Oracle Solaris Trusted Extensions Configuration Guide

ProcedureEnable Remote Login From an Unlabeled System

Before You Begin

This procedure is not secure.

You have relaxed PAM policy to allow remote role assumption, as described in Enable Remote Login by a Role in Trusted Extensions.

  1. On the trusted system, apply the appropriate security template to the unlabeled system.

    Caution – Caution –

    With the default settings, another unlabeled system could log in and administer the remote system. Therefore, you must change the network default from ADMIN_LOW to a different label. For the procedure, see How to Limit the Hosts That Can Be Contacted on the Trusted Network in Oracle Solaris Trusted Extensions Administrator’s Procedures.

  2. In the trusted editor, open the /etc/pam.conf file.

    # /usr/dt/bin/trusted_edit /etc/pam.conf
  3. Find the smcconsole entries.

  4. Add allow_unlabeled to the tsol_account module.

    Use the Tab key between fields.

    smcconsole   account required allow_unlabeled

    After your edits, this section appears similar to the following:

    # Solaris Management Console definition for Account management
    smcconsole  account  requisite    allow_remote
    smcconsole  account  required
    smcconsole  account  required allow_unlabeled