Trusted Extensions software provides reasonable security defaults for users. These security defaults are listed in the Table 1–2. Where two values are listed, the first value is the default. The security administrator can modify these defaults to reflect the site's security policy. After the security administrator sets the defaults, the system administrator can create all the users, who inherit the established defaults. For descriptions of the keywords and values for these defaults, see the label_encodings(4) and policy.conf(4) man pages.
Table 1–2 Trusted Extensions Security Defaults for User Accounts
File name |
Keyword |
Value |
---|---|---|
/etc/security/policy.conf |
IDLECMD |
lock | logout |
|
IDLETIME |
30 |
|
CRYPT_ALGORITHMS_ALLOW |
1,2a,md5,5,6 |
|
CRYPT_DEFAULT |
_unix_ |
|
LOCK_AFTER_RETRIES |
no | yes |
|
PRIV_DEFAULT |
basic |
|
PRIV_LIMIT |
all |
|
AUTHS_GRANTED |
solaris.device.cdrw |
|
PROFS_GRANTED |
Basic Solaris User |
LOCAL DEFINITIONS section of /etc/security/tsol/label_encodings |
Default User Clearance |
CNF NEED TO KNOW |
Default User Sensitivity Label |
PUBLIC |
The system administrator can set up a standard user template that sets appropriate system defaults for every user. For example, by default. each user's initial shell is a Bourne shell. The system administrator can set up a template that gives each user a C shell. For more information, see the Solaris Management Console online help for User Accounts.