` ( )
		Trusted Extensions `sel_config` ( )
		Trusted Extensions `tsol_separator.ps` ( )


T

	tape devices, accessing ( )

	`tar` command ( )

	tasks and task maps
		Administering Trusted Extensions Remotely (Task Map) ( )
		Audit Tasks of the Security Administrator ( )
		Audit Tasks of the System Administrator ( )
		Backing Up, Sharing, and Mounting Labeled Files (Task Map) ( )
		Common Tasks in Trusted Extensions (Task Map) ( )
		Configuring Labeled Printing (Task Map) ( )
		Configuring Routes and Checking Network Information in Trusted Extensions (Task Map) ( )
		Configuring Trusted Network Databases (Task Map) ( )
		Customizing Device Authorizations in Trusted Extensions (Task Map) ( )
		Customizing User Environment for Security (Task Map) ( )
		Getting Started as a Trusted Extensions Administrator (Task Map) ( )
		Handling Devices in Trusted Extensions (Task Map) ( )
		Handling Other Tasks in the Solaris Management Console (Task Map) ( )
		Managing Devices in Trusted Extensions (Task Map) ( )
		Managing Printing in Trusted Extensions (Task Map) ( )
		Managing Software in Trusted Extensions (Tasks) ( )
		Managing Trusted Networking (Task Map) ( )
		Managing Users and Rights With the Solaris Management Console ( )
		Managing Zones (Task Map) ( )
		Reducing Printing Restrictions in Trusted Extensions (Task Map) ( )
		Troubleshooting the Trusted Network (Task Map) ( )
		Using Devices in Trusted Extensions (Tasks Map) ( )

	text label equivalents, determining ( )

	Thunderbird, lengthening timeout when relabeling ( )

	`tnchkdb` command
		action for checking ( )
		description ( )
		summary ( )

	`tnctl` command
		description ( )
		summary ( )
		updating kernel cache ( )
		using ( )

	`tnd` command
		description ( )
		summary ( )

	`tninfo` command
		description ( )
		summary ( )
		using ( ) ( )

	`tnrhdb` database
		0.0.0.0 host address ( ) ( )
		0.0.0.0 wildcard address ( )
		action for checking ( )
		adding to ( )
		configuring ( )
		entry for Sun Ray servers ( )
		fallback mechanism ( ) ( )
		tool for administering ( )
		wildcard address ( )

	`tnrhtp` database
		action for checking ( )
		adding to ( )
		tool for administering ( )

	toolboxes, defined ( )

	tools, See administrative tools

	Tools subpanel, Device Allocation Manager ( )

	trailer pages, See banner pages

	translation, See localizing

	troubleshooting
		failed login ( )
		LDAP ( )
		mounted file systems ( )
		network ( )
		reclaiming a device ( )
		repairing labels in internal databases ( )
		trusted network ( )
		verifying interface is up ( )
		viewing ZFS dataset mounted in lower-level zone ( )

	Troubleshooting the Trusted Network (Task Map) ( )

	trusted actions, in CDE ( )

	trusted applications, in a role workspace ( )

	`trusted_edit` trusted editor ( )

	trusted editor
		assigning your favorite editor ( )
		starting ( )

	Trusted Extensions
		differences from Solaris auditing ( )
		differences from Solaris OS ( )
		man pages quick reference ( )
		quick reference to administration ( )
		similarities with Solaris auditing ( )
		similarities with Solaris OS ( )

	Trusted Extensions DOI, enabling DOI different from `1` ( )

	Trusted_Extensions folder
		location ( )
		using actions in ( )
		using Admin Editor from ( )

	trusted grab, key combination ( )

	trusted network
		0.0.0.0 `tnrhdb` entry ( )
		action for setting default routes ( )
		administering with Solaris Management Console ( )
		checking syntax of files ( )
		concepts ( )
		default labeling ( )
		editing local files ( )
		example of routing ( )
		host types ( )
		labels and MAC enforcement ( )
		using templates ( )

	Trusted Network tools
		description ( )
		using ( )

	Trusted Network Zones tool
		configuring a multilevel port ( )
		configuring a multilevel print server ( )
		creating a multilevel port ( )
		description ( ) ( )

	trusted path attribute, when available ( )

	Trusted Path menu, Assume Role ( )

	trusted processes
		in the window system ( )
		starting actions ( )

	trusted programs
		adding ( )
		defined ( )

	trusted stripe
		on multiheaded system ( )
		warping pointer to ( )

	trustworthy programs ( )

	`tsol_separator.ps` file
		configurable values ( )
		customizing labeled printing ( )


U

	unlabeled printing, configuring ( )

	`updatehome` command ( ) ( )

	Upgrade DragNDrop or CutPaste Info authorization ( )

	Upgrade File Label authorization ( )

	upgrading labels, configuring rules for selection confirmer ( )

	User Accounts tool ( )

	users
		accessing devices ( ) ( )
		accessing printers ( )
		assigning authorizations to ( )
		assigning labels ( )
		assigning passwords ( )
		assigning rights ( )
		assigning roles to ( )
		authorizations for ( )
		Change Password menu item ( )
		changing default privileges ( )
		creating ( )
		customizing environment ( )
		deletion precautions ( )
		labels of processes ( )
		lengthening timeout when relabeling ( )
		logging in remotely to the global zone ( )
		logging in to a failsafe session ( )
		modifying security defaults ( )
		modifying security defaults for all users ( )
		planning for ( )
		preventing account locking ( )
		preventing from seeing others' processes ( )
		printing ( )
		removing some privileges ( )
		restoring control of desktop focus ( )
		security precautions ( )
		security training ( ) ( ) ( )
		session range ( )
		setting up skeleton directories ( )
		startup files ( )
		using `.copy_files` file ( )
		using `.link_files` file ( )
		using devices ( )

	Using Devices in Trusted Extensions (Task Map) ( )

	`/usr/dt/bin/sel_mgr` application ( )

	`/usr/dt/bin/trusted_edit` trusted editor ( )

	`/usr/dt/config/sel_config` file ( )

	`/usr/lib/lp/postscript/tsol_separator.ps` file, labeling printer output ( )

	`/usr/local/scripts/getmounts` script ( )

	`/usr/local/scripts/getzonelabels` script ( )

	`/usr/sbin/txzonemgr` script ( ) ( )

	`/usr/share/gnome/sel_config` file ( )

	`utadm` command, default Sun Ray server configuration ( )


V

	`VCL.xcu` file ( )

	verifying
		interface is up ( )
		syntax of network databases ( )

	viewing, See accessing

	virtual network computing (vnc), See Xvnc systems running Trusted Extensions


W

	well-formed labels ( )

	wildcard address, See fallback mechanism

	window manager ( )

	window system, trusted processes ( )

	workspaces
		color changes ( )
		colors indicating label of ( )
		global zone ( )


X

	X audit classes ( )

	`xatom` audit token ( )

	`xc` audit class ( )

	`xclient` audit token ( )

	`xcolormap` audit token ( )

	`xcursor` audit token ( )

	`xfont` audit token ( )

	`xgc` audit token ( )

	`xp` audit class ( )

	`xpixmap` audit token ( )

	`xproperty` audit token ( )

	`xs` audit class ( )

	`xselect` audit token ( )

	`Xtsolusersession` script ( )

	Xvnc systems running Trusted Extensions
		remote access to ( ) ( )

	`xwindow` audit token ( )

	`xx` audit class ( )


Z

	ZFS
		adding dataset to labeled zone ( )
		mounting dataset read-write on labeled zone ( )
		viewing mounted dataset read-only from higher-level zone ( )

	`/zone/public/etc/dfs/dfstab` file ( )

	Zone Terminal Console action ( )

	zones
		action for cloning ( )
		action for configuring ( )
		action for copying ( )
		action for initializing ( )
		action for installing ( )
		action for restarting ( )
		action for sharing logical interface ( )
		action for sharing physical interface ( )
		action for shutting down ( )
		action for starting ( )
		action for viewing from console ( )
		administering ( )
		administering from Trusted JDS ( )
		creating MLP ( )
		creating MLP for NFSv3 ( )
		displaying labels of file systems ( )
		displaying status ( )
		global ( )
		in Trusted Extensions ( )
		managing ( )
		`net_mac_aware` privilege ( )
		tool for labeling ( )