test

System Administration Guide, Volume 2

What's New in Solaris System Security?

This section describes new security features.

New Default Ownerships and Permissions on System Files and Directories

Many system files and directories in this Solaris release have different default ownership and stricter permissions than in previous releases. The default ownership and permissions changes are:

Keep the following in mind when creating a package to be added to a system running the Solaris 8 release:

These changes do not apply to all files and directories in this release; for example, the changes do not apply to OpenWindows or CDE files and directories.

Role-Based Access Control

Role-based access control (RBAC) provides a flexible way to package superuser privileges for assignment to user accounts so that you don't have to give all superuser privileges to a user that needs to solve a specific problem.

See Chapter 19, Role-Based Access Control for more information.

Sun Enterprise Authentication Mechanism (SEAM) or Kerberos V5 Client Support

This feature provides the Kerberos V5 client-side infrastructure, an addition to the Pluggable Authentication Module (PAM), and utility programs that can be used to secure RPC based applications, such as the NFS service. Kerberos provides selectable strong user or server level authentication, integrity, or privacy support. The Kerberos clients can be used in conjunction with Sun Enterprise Authentication Mechanism (SEAM), a part of SEAS 3.0, or other Kerberos V5 software (for instance, the MIT distribution) to create a complete single network sign-on solution.

See Chapter 21, SEAM Overview for more information.