Index (System Administration Guide: Security Services)

System Administration Guide: Security Services


Numbers and Symbols

	* (asterisk)
		`device_allocate` file ( ) ( )
		wildcard character in ASET ( )

	\ (backslash)
		`device_allocate` file ( )
		ending in `device_maps` file ( )

	`.` (dot), path variable entry ( )

	= (equal sign), file permissions symbol ( )

	- (minus sign)
		audit flag prefix ( )
		file permissions symbol ( )

	+ (plus sign)
		audit flag prefix ( )
		file permissions symbol ( )

	# (pound sign)
		`device_allocate` file ( )
		`device_maps` file ( )

	? (question mark), in ASET tune files ( )

	^+ audit flag prefix ( )

	^- audit flag prefix ( )

	`~/.gkadmin` file, description ( )

	`~/.k5login` file, description ( )

	`3des-cbc` encryption algorithm, `ssh_config` file ( )

	`3des` encryption algorithm, `sshd_config` file ( )

	`$HOME/.ssh/known_hosts` file
		description ( ) ( )


A

	`aa` audit flag ( )

	absolute mode
		changing file permissions ( ) ( )
		description ( )
		setting special permissions ( )

	access
		getting to server
			with SEAM ( )
		obtaining for a specific service ( )
		restricting for KDC servers ( )
		`root` access
			displaying attempts on console ( )
			monitoring `su` command use ( ) ( )
			restricting ( ) ( )
		security
			ACLs ( ) ( ) ( )
			controlling system usage ( )
			file access restriction ( )
			firewall setup ( ) ( )
			login access restrictions ( ) ( )
			login control ( )
			monitoring system usage ( )
			network control ( )
			path variable setting ( )
			physical security ( )
			reporting problems ( )
			`root` login tracking ( )
			`setuid` programs ( )
		sharing files ( )
		system logins ( )

	access control list
		See ACL

	Access Control Lists (ACLs)
		See ACL

	ACL
		adding entries ( )
		changing entries ( )
		checking entries ( )
		commands ( )
		default entries for directories ( ) ( )
		deleting entries ( ) ( )
		description ( ) ( )
		directory entries ( ) ( )
		displaying entries ( ) ( )
		format of entries ( )
		`kadm5.acl` file ( ) ( ) ( )
		setting entries ( )
		valid file entries ( )

	`acl` token, format ( )

	`ad` audit flag ( )

	Add Administrative Role wizard
		description ( ) ( )

	Add Right dialog box, description ( )

	Add User wizard, description ( )

	adding
		administration principals (SEAM) ( )
		allocatable devices (BSM) ( )
		custom roles (RBAC) ( )
		PAM module ( )
		password encryption module ( )
		rights profiles (RBAC) ( )
		roles (RBAC) ( ) ( )
		service principal to keytab file (SEAM) ( )
		the first role (RBAC) ( )
		the first user (RBAC) ( )

	`admin_server` section, `krb5.conf` file ( )

	administering
		auditing
			audit class ( )
			audit classes ( )
			audit event ( )
			audit files ( )
			audit flags ( ) ( )
			audit records ( )
			audit trail overflow prevention ( )
			`auditreduce` command ( )
			cost control ( )
			description ( )
			efficiency ( )
			kernel events ( )
			process preselection mask ( )
			reducing storage-space requirements ( )
			user-level events ( )
		SEAM
			keytabs ( )
			policies ( )
			principals ( )
		Secure Shell ( )

	`administrative (old)` audit class ( )

	`administrative` audit class ( )

	`aes128–cbc` encryption algorithm, `ssh_config` file ( )

	agent daemon, Secure Shell ( )

	algorithms
		configuration ( )
		password encryption ( )

	aliases file (ASET)
		description ( )
		example ( )
		format ( )
		specification ( )

	`all`
		audit class ( )
		audit flag
			caution for using ( )
			described ( )
		in user audit fields ( )

	All rights profile
		description ( ) ( )

	`allhard` string, `audit_warn` script ( )

	`allocate` command
		authorizations required ( )
		how the allocate mechanism works ( )
		options ( )
		using ( )

	allocate error state ( ) ( )

	`AllowGroups` keyword, `sshd_config` file ( )

	`AllowTCPForwarding` keyword, `sshd_config` file ( )

	`AllowUsers` keyword, `sshd_config` file ( )

	`allsoft` string, `audit_warn` script ( )

	always-audit flags
		description ( ) ( )
		process preselection mask ( )

	`am` audit flag ( )

	analysis
		`praudit` command ( ) ( )

	`ap` audit flag ( )

	`application` audit class ( )

	`arbitrary` token
		format ( )
		item size field ( )
		print format field ( )

	Archive tape drive clean script ( )

	`arg` token ( )

	`arge` audit policy
		description ( )
		`exec_env` token and ( )

	`argv` audit policy
		description ( )
		`exec_args` token and ( )

	`as` audit flag ( )

	ASET
		description ( )
		environment variables ( )
		error messages ( )
		NFS servers and ( )

	`aset` command
		initiating ASET sessions ( )
		`-p` option ( )
		running ASET interactively ( )
		running ASET periodically ( )
		stop running ASET periodically ( )

	`aset.restore` command, description ( )

	`ASETDIR` variable (ASET), working directory specification ( )

	`asetenv` file
		description ( )
		modifying ( )
		running ASET periodically ( )

	`ASETSECLEVEL` variable (ASET), setting security levels ( )

	Assign Administrative Role dialog box, description ( )

	Assign Rights to Role dialog box, description ( )

	asterisk (*)
		`device_allocate` file ( ) ( )
		wildcard character ( )

	`at` command, authorizations required ( )

	`atq` command, authorizations required ( )

	`attr` token ( )

	audio_clean script ( )

	audio devices, device-clean scripts ( )

	AUDIO_DRAIN ioctl system call ( )

	AUDIO_SETINFO ioctl system call ( )

	AUDIOGETREG ioctl system call ( )

	AUDIOSETREG ioctl system call ( )

	`audit administration` audit class ( )

	audit characteristics
		overview ( )
		process preselection mask ( )

	audit class
		description ( ) ( )

	audit classes
		description ( )
		flags and definitions ( )
		mapping events ( )

	`audit` command
		description ( )
		`-n` option ( )
		preselection mask for existing processes (`-s` option) ( )
		rereading audit files (`-s` option) ( )
		resetting directory pointer (`-s` option) ( )

	Audit Control, rights profile ( )

	`audit_control` file
		audit daemon rereading after editing ( )
		`audit_user` file modification ( )
		`dir:` line
			described ( )
			examples ( )
		examples ( )
		`flags:` line
			described ( )
			prefixes in ( )
			process preselection mask ( )
		`minfree:` line
			`audit_warn` condition ( )
			described ( )
		`naflags:` line ( )
		overview ( ) ( ) ( )
		prefixes in flags line ( )
		problem with contents ( )

	audit daemon
		`audit_startup` file ( )
		audit trail creation ( ) ( )
		`audit_warn` script
			conditions invoking ( ) ( )
			described ( ) ( )
			execution of ( )
		functions ( )
		order audit files are opened ( )
		rereading the `audit_control` file ( )

	`audit_data` file ( )

	audit directory, description ( )

	audit event
		`audit_event` file ( ) ( )
		description ( ) ( ) ( )
		kernel event ( )
		mapping to classes ( )
		user-level events ( )

	`audit_event` file ( ) ( )

	audit files
		`auditreduce` command ( ) ( )
		combining ( ) ( ) ( )
		copying messages to single file ( )
		displaying in entirety ( )
		`file` token ( )
		minimum free space for file systems ( )
		names ( )
			form ( )
			still-active files ( )
			time stamps ( )
		nonactive files marked not_terminated ( )
		order for opening ( )
		printing ( )
		reducing ( ) ( ) ( )
		reducing storage-space requirements ( ) ( )
		switching to new file ( )
		time stamps ( )

	audit flags ( )
		`audit_control` file line ( )
		audit_user file ( ) ( )
		definitions ( )
		description ( )
		effect on public objects ( )
		exceptions to machine-wide settings ( )
		machine-wide ( ) ( ) ( )
		overview ( ) ( )
		prefixes ( )
		process preselection mask ( )
		syntax ( ) ( )

	audit ID
		mechanism ( )
		overview ( )

	audit messages, copying to single file ( )

	audit policies
		defaults ( )
		description ( )
		effects of ( )

	audit policy, `public` ( )

	audit records
		audit directories full ( ) ( ) ( )
		converting to readable format ( ) ( ) ( ) ( )
		description ( )
		displaying the format ( )
		events that generate ( )
		format or structure ( )
		formatting example ( ) ( )
		overview ( )
		reducing audit files ( )

	Audit Review, rights profile ( )

	audit session ID ( )

	`audit_startup` file ( )

	audit threshold ( )

	audit tokens
		audit record format ( )
		description ( ) ( )
		format ( )
		table of ( )

	audit trail
		analysis
			`praudit` command ( ) ( )
		analysis costs ( )
		creating
			audit daemon's role ( ) ( ) ( )
			`audit_data` file ( )
			overview ( )
		description ( )
		events included ( )
		merging all files ( ) ( )
		monitoring in real time ( )
		no public objects ( )
		overflow prevention ( )
		overview ( )

	`audit_user` file
		exception to machine-wide audit flags ( )
		prefixes for flags ( )
		process preselection mask ( )
		user audit fields ( ) ( )

	`audit_warn` script ( )
		audit daemon execution of ( )
		conditions invoking ( ) ( )
		description ( )
		strings ( ) ( )

	`auditconfig` command
		audit flags as arguments ( ) ( )
		description ( )
		prefixes for flags ( )

	`auditd` daemon
		`audit_startup` file ( )
		audit trail creation ( ) ( ) ( ) ( )
		`audit_warn` script
			conditions invoking ( ) ( )
			described ( )
			execution of ( )
		functions ( )
		order audit files are opened ( )
		rereading the audit_control file ( )

	auditing, rights profiles ( )

	`auditreduce` command ( ) ( )
		`-c` option ( )
		cleaning not_terminated files ( )
		`-d` option ( )
		description ( ) ( )
		examples ( )
		`-O` option ( )
		options ( )
		time stamp use ( )
		trailer tokens, and ( )
		without options ( ) ( )

	`auditsvc()` system call, `audit_warn` script and ( )

	`AUE_...` names, description ( )

	`auth_attr` database
		description ( ) ( )
		RBAC relationships ( )

	AUTH_DH authentication ( )

	AUTH_DH client-server session ( ) ( )
		additional transaction ( )
		client authenticates server ( )
		contacting the server ( ) ( )
		decrypting the conversation key ( )
		generating public and secret keys ( )
		generating the conversation key ( )
		running `keylogin` ( )
		storing information on the server ( ) ( )
		verifier returned to client ( )

	authentication
		configuring cross-realm ( )
		description ( )
		DH ( ) ( )
		network security ( ) ( )
		overview of Kerberos ( )
		`root` for NFS ( )
		SEAM and ( )
		Secure Shell
			description ( )
			hosts ( )
			methods ( )
			steps ( )
			users ( )
		terminology ( )
		types ( )

	authentication parameters, `ssh_config` file ( )

	authenticator
		in SEAM ( ) ( )

	authorization
		database
			See `auth_attr` database
		delegating ( )
		description ( ) ( ) ( ) ( )
		granularity ( )
		naming convention ( )
		network security ( ) ( )
		SEAM and ( )
		types ( )

	`authorized_keys` file, description ( )

	`auths` command, description ( )

	`authtok_check` module, description ( )

	`authtok_get` module, description ( )

	`authtok_store` module, description ( )

	Automated Security Enhancement Tool
		See ASET

	automatically enabling auditing ( )

	automating principal creation ( )


B

	backing up the Kerberos database ( )

	backslash (\), `device_allocate` file ( )

	backup
		Kerberos database ( )
		slave KDCs ( )

	Basic Solaris User rights profile
		description ( ) ( )

	`Batchmode` keyword, `ssh_config` file ( )

	`binding` control flag, PAM ( )

	`blowfish-cbc` encryption algorithm, `ssh_config` file ( )

	`blowfish` encryption algorithm
		`policy.conf` file ( )
		`ssh_config` file ( )

	Bourne shell
		ASET working directory specification ( )
		privileged version ( )

	`bsmconv` script, devicemaps file creation ( )

	`bsmrecord` command
		display audit record formats ( )
		example ( ) ( )


C

	`-c` option, `auditreduce` command ( )

	C shell
		ASET working directory specification ( )
		privileged version ( )

	cache, credential ( )

	caret (^) in audit flag prefixes ( )

	CD-ROM drives
		device-clean scripts ( ) ( )

	`cd` subcommand, `sftp` command ( )

	`changepw` principal ( )

	changing
		(command line) user properties ( )
		rights profiles (command line) ( )
		role properties (command line) ( )
		your password with `kpasswd` ( )
		your password with `passwd` ( )

	`CheckHostIP` keyword, `ssh_config` file ( )

	`chgrp` command
		description ( )
		syntax ( )

	`chgrp` subcommand, `sftp` command ( )

	`chkey` command ( ) ( )

	`chmod` command
		changing special permissions ( ) ( )
		description ( )
		syntax ( )

	`chmod` subcommand, `sftp` command ( )

	choosing, your password ( )

	`chown` command
		description ( )
		syntax ( )

	`Cipher` keyword, `ssh_config` file ( )

	`Ciphers` keyword
		`ssh_config` file ( )
		`sshd_config` file ( )

	`cklist.rpt` file
		description ( ) ( )

	`CKLISTPATH_level` variable (ASET), setting the directories to be checked ( )

	`cl` audit flag ( )

	class
		description ( ) ( )

	classes, flags and definitions ( )

	cleaning, not_terminated files ( )

	client
		AUTH_DH client-server session ( ) ( )
		definition in SEAM ( )

	client names, planning for in SEAM ( )

	clients (SEAM), configuring ( )

	clock skew
		SEAM and ( ) ( )

	clock synchronizing
		SEAM and ( ) ( ) ( )

	`cnt` audit policy, description ( )

	combining audit files ( )
		`auditreduce` command ( ) ( )

	command-line equivalents of SEAM Administration Tool ( )

	commands
		device-allocation commands ( )
		table of SEAM ( )

	comments
		`device_allocate` file ( )
		`device_maps` file ( )

	common key
		calculation ( )
		DH authentication and ( )

	`Compression` keyword, `ssh_config` file ( )

	`CompressionLevel` keyword, `ssh_config` file ( )

	Computer Emergency Response Team/Coordination Center (CERT/CC) ( ) ( )

	computer security
		See system security

	configuration decisions
		SEAM
			client and service principal names ( )
			clock synchronization ( )
			database propagation ( )
			mapping hostnames onto realms ( )
			number of realms ( )
			ports ( )
			realm hierarchy ( )
			realm names ( )
			realms ( )
			slave KDCs ( )

	configuration file
		`audit_control` file ( ) ( ) ( ) ( )
		`audit_startup` script for audit policy ( )
		PAM ( ) ( )
		password encryption algorithm ( )
		`policy.conf` file ( )

	configuring
		ASET ( ) ( )
		audit trail overflow prevention ( )
		`auditconfig` command ( )
		RBAC
			task map ( )
		SEAM
			adding administration principals ( )
			clients ( )
			cross-realm authentication ( )
			master KDC server ( )
			NFS servers ( )
			overview ( )
			slave KDC server ( )
			task map ( )
		Secure Shell ( )

	`ConnectionAttempts` keyword, `ssh_config` file ( )

	console
		displaying `su` command use on ( )
		`root` access restriction to ( )

	context-sensitive help ( )

	control flags, PAM ( )

	controlling, system usage ( )

	conversation key
		decrypting ( )
		generating ( )

	converting
		audit records to readable format ( ) ( ) ( )

	copying audit messages to single file ( )

	cost control, auditing and ( )

	creating
		credential table ( )
		`/etc/d_passwd` file ( )
		keytab file ( )
		new policy ( )
		new policy (SEAM) ( )
		new principal (SEAM) ( )
		Secure Shell keys ( )
		stash file ( )
		tickets with `kinit` ( )

	creating the audit trail ( )
		audit daemon's role ( )
		`audit_data` file ( )
		`auditd` daemon ( )
		overview ( )

	cred database ( ) ( )
		DH authentication and ( )

	cred table
		information stored by server ( ) ( )

	credential
		cache ( )
		description ( ) ( )
		obtaining for a server ( )
		obtaining for a TGS ( )
		or tickets ( )

	credential cache ( )

	credential table, adding single entry to ( )

	`cron` command, backing up using ( )

	`cron` service name, PAM ( )

	`crontab` files, authorizations required ( )

	`crontab` files
		running ASET periodically ( )
		stop running ASET periodically ( )

	cross-realm authentication, configuring ( )

	`crypt` command, file security ( )

	`crypt_sunmd5` encryption algorithm ( )

	`csh` command
		dial-up passwords ( )
		privileged version ( )

	`.cshrc` file, path variable entry ( )


D

	`-d` option
		`auditreduce` command ( )
		`praudit` command ( )

	`d_passwd` file
		creating ( )
		description ( )
		disabling dial-up logins temporarily ( )
		`/etc/passwd` file and ( )

	daemon
		`keyserv` ( )
		`krb5kdc` ( )

	daemons, table of SEAM ( )

	Data Encryption Standard
		See DES

	data forwarding, Secure Shell ( )

	database
		backing up and propagating KDC ( ) ( )
		creating KDC ( )
		KDC propagation ( )

	`deallocate` command
		allocate error state ( )
		authorizations required ( )
		description ( )
		device-clean scripts and ( )
		using ( )

	debugging sequence number ( )

	decrypting
		conversation key ( )
		secret key ( )

	`default_realm` section, `krb5.conf` file ( )

	defaults
		ACL entries for directories ( ) ( )
		`audit_startup` file ( )
		machine-wide ( )
		praudit output format ( ) ( )

	`delete_entry` command ( )

	deleting
		ACL entries ( ) ( )
		host's service ( )
		policies (SEAM) ( )
		principal (SEAM) ( )

	`DenyGroups` keyword, `sshd_config` file ( )

	`DenyUsers` keyword, `sshd_config` file ( )

	DES encryption ( )

	destroying, tickets with `kdestroy` ( )

	`device_allocate` file
		format ( )
		overview ( )

	device allocation ( )
		adding devices ( )
		allocatable devices ( ) ( ) ( )
		`allocate` command
			how the allocate mechanism works ( )
			options ( )
			using ( )
		allocate error state ( ) ( )
		allocating a device ( )
		commands ( ) ( )
		components of the allocation mechanism ( )
		`deallocate` command
			allocate error state ( )
		deallocate command
			allocate error state ( )
		`deallocate` command
			described ( )
		deallocate command
			device-clean scripts and ( )
		`deallocate` command
			using ( )
		description ( )
		`device_allocate` file ( )
		device-clean scripts
			audio devices ( )
			CD-ROM drives ( ) ( )
			described ( )
			diskette drives ( ) ( )
			options ( )
			tape drives ( ) ( )
			writing new scripts ( )
		`device_maps` file ( )
		`device_maps` file ( )
		`list_devices` command ( )
		lock file setup ( )
		managing devices ( )
		reallocating ( )
		using device allocations ( )

	device-clean scripts
		audio devices ( )
		CD-ROM drives ( ) ( )
		description ( )
		diskette drives ( ) ( )
		options ( )
		tape drives ( ) ( )
		writing new scripts ( )

	`device_maps` file
		format ( ) ( )
		overview ( )

	devices
		device allocation
			See device allocation
		lock files ( )
		managing ( )
		system device access control ( )

	`dfstab` file
		kerberos option ( )
		sharing files ( )

	DH authentication ( )
		AUTH_DH client-server session ( ) ( )
		mounting files ( )
		sharing files ( )

	DH security
		for an NIS+ client ( )
		for an NIS client ( )

	`dhkeys` module, description ( )

	`dial_auth` module, description ( )

	dial-up passwords
		disabling ( )
		disabling dial-up logins temporarily ( )
		`/etc/d_passwd` file ( )
		security ( )

	`dialups` file, creating ( )

	Diffie-Hellman, role in authentication ( )

	`dir:` line
		`audit_control` file ( ) ( )

	direct realms ( )

	directories
		`audit_control` file definitions ( )
		audit daemon pointer ( ) ( )
		audit directories full ( ) ( ) ( )
		mounting audit directories ( )

	directory
		ACL entries ( ) ( )
		ASET files ( )
			checklist task (`CKLISTPATH`) setting ( ) ( )
			master files ( )
			reports ( )
			working directory ( ) ( )
		displaying files and related information ( ) ( ) ( )
		permissions
			defaults ( )
			description ( )
		public directories ( )

	disabling
		abort sequence ( )
		dial-up logins temporarily ( )
		keyboard shutdown ( )
		service on a host (SEAM) ( )
		user logins ( )

	disk-space requirements ( )

	diskette drives
		device-clean scripts ( ) ( )

	displaying
		ACL entries ( ) ( )
		ASET task status ( ) ( )
		audit log in entirety ( )
		files and related information ( ) ( ) ( )
		`root` access attempts on console ( )
		`su` command use on console ( )
		sublist of principals (SEAM) ( )
		user's login status ( ) ( )

	`dminfo` command ( )

	DNS ( )
		SEAM and ( )

	`domain_realm` section
		`krb5.conf` file ( ) ( )

	dot (`.`), path variable entry ( )

	`DSAAuthentication` keyword, `sshd_config` file ( )

	DTD for `praudit` command ( )

	`dtlogin` service name, PAM ( )

	`.dtprofile` script, use in Secure Shell ( )

	`dtsession` service name, PAM ( )

	duplicating, principal (SEAM) ( )


E

	ebusy string, `audit_warn` script ( )

	editing rights profiles, task description ( )

	`eeprom` command ( ) ( )

	`eeprom.rpt` file
		description ( ) ( )

	efficiency, auditing and ( )

	`eject` command, BSM device cleanup and ( )

	encrypting
		capturing encrypted passwords ( )
		files ( )
		passwords ( )

	encryption ( )
		password algorithms ( )
		privacy service ( )
		specifying algorithms in `policy.conf` ( )
		specifying algorithms in `ssh_config` ( )
		specifying algorithms in `sshd_config` ( )

	ending, signal received during auditing shutdown ( )

	`env.rpt` file
		description ( ) ( )

	`environment` file, description ( )

	environment file (ASET)
		description ( )
		modifying ( )
		running ASET periodically ( )

	environment variables
		ASET
			`ASETDIR` ( )
			`ASETSECLEVEL` ( )
			`CKLISTPATH_level` ( ) ( )
			`PERIODIC_SCHEDULE` ( ) ( ) ( ) ( )
			summary table ( )
			`TASKS` ( ) ( )
			`UID_ALIASES` ( ) ( ) ( )
			`YPCHECK` ( ) ( )

	equals sign (=), file permissions symbol ( )

	error message, with `kpasswd` ( )

	errors
		allocate error state ( ) ( )
		audit directories full ( ) ( ) ( )
		internal errors ( )

	`EscapeChar` keyword, `ssh_config` file ( )

	`/etc/d_passwd` file ( )
		creating ( )
		disabling dial-up logins temporarily ( )
		`/etc/passwd` file and ( )

	`/etc/default/kbd` file ( )

	`/etc/default/login` file, restricting `root` access to console ( )

	`/etc/default/su` file
		displaying `su` command use on console ( )
		monitoring `su` command ( )

	`/etc/dfs/dfstab` file
		kerberos option ( )
		sharing files ( )

	`/etc/dialups` file, creating ( )

	`/etc/group` file, ASET checks ( )

	`/etc/hosts.equiv` file, description ( )

	`/etc/init.d/kdc` file, description ( )

	`/etc/init.d/kdc.master` file, description ( )

	`/etc/krb5/kadm5.acl` file, description ( )

	`/etc/krb5/kadm5.keytab` file, description ( )

	`/etc/krb5/kdc.conf` file, description ( )

	`/etc/krb5/kpropd.acl` file, description ( )

	`/etc/krb5/krb5.conf` file, description ( )

	`/etc/krb5/krb5.keytab` file, description ( )

	`/etc/krb5/warn.conf` file, description ( )

	`/etc/logindevperm` file, description ( )

	`/etc/nologin` file ( )
		description ( )

	`/etc/nsswitch.conf` file, login access restrictions ( )

	`/etc/pam.conf`
		description ( ) ( )
		syntax ( )

	`/etc/pam.conf` file, SEAM and ( )

	`/etc/passwd` file
		ASET checks ( )
		`/etc/d_passwd` file and ( )

	`/etc/publickey` file, DH authentication and ( )

	`/etc/security/audit/bsmconv` script, `device_maps` file creation ( )

	`/etc/security/audit_data` file ( )

	`/etc/security/audit_event` file ( )
		audit events and ( )

	`/etc/security/audit_startup` file ( )

	`/etc/security/audit_warn` script ( ) ( )

	`/etc/security/dev` lock files ( )

	`/etc/security/policy.conf` file, algorithms configuration ( )

	`/etc/ssh_host_key.pub` file, description ( )

	`/etc/ssh/shosts.equiv` file, description ( )

	`/etc/ssh/ssh_config` file
		client authentication parameters ( )
		configuring Secure Shell ( )
		host-specific parameters ( )

	`/etc/ssh/ssh_host_key` file, description ( )

	`/etc/ssh/ssh_known_hosts` file
		configuring Secure Shell ( )
		controlling distribution ( )
		description ( )

	`/etc/ssh/sshd_config` file, description ( )

	`/etc/ssh/sshrc` file, description ( )

	`/etc/syslog.conf` file, PAM ( )

	event, description ( )

	event modifier field flags (`header` token) ( )

	events, audit, See audit events ( )

	`ex` audit flag ( )

	`exec_args` token
		`argv` policy and ( )
		format ( )

	`exec_attr` database
		description ( ) ( )
		RBAC relationships ( )

	`exec` audit class ( )

	`exec_env` token, format ( )

	executable stacks ( )

	execute permissions, symbolic mode ( )

	execution attributes, description ( )

	execution log (ASET) ( ) ( )

	`exit` subcommand, `sftp` command ( )

	`exit` token, format ( )


F

	`-F` option
		`allocate` command ( )
		`deallocate` command ( )
		`st_clean` script ( )

	`fa` audit flag ( )

	failed login attempts ( )

	failure
		audit flag prefix ( ) ( )
		turning off audit flags for ( ) ( )

	`FallBackToRsh` keyword, `ssh_config` file ( )

	`fc` audit flag ( )

	`fd` audit flag ( )

	`fd_clean` script, description ( )

	`file_attr_acc` audit class ( )

	`file_attr_mod` audit class ( )

	`file_close` audit class ( )

	`file_creation` audit class ( )

	`file_deletion` audit class ( )

	`file_read audit` class ( )

	`file` token, format ( )

	file vnode token ( )

	`file_write audit` class ( )

	files
		copying with Secure Shell ( )
		device allocation lock ( )
		`kdc.conf` ( )
		table of SEAM ( )
		transferring with Secure Shell ( )

	files and file systems
		ACL entries
			adding or modifying ( )
			checking ( )
			deleting ( ) ( )
			displaying ( ) ( )
			setting ( )
			valid entries ( )
		ASET checks ( ) ( )
		ownership
			changing ( )
			`setgid` permission and ( )
			`setuid` permission and ( )
		permissions
			absolute mode ( ) ( )
			changing ( ) ( ) ( )
			defaults ( )
			description ( )
			`setgid` ( ) ( )
			`setuid` ( )
			sticky bit ( )
			symbolic mode ( ) ( ) ( ) ( )
			`umask` setting ( )
		security ( ) ( )
			access restriction ( )
			ACL ( )
			changing ownership ( ) ( )
			changing permissions ( ) ( )
			directory permissions ( )
			displaying file information ( ) ( ) ( )
			encryption ( )
			file permissions ( )
			file types ( )
			special file permissions ( ) ( ) ( )
			`umask` default ( )
			user classes ( )
		sharing files ( )

	`find` command
		finding files with `setuid` permissions ( ) ( )

	`firewall.rpt` file ( )
		description ( )

	firewall systems
		ASET setup ( ) ( )
		outside connections with Secure Shell
			from command line ( )
			from configuration file ( )
		packet smashing ( )
		security ( )
		SunScreen ( )
		trusted host ( )

	flags
		audit
			See audit flags
		`audit_control` file line ( )
		audit_user file ( ) ( )
		definitions ( )
		machine-wide ( ) ( )
		overview ( )
		prefixes ( )
		process preselection mask ( )
		syntax ( ) ( )

	`flags:` line in `audit_control` file
		description ( )
		prefixes in ( )
		process preselection mask ( )

	`fm` audit flag ( )

	forced cleanup ( )

	format of audit records
		`bsmrecord` command ( ) ( )

	forwardable tickets
		definition ( )
		description ( )
		example ( )

	forwarding, specifying in `ssh_config` ( )

	`ForwardX11` keyword, Secure Shell port forwarding ( )

	FQDN (Fully Qualified Domain Name), in SEAM ( )

	`fr` audit flag ( )

	`ftp` command, authentication ( )

	`ftp` service name, PAM ( )

	`fw` audit flag ( )


G

	`GatewayPorts` keyword
		`ssh_config` file ( )
		`sshd_config` file ( )

	gateways
		See firewall systems

	Generic Security Service API
		See GSS-API

	`get` subcommand, `sftp` command ( )

	`getfacl` command
		description ( )
		displaying ACL entries ( )
		examples ( )
		verifying ACLs set on files ( )

	getting
		access to a specific service ( )
		credential for a server ( )
		credential for a TGS ( )

	`gkadmin` command
		See also SEAM Administration Tool
		description ( )

	`.gkadmin` file ( )
		description ( )

	`GlobalKnownHostsFile` keyword, `ssh_config` file ( )

	group ACL entries
		default entries for directories ( )
		description ( )
		setting ( )

	`group` audit policy
		description ( )
		`groups` token and ( )

	group identifier numbers (GIDs), special logins and ( )

	`group` policy
		`group` token ( )
		`group` token and ( )
		`newgroups` token ( )
		`newgroups` token and ( )

	`group` token ( )
		format ( )

	groups, changing file ownership ( )

	GSS-API
		SEAM and ( ) ( )

	`gsscred` command, description ( )

	`gsscred` table, using ( )


H

	`-h` option, `bsmrecord` command ( )

	hard-disk-space requirements, auditing and ( )

	hard string with `audit_warn` script ( )

	hardware
		protecting ( ) ( )

	`header` token
		description ( )
		event-modifier field flags ( )
		format ( )
		order in audit record ( )

	help
		context-sensitive ( )
		Help Contents ( )
		SEAM Administration Tool ( )
		URL for online ( )

	Help button, SEAM Administration Tool ( )

	hierarchical realms
		configuring ( )
		in SEAM ( ) ( )

	high ASET security level ( )

	host
		authentication in Secure Shell ( )
		disabling service on ( )

	`Host` keyword, `ssh_config` file ( )

	host names, mapping onto realms ( )

	host principal
		and DNS ( )
		creating ( )

	`HostDSAKey` keyword, `sshd_config` file ( )

	`HostKey` keyword, `sshd_config` file ( )

	`Hostname` keyword, `ssh_config` file ( )

	hosts, trusted host ( )

	`hosts.equiv` file, description ( )


I

	`-I` option
		`deallocate` command ( )
		`st_clean` script ( )

	identity file (Secure Shell), naming convention ( )

	`IdentityFile` keyword, `ssh_config` file ( )

	IDs
		audit ( )
			overview ( )
		audit session ( )
		mapping UNIX to Kerberos principals ( )
		terminal ( )

	`in_addr` token, format ( )

	`init` service name, PAM ( )

	initial ticket, definition ( )

	instance, in principals names ( )

	integrity
		SEAM and ( )
		security service ( )

	interactively running ASET ( )

	Internet firewall setup ( )

	Internet-related tokens
		`in_addr` token ( )
		`ip` token ( )
		`iport` token ( )
		`socket` token ( )

	invalid ticket, definition ( )

	`io` audit flag ( )

	`ioctl` audit class ( )

	`ioctl()` system calls ( )

	ioctl system calls ( )

	IP address, Secure Shell checking ( )

	`ip` audit flag ( )

	`ip` token, format ( )

	`ipc` audit class ( )

	`ipc_perm` token, format ( )

	`ipc` token ( )
		format ( )

	ipc type field values (`ipc` token) ( )

	`iport` token, format ( )

	item size field, `arbitrary` token ( )


K

	`.k5.`REALM file, description ( )

	`.k5login` file, description ( )

	`kadm5.acl` file
		description ( )
		format of entries ( )
		master KDC entry ( ) ( )
		new principals and ( ) ( )

	`kadm5.keytab` file ( )
		description ( )

	`kadmin` command ( ) ( )
		description ( )
		`ktadd` command ( )
		`ktremove` command ( )
		removing principals from keytab with ( )

	`kadmin.local` command ( ) ( )
		adding administration principals ( )
		description ( )

	`kadmin.log` file, description ( )

	`kadmind` daemon
		master KDC and ( )
		SEAM and ( )

	`kadmind` principal ( )

	`kdb5_util` command ( ) ( )
		description ( )

	KDC
		adding entries to propagation file ( )
		adding slave names to cron job ( )
		backing up and propagating ( )
		configuring master ( )
		configuring server ( )
		configuring slave ( )
		copying administration files from slave to master ( )
		creating database ( )
		creating host principal ( )
		creating root principal ( ) ( )
		database propagation ( )
		master
			definition ( )
		planning ( )
		ports ( )
		propagating database with `kprop_util` ( )
		restricting access to servers ( )
		slave ( )
			definition ( )
		slave or master ( ) ( )
		starting daemon ( )
		swapping master and slave ( )
		synchronizing clocks ( ) ( )

	`kdc.conf` file
		description ( )
		ticket lifetime and ( )

	`kdc` file, description ( )

	`kdc.log` file, description ( )

	`kdc.master` file, description ( )

	`kdestroy` command
		description ( )
		example ( )

	`KeepAlive` keyword
		`ssh_config` file ( )
		`sshd_config` file ( )

	KERB authentication, `dfstab` file option ( )

	Kerberos
		and Kerberos V5 ( )
		and SEAM ( ) ( )
		`dfstab` file option ( )
		terminology ( )

	Kerberos (KERB) authentication ( )

	kernel events, auditing and ( )

	key
		creating for an NIS user ( )
		creating for Secure Shell ( )
		description ( )
		private ( )
		service ( )
		service key ( )
		session ( ) ( )

	Key Distribution Center
		See KDC

	`KEYBOARD_ABORT` system variable ( )

	`keylogin` command ( ) ( )
		running ( )

	`KeyRegenerationInterval` keyword, `sshd_config` file ( )

	`keyserv` daemon
		starting ( )
		verifying ( )

	keytab file
		adding master KDC's host principal to ( )
		adding service principal to ( ) ( )
		administering ( )
		administering with `ktutil` command ( )
		creating ( )
		disabling a host's service with `delete_entry` command ( )
		read into keytab buffer with with `read_kt` command ( )
		read into keytab with `read_kt` command ( )
		removing principals with `ktremove` command ( )
		removing service principal from ( )
		viewing contents with `ktutil` command ( ) ( )
		viewing keylist buffer with `list` command ( ) ( )

	kinds of tickets ( )

	`kinit` command
		description ( )
		example ( )
		`-F` option ( )
		ticket lifetime ( )

	`klist` command
		description ( )
		example ( )
		`-f` option ( )

	`known_hosts` file
		configuring Secure Shell ( )
		controlling distribution ( )
		description ( )
		role in authentication ( )

	Korn shell
		ASET working directory specification ( )
		privileged version ( )

	`kpasswd` command
		and `passwd` command ( )
		description ( )
		error message ( )
		example ( )

	`kprop` command, description ( )

	`kprop_script` script ( )

	`kpropd.acl` file ( )
		description ( )

	`kpropd` daemon, SEAM and ( )

	`krb5.conf` file
		description ( )
		`domain_realm` section ( )
		editing ( )
		ports definition ( )

	`krb5.keytab` file, description ( )

	`krb5` module, description ( )

	`krb5cc_`uid file, description ( )

	`krb5kdc` daemon ( )
		master KDC and ( )
		SEAM and ( )

	`ksh` command ( )
		privileged version ( )

	`ktadd` command ( ) ( )
		syntax ( )

	`ktremove` command ( )

	`ktutil` command ( )
		`delete_entry` command ( )
		description ( )
		`list` command ( ) ( )
		`read_kt` command ( ) ( )
		viewing list of principals ( ) ( )


L

	`-l` option, `praudit` command ( )

	`-L` option
		`ssh` command ( ) ( )

	`lcd` subcommand, `sftp` command ( )

	LDAP
		passwords ( ) ( )

	`ldap` module, description ( )

	legacy application, securing ( )

	lifetime of ticket, in SEAM ( )

	`list` command ( ) ( )

	`list_devices` command ( )
		authorizations required ( )

	list privileges in SEAM Administration Tool ( )

	`ListenAddress` keyword, `sshd_config` file ( )

	`lo` audit flag ( )

	`LocalForward` keyword, `ssh_config` file ( )

	lock files
		how the allocate mechanism works ( )
		setting up ( )

	log files
		ASET execution log ( ) ( )
		monitoring `su` command ( )

	logging in
		displaying user's login status ( ) ( )
		`root` login
			account ( )
			restricting to console ( )
			tracking ( )
		security
			access restrictions ( ) ( )
			saving failed attempts ( )
			system access control ( )
			system device access control ( )
			tracking `root` login ( )
		system logins ( )

	`.login` file, path variable entry ( )

	`login` file, restricting `root` access to console ( )

	`login_logout` audit class ( )

	`login` service name, PAM ( )

	`logindevperm` file, description ( )

	`LoginGraceTime` keyword, `sshd_config` file ( )

	`loginlog` file, saving failed login attempts ( )

	`logins` command
		displaying user's login status ( ) ( )
		displaying users with no passwords ( )
		syntax ( ) ( )

	`LogLevel` keyword
		`ssh_config` file ( )
		`sshd_config` file ( )

	low ASET security level ( )

	`ls` subcommand, `sftp` command ( )


M

	machine security
		See system security

	mail, using with Secure Shell ( )

	`makedbm` command, description ( )

	managing
		passwords with SEAM ( )
		RBAC information ( )

	managing devices ( )

	mapping
		hostnames onto realms (SEAM) ( )
		UIDs to Kerberos principals ( )

	mappings, events to classes (auditing) ( )

	mask, process preselection
		description ( )
		machine-wide ( )

	mask ACL entries
		default entries for directories ( )
		description ( )
		setting ( )

	master files
		ASET ( ) ( ) ( )

	master KDC
		configuring ( )
		definition ( )
		slave KDCs and ( ) ( )
		swapping with slave KDC ( )

	`max_life` value, description ( )

	`max_renewable_life` value, description ( )

	`MaxStartups` keyword, `sshd_config` file ( )

	`MD5` encryption algorithm, `policy.conf` file ( )

	medium ASET security level ( )

	`minfree:` line in `audit_control` file
		`audit_warn` condition ( ) ( )
		description ( )

	minus (-) audit flag prefix ( )

	minus sign (-), file permissions symbol ( )

	`mkdir` subcommand, `sftp` command ( )

	modifying
		policies (SEAM) ( )
		principal (SEAM) ( )
		principal's password ( )
		roles (RBAC) ( )
		users (RBAC) ( )

	module types, PAM ( )

	modules
		PAM ( )
		password encryption ( )

	monitoring
		audit trail in real time ( )
		`su` command use ( ) ( )
		system usage ( )

	mounting, NFS file systems ( )

	mounting audit directories ( )

	`mt` command, BSM device cleanup and ( )


N

	`-n` option, `audit` command ( )

	`na` audit flag ( )

	`naflags:` line in `audit_control` file ( )

	name service scope, description ( )

	names
		audit classes ( )
		audit files
			closed files ( )
			form ( )
			still-active files ( )
			time stamps ( )
			use ( )
		audit flags ( )
		audit IDs ( )
		device names
			device_allocate file ( )
			device_maps file ( )
		IDs
			audit ( )
			audit session ( )
			terminal ( )
		kernel events ( )
		user-level events ( )

	naming convention, Secure Shell identity file ( )

	`ncsd` command, description ( )

	`network` audit class ( )

	network security
		authentication ( ) ( )
		authorization ( ) ( )
		firewall systems ( )
			need for ( )
			packet smashing ( )
			trusted host ( )
		issues ( )
		overview ( )
		reporting problems ( )
		restricting `root` access ( )

	Network Time Protocol
		See NTP

	never-audit flags ( )
		description ( )

	`newgroups` token
		format ( )
		`group` policy ( )

	`newkey` command
		creating keys for an NIS user ( )
		generating keys ( )

	NFS, mounting systems ( )

	NFS servers
		ASET and ( )
		configuring for SEAM ( )

	NFS system ( )

	NIS
		passwords ( ) ( )

	NIS+
		ASET checks ( )
		authentication ( )
		authorization ( )
		cred database ( )
		passwords ( ) ( )
		`publickey` database ( )

	`nisaddcred` command ( )
		generating keys ( )

	`no` audit flag ( )

	`no_class` audit class ( )

	`nobody` user ( )

	`noexec_user_stack_log` variable ( )

	`noexec_user_stack` variable ( )

	`nologin` file, description ( )

	`non_attrib` audit class ( )

	non-hierarchical realms, in SEAM ( )

	nonattributable flags in `audit_control` file ( )

	not_terminated files, cleaning ( )

	`nt` audit flag ( )

	NTP ( ) ( )
		SEAM and ( )

	`null` audit class ( )

	`NumberOfPasswordPrompts` keyword, `ssh_config` file ( )


O

	O option, `auditreduce` command ( )

	object-reuse requirement ( )
		device-clean scripts
			audio devices ( )
			CD-ROM drives ( ) ( )
			described ( )
			diskette drives ( ) ( )
			tape drives ( ) ( )
			writing new scripts ( )
		in BSM ( )

	obtaining
		access to a specific service ( )
		credential for a server ( )
		credential for a TGS ( )
		forwardable tickets ( )
		tickets with `kinit` ( )

	online help
		context-sensitive ( )
		Help Contents ( )
		SEAM Administration Tool ( )
		URL for ( )

	`opaque` token, format ( )

	Operator rights profile
		description ( ) ( ) ( )

	Operator role, description ( )

	`option` control flag, PAM ( )

	`ot` audit flag ( )

	other ACL entries
		default entries for directories ( )
		description ( )
		setting ( )

	`other` audit class ( )

	overflow prevention, audit trail ( )

	`ovsec_adm.`xxxxx file, description ( )

	ownership of files
		ACLs and ( ) ( )
		changing ( ) ( )
		changing group ownership ( )


P

	`-p` option, `bsmrecord` command ( )

	packet transfers
		firewall security ( )
		packet smashing ( )

	PAM
		add a module ( )
		configuration file ( ) ( ) ( )
		control flags ( )
		`/etc/syslog.conf` file ( )
		module types ( )
		modules ( )
		overview ( )
		password mapping ( )
		planning ( )
		SEAM and ( ) ( ) ( )
		service names ( )
		`try_first_pass` ( )

	`pam_*.so.1` files, description ( )

	`pam.conf` file
		description ( )
		SEAM and ( )

	`pam_roles` command, description ( )

	panels, table of SEAM Administration Tool ( )

	passphrase, example ( )

	`passwd` command
		and `kpasswd` command ( )
		`try_first_pass` ( )

	`passwd` file
		ASET checks ( )
		`/etc/d_passwd` file and ( )

	`passwd` service name, PAM ( )

	password mapping, in PAM ( )

	`PasswordAuthentication` keyword, `sshd_config` file ( )

	passwords
		and policies ( )
		capturing encrypted passwords ( )
		changing with `kpasswd` command ( )
		changing with `passwd` command ( )
		dial-up passwords
			disabling dial-up logins temporarily ( )
			`/etc/d_passwd` file ( )
		displaying users with no passwords ( )
		eliminating in Secure Shell use ( ) ( )
		encryption algorithms ( )
		LDAP ( ) ( )
		local ( )
		login security ( ) ( ) ( )
		management ( )
		modifying a principal's password ( )
		NIS ( ) ( )
		NIS+ ( ) ( )
		PROM security mode ( ) ( )
		secret-key decryption ( )
		Secure Shell ( )
		specifying encryption algorithm ( )
		suggestions on choosing ( )
		system logins ( ) ( )
		UNIX and Kerberos ( )

	`path` audit policy, description ( )

	`PATH` system variable ( )

	`path` token ( )

	path variable, setting ( )

	`pc` audit flag ( )

	`PERIODIC_SCHEDULE` variable (ASET)
		scheduling ASET ( ) ( ) ( ) ( )

	permissions
		ACLs and ( ) ( )
		ASET handling of ( ) ( )
		changing file permissions
			absolute mode ( ) ( )
			`chmod` command ( )
			symbolic mode ( ) ( ) ( ) ( )
		defaults ( )
		directory permissions ( )
		file permissions
			absolute mode ( ) ( )
			changing ( ) ( )
			description ( )
			special permissions ( ) ( ) ( )
			symbolic mode ( ) ( ) ( ) ( )
		`setgid` permissions
			absolute mode ( ) ( )
			description ( ) ( )
			symbolic mode ( )
		`setuid` permissions
			absolute mode ( ) ( )
			description ( )
			finding files with permissions set ( ) ( )
			security risks ( )
			symbolic mode ( )
		special file permissions ( ) ( ) ( )
		sticky bit ( )
		tune files (ASET) ( ) ( ) ( ) ( )
		`umask` settings ( )
		user classes and ( )

	`PermitEmptyPasswords` keyword, `sshd_config` file ( )

	`PermitRootLogin` keyword, `sshd_config` file ( )

	`pfcsh` command, description ( )

	`pfexec` command, description ( )

	`pfksh` command, description ( )

	`pfsh` command, description ( )

	physical security ( )

	planning
		PAM ( )
		RBAC ( )
		SEAM
			client and service principal names ( )
			clock synchronization ( )
			configuration decisions ( )
			database propagation ( )
			number of realms ( )
			ports ( )
			realm hierarchy ( )
			realm names ( )
			realms ( )
			slave KDCs ( )

	pluggable authentication module
		See PAM

	plus (+) audit flag prefix ( )

	plus sign (+), file permissions symbol ( )

	`pm` audit flag ( )

	policies
		administering ( ) ( )
		and passwords ( )
		creating (SEAM ( )
		creating new (SEAM) ( )
		deleting ( )
		modifying ( )
		SEAM Administration Tool panels for ( )
		specifying password algorithm ( )
		task map for administering ( )
		viewing attributes ( )
		viewing list of ( )

	`policy.conf` database
		Basic Solaris User rights profile ( )
		description ( ) ( )
		RBAC relationships ( )

	port
		for KDC and admin services ( )
		KDC administration daemon ( )

	port forwarding
		configuring `ssh_config` ( )
		Secure Shell ( ) ( ) ( )

	`Port` keyword, `sshd_config` file ( )

	postdatable ticket, definition ( )

	postdated ticket, description ( )

	postsigterm string, `audit_warn` script ( )

	pound sign (#)
		`device_allocate` file ( )
		`device_maps` file ( )

	`ppp` service name, PAM ( )

	`praudit` command
		converting audit records to readable format ( ) ( )
		DTD for `-x` option ( )
		output formats ( ) ( )
		piping `auditreduce` output to ( )
		using ( ) ( )

	prefixes in audit flags ( )

	preselection mask
		description ( )
		machine-wide ( )

	preselection mask (auditing), reducing storage costs ( )

	primary, in principals names ( )

	Primary Administrator
		rights profile ( ) ( ) ( )
		role ( )

	primary audit directory ( )

	principal
		adding administration ( )
		adding service principal to keytab ( ) ( )
		administering ( ) ( )
		automating creation of ( )
		creating host ( )
		creating root ( ) ( )
		deleting ( )
		duplicating ( )
		in SEAM ( )
		modifying ( )
		principal name ( )
		removing from keytab file ( )
		removing service principal from keytab ( )
		root ( )
		SEAM Administration Tool panels for ( )
		service principal ( )
		setting up defaults ( )
		task map for administering ( )
		user ID comparison ( )
		user principal ( )
		viewing attributes ( )
		viewing list of ( )
		viewing sublist of principals ( )

	`principal.db` file, description ( )

	`principal.kadm5` file, description ( )

	`principal.kadm5.lock` file, description ( )

	`principal.ok` file, description ( )

	principals, creating ( )

	print format field, `arbitrary` token ( )

	Printer Management rights profile
		description ( ) ( )

	printing, audit log ( )

	privacy
		SEAM and ( )
		security service ( )

	private key ( )
		definition in SEAM ( )
		description ( )
		naming convention ( )

	privilege ( )
		effects on SEAM Administration Tool ( )

	privileged application
		authorization checking ( )
		description ( )
		ID checking ( )

	process audit characteristics
		audit ID ( )
		audit session ID ( )
		process preselection mask ( )
		terminal ID ( )

	`process` audit class ( )

	`process modify` audit class ( )

	process preselection mask, description ( )

	`process start` audit class ( )

	`process` token, format ( )

	processing time costs, auditing and ( )

	`prof_attr` database
		description ( ) ( )
		RBAC relationships ( )

	profile
		See rights profile

	`.profile` file, path variable entry ( )

	profile shell, description ( )

	`profiles` command, description ( )

	program, testing for authorizations ( )

	`projects` module, description ( )

	PROM security mode ( )

	propagation
		KDC database ( )
		Kerberos database ( )

	propagation file, adding entries to ( )

	`Protocol` keyword, `sshd_config` file ( )

	proxiable ticket, definition ( )

	proxy ticket, definition ( )

	`ProxyCommand` keyword, `ssh_config` file ( )

	`ps` audit flag ( )

	pseudo-tty, use in Secure Shell ( )

	`public` audit policy
		description ( )
		read-only events ( )

	public directories ( )

	public key
		description ( )
		DH authentication and ( )
		known hosts file ( )
		naming convention ( )
		Secure Shell ( )

	public-key cryptography
		AUTH_DH client-server session ( ) ( )
		changing public and secret keys ( )
		common key
			calculation ( )
		database of public keys ( )
		generating keys
			conversation key ( )
			public and secret keys ( )
		secret key
			changing ( )
			database ( )
			decrypting ( )
			generating ( )

	public objects, auditing ( )

	publickey map, DH authentication and ( )

	`put` subcommand
		`sftp` command ( ) ( )


Q

	question mark (?) wildcard character, in ASET tune files ( )

	`quit` subcommand, `sftp` command ( )


R

	`-R` option
		`ssh` command ( ) ( )

	`-r` praudit output format ( )

	raw praudit output format ( )

	RBAC
		administration commands ( )
		audit profiles ( )
		authorization database ( )
		basic concept ( )
		database relationships ( )
		elements ( )
		name services ( )
		rights profile database ( )
		tasks ( )
			adding custom roles ( )
			adding first role ( )
			adding first user ( )
			adding rights profile example ( )
			adding roles ( )
			adding roles from command line ( )
			changing rights profiles from command line ( )
			changing roles from command line ( )
			changing user properties from command line ( )
			checking scripts or programs for authorizations ( )
			configuration ( )
			editing rights profiles ( )
			information management task map ( )
			modifying roles ( )
			modifying users ( )
			planning ( )
			running the user tools ( )
			securing legacy applications ( )
			securing scripts ( )
			setting IDs on commands ( )
			using privileged applications ( )

	`rc` file, description ( )

	`rcp` command, authentication ( )

	read into keytab buffer with `read_kt` command ( )

	read into keytab with `read_kt` command ( )

	`read_kt` command ( ) ( )

	read permissions, symbolic mode ( )

	readable audit record format
		converting audit records to ( ) ( ) ( ) ( )

	reallocating devices ( )

	realms
		and servers ( )
		configuration decisions ( )
		configuring cross-realm authentication ( )
		contents of ( )
		direct ( )
		hierarchical ( )
		hierarchical or non-hierarchical ( )
		hierarchy ( )
		in principal names ( )
		in principals names ( )
		mapping hostnames onto ( )
		names ( )
		number of ( )

	reducing
		audit files ( )
		storage-space requirements for audit files ( )

	reducing audit files
		`auditreduce` command ( ) ( )

	remote logins
		authentication ( )
		authorization ( )
		security and ( )

	remote systems
		logging in
			authentication ( )
			authorization ( )

	removing
		principals with `ktremove` command ( )
		service principal from keytab file ( )

	renewable ticket, definition ( )

	replayed transactions ( )

	reports
		ASET ( ) ( ) ( ) ( )

	reports directory (ASET) ( )

	`required` control flag, PAM ( )

	`requisite` control flag, PAM ( )

	restoring, ASET ( )

	restricted shell `(rsh`) ( )

	restricting access for KDC servers ( )

	`return` token, format ( )

	`rewoffl` option
		`mt` command
			BSM device cleanup and ( )

	`rexd` service name, PAM ( )

	`.rhosts` file
		description ( )
		role in authentication ( )

	`rhosts` module, description ( )

	`RhostsAuthentication` keyword, `sshd_config` file ( )

	`RhostsRSAAuthentication` keyword, `sshd_config` file ( )

	right
		See rights profile

	rights profile
		See also individual profiles
		Audit Control ( )
		Audit Review ( )
		changing rights profiles from command line ( )
		creation example ( )
		database
			See `prof_attr` database and `exec_attr` database
		description ( ) ( )
		editing ( )
		major rights profiles description ( )

	Rights tool, description ( )

	`rlogin` command, authentication ( )

	`rlogin` service name, PAM ( )

	role
		adding custom roles ( )
		adding first role ( ) ( )
		adding roles ( )
		adding roles from command line ( )
		assuming ( )
		assumption example ( )
		changing roles from command line ( )
		description ( ) ( )
		making `root` a role ( )
		modifying roles ( )
		properties
			summarized ( )
		recommended role rights profiles ( )
		recommended roles ( )
		use in RBAC ( )

	role-based access control
		See RBAC

	Role Properties dialog box, description ( )

	`roleadd` command, description ( )

	`roledel` command, description ( )

	`rolemod` command, description ( )

	`roles` command, description ( )

	`roles` module, description ( )

	`root`
		adding principal to host's keytab ( )
		authentication for NFS ( )
		eliminating root in RBAC ( )

	`root` access
		displaying attempts on console ( )
		monitoring `su` command use ( ) ( )
		restricting ( ) ( )

	`root` login
		account
			description ( )
		restricting to console ( )
		tracking ( )

	`root` principal
		creating ( ) ( )

	`root` role, creating ( )

	RPCSEC_GSS API, SEAM and ( )

	`RSAAuthentication` keyword, `sshd_config` file ( )

	`rsh` command (restricted shell) ( )

	`rsh` service name, PAM ( )

	running the User tool, task description ( )


S

	`-s` option
		`audit` command ( )
		`praudit` command ( )

	`-S` option of `st_clean` script ( )

	`sac` service name, PAM ( )

	`sample` module, description ( )

	saving, failed login attempts ( )

	scheduling ASET execution (`PERIODIC_SCHEDULE`) ( ) ( ) ( ) ( )

	scope, description ( )

	`scp` command
		authentication steps ( )
		description ( )
		using ( )

	script
		securing ( )
		testing for authorizations ( )

	SCSI devices, `st_clean` script ( )

	SEAM
		administering ( )
		Administration Tool ( )
		and Kerberos V5 ( ) ( )
		commands ( )
		components of ( )
		configuration decisions ( )
		configuring KDC servers ( )
		daemons ( )
		files ( )
		gaining access to server ( )
		online help ( )
		overview ( )
		overview of authentication ( )
		password management ( )
		planning for ( )
		reference ( )
		remote applications ( )
		terminology ( )
		using ( )

	SEAM Administration Tool ( )
		and limited administration privileges ( )
		and list privileges ( )
		and X Window system ( )
		command-line equivalents ( )
		context-sensitive help ( )
		creating a new principal ( )
		creating new policy ( ) ( )
		default values ( )
		deleting a principal ( )
		deleting policies ( )
		displaying sublist of principals ( )
		duplicating a principal ( )
		files modified by ( )
		Filter Pattern field ( )
		`gkadmin` command ( )
		`gkadmin` command vs. `kadmin` ( ) ( )
		`.gkadmin` file ( )
		help (print) ( )
		Help button ( )
		Help Contents ( )
		how affected by privileges ( )
		`kadmin` command vs. `gkadmin` ( ) ( )
		login window ( )
		modifying a principal ( )
		modifying policies ( )
		online help ( )
		panel descriptions ( )
		privileges ( )
		setting up principal defaults ( )
		starting ( )
		table of panels ( )
		viewing a principal's attributes ( )
		viewing list of policies ( )
		viewing list of principals ( )
		viewing policy attributes ( )
		vs. `kadmin` command ( )

	searching
		files with `setuid` permissions ( ) ( )

	secondary audit directory ( )

	secret key
		changing ( )
		database ( )
		decrypting ( )
		generating ( )

	secure access ( )

	secure NIS+, adding a user ( )

	Secure RPC ( )
		implementation of ( )

	Secure RPC authentication ( )

	Secure Shell
		administering ( )
		authentication ( )
		authentication steps ( )
		configuring ( )
		configuring clients ( )
		connecting outside firewall
			from command line ( )
			from configuration file ( )
		copying files ( )
		creating keys ( )
		description ( )
		forwarding mail ( )
		important files ( )
		local port forwarding ( ) ( )
		logging in ( )
		naming identity files ( )
		no UDP ( )
		port forwarding ( )
		protocol versions ( )
		public key ( )
		remote port forwarding ( )
		TCP, and ( )
		transferring files ( )
		typical session ( )
		user task map ( )
		using without password ( )

	securing
		against denial of service ( )
		against Trojan horse ( )
		hardware ( )
		PROM ( )
		system
			task map ( )

	securing legacy applications, description ( )

	securing scripts, description ( )

	security
		auditing and ( )
		DH authentication
			AUTH_DH client-server session ( ) ( )
		KERB authentication ( )
		password encryption ( )

	security commands
		`eeprom` command ( ) ( )

	security mode, setting up environment with multiple ( )

	security service
		in SEAM ( )
		integrity ( )
		privacy ( )

	`seq` audit policy
		description ( )
		`seq` token and ( )

	`seq` policy, `seq` token and ( )

	`seq` token
		format ( )
		`seq` policy and ( )

	server authentication parameters, `sshd_config` file ( )

	`ServerKeyBits` keyword, `sshd_config` file ( )

	servers
		and realms ( )
		AUTH_DH client-server session ( ) ( )
		configuring for Secure Shell ( )
		definition in SEAM ( )
		gaining access with SEAM ( )
		obtaining credential for ( )

	service
		definition in SEAM ( )
		disabling on a host ( )
		obtaining access for specific service ( )

	service key ( )
		definition in SEAM ( )

	service names, PAM ( )

	service principal
		adding to keytab file ( ) ( )
		description ( )
		planning for names ( )
		removing from keytab file ( )

	session ID ( )

	session key
		definition in SEAM ( )
		SEAM authentication and ( )

	`setenv` command
		ASET security level specification ( )
		ASET working directory specification ( )

	`setfacl` command
		adding ACL entries ( )
		deleting ACL entries ( )
		description ( )
		examples ( )
		modifying ACL entries ( )
		setting ACL entries ( )
		syntax ( )

	`setgid` permissions
		absolute mode ( ) ( )
		description ( ) ( )
		symbolic mode ( )

	setting IDs on commands
		description ( )
		task description ( )

	setting up principal defaults ( )

	`setuid` permissions
		absolute mode ( ) ( )
		description ( )
		finding files with permissions set ( ) ( )
		security risks ( ) ( )
		symbolic mode ( )

	`sftp` command
		authentication steps ( )
		description ( )
		using ( )

	`sh` command ( )
		privileged version ( )

	`share` command, restricting `root` access ( )

	sharing files (network security) ( )

	shell, privileged versions ( )

	shell commands, `/etc/d_passwd` file entries ( )

	shell programs
		ASET security level specification ( )
		ASET working directory specification ( )

	short praudit output format ( )

	`shosts.equiv` file, description ( )

	`.shosts` file, description ( )

	signal received during auditing shutdown ( )

	single-sign-on system, SEAM and ( )

	size
		reducing audit files ( )
			`auditreduce` command ( )
			auditreduce command ( )
		reducing storage-space requirements for audit files ( )

	`slave_datatrans` file ( )
		description ( )

	slave KDCs
		adding names to cron job ( )
		configuring ( )
		definition ( )
		master KDC and ( )
		or master ( )
		planning for ( )
		swapping with master KDC ( )

	smartcard documentation ( )

	`smartcard` module, description ( )

	`smattrpop` command, description ( )

	SMC
		See Solaris Management Console

	`smexec` command, description ( )

	`smmultiuser` command, description ( )

	`smprofile` command, description ( )

	`smrole` command, description ( )

	`smuser` command, description ( )

	`socket` token ( )

	soft limit
		`audit_warn` condition ( )
		`minfree:` line description ( )

	soft string with `audit_warn` script ( )

	Solaris Management Console
		role assumption ( )
		running the user tools ( )

	`sr_clean` script, description ( )

	`ss` audit flag ( )

	`ssh-add` command
		description ( )
		example ( ) ( )

	`ssh-agent` command
		description ( )
		from command line ( )
		in scripts ( )

	`ssh` command
		authentication steps ( )
		description ( )
		`-L` option ( )
		`-o` option ( )
		permitting access ( )
		port forwarding ( )
		`-R` option ( )
		using ( )

	`ssh_config` file
		client authentication parameters ( )
		configuring Secure Shell ( )
		connection parameters ( )
		host-specific parameters ( )
		keywords
			See specific keyword
		known host file parameters ( )

	`ssh_host_key` file, description ( )

	`ssh_host_key.pub` file, description ( )

	`ssh-keygen` command
		description ( )
		using ( )

	`ssh_known_hosts` file
		configuring Secure Shell ( )
		description ( )

	`ssh` service name, PAM ( )

	`sshd` command
		configuring for forwarding ( )
		description ( )
		session controls ( )

	`sshd_config` file
		description ( )
		forwarding parameters ( )
		ports parameters ( )
		server connection parameters ( )
		session control parameters ( )

	`sshd.pid` file, description ( )

	`sshrc` file, description ( )

	`st_clean` script, description ( )

	`st_clean` script for tape drives ( )

	standard cleanup ( )

	starting
		ASET
			initiating sessions from shell ( )
			running interactively ( )
		KDC daemon ( )

	stash file
		creating ( )
		definition ( )

	sticky bit permissions
		absolute mode ( ) ( )
		description ( )
		symbolic mode ( )

	stopping, dial-up logins temporarily ( )

	storage, audit records and ( )

	storage costs, auditing and ( )

	storage overflow prevention, audit trail ( )

	`StrictHostKeyChecking` keyword, `ssh_config` file ( )

	`StrictModes` keyword, `sshd_config` file ( )

	`su` command
		displaying use on console ( )
		in role assumption ( )
		monitoring use ( )

	`su` file, monitoring `su` command ( )

	`su` service name, PAM ( )

	`subject` token, format ( )

	`Subsystem` keyword, `sshd_config` file ( )

	success
		audit flag prefix ( ) ( )
		turning off audit flags for ( )

	`sufficient` control flag, PAM ( )

	`sulog` file ( )

	superuser
		eliminating superuser in RBAC ( )
		model versus RBAC ( )

	`suser`, security policy ( )

	swapping master and slave KDCs ( )

	symbolic links
		file permissions ( )
		latest directory (ASET) ( )

	symbolic mode
		changing file permissions ( ) ( ) ( )
		description ( )

	synchronizing clocks ( ) ( ) ( )

	`sysconf.rpt` file
		description ( ) ( )

	`SyslogFacility` keyword, `sshd_config` file ( )

	System Administrator
		rights profile ( ) ( ) ( ) ( )
		role ( )

	system calls
		`arg` token ( )
		`auditsvc()` fails ( )
		close ( )
		event numbers ( )
		`exec_args` token ( )
		`exec_env` token ( )
		ioctl ( ) ( )
		`return` token ( )

	system security
		dial-up login restrictions ( )
		dial-up passwords
			disabling dial-up logins temporarily ( )
			`/etc/d_passwd` file ( )
		displaying
			user's login status ( ) ( )
			users with no passwords ( )
		firewall systems ( )
		hardware protection ( ) ( )
		introduction ( )
		login access restrictions ( ) ( )
		machine access ( )
		overview ( )
		password encryption ( )
		passwords ( )
		restricted shell ( ) ( )
		restricting `root` login to console ( )
		role-based access control ( )
		`root` access restrictions ( ) ( )
		saving failed login attempts ( )
		special logins ( )
		`su` command monitoring ( ) ( )

	`system state` audit class ( )

	System V IPC
		ipc audit class ( )
		`ipc_perm` token ( )
		`ipc` token ( ) ( )

	`system-wide administration` audit class ( )

	systems
		security
			ACL ( )


T

	tables, `gsscred` ( )

	`tail` command, auditing and ( )

	tape drives
		device-clean scripts ( )
		st_clean script ( )

	task map
		administering policies ( )
		administering principals ( )
		Secure Shell ( )

	`TASKS` variable (ASET)
		configuring ASET ( ) ( )

	`taskstat` command (ASET) ( ) ( )

	TCP, Secure Shell, and ( )

	TCP address ( )

	TCP/IP
		specifying in `sshd_config` ( )
		use in Secure Shell ( )

	`telnet` service name, PAM ( )

	temporary file cannot be used ( )

	terminal ID ( )

	terminating, signal received during auditing shutdown ( )

	terminology
		authentication-specific ( )
		Kerberos-specific ( )
		SEAM ( )

	`text` token ( )

	TGS, getting credential for ( )

	TGT, in SEAM ( )

	ticket file
		See credential cache

	ticket-granting service
		See TGS

	Ticket-Granting Ticket
		See TGT

	tickets
		creating ( )
		creating with kinit ( )
		definition ( )
		description ( )
		destroying ( )
		file
			See credential cache
		forwardable ( ) ( ) ( )
		initial ( )
		invalid ( )
		`klist` command ( )
		lifetime ( )
		maximum renewable lifetime ( )
		obtaining ( )
		or credentials ( )
		postdatable ( )
		postdated ( )
		proxiable ( )
		proxy ( )
		renewable ( )
		types of ( )
		viewing ( )
		warning about expiration ( )

	time stamps in audit files ( )

	`/tmp/krb5cc_`uid file, description ( )

	`/tmp/ovsec_adm.`xxxxx file, description ( )

	tmpfile string, `audit_warn` script ( )

	tmpfs file system ( )

	`trail` audit policy
		description ( )
		`trailer` token and ( )

	`trailer` token
		description ( )
		format ( )
		order in audit record ( )
		`praudit` display ( )

	transferring files, using Secure Shell ( )

	transparency, definition in SEAM ( )

	Trojan horse ( )

	trusted host ( )

	`try_first_pass` ( )

	`ttymon` service name, PAM ( )

	tune files (ASET)
		description ( ) ( )
		example files ( )
		format ( )
		modifying ( ) ( )
		rules ( )

	`tune.rpt` file
		description ( ) ( )

	types of tickets ( )


U

	`-U` option
		`allocate` command ( )
		`list_devices` command ( )

	`ua` audit flag ( )

	UDP, Secure Shell, and ( )

	UDP address ( )

	`uid_aliases` file
		description ( )
		specifying ( )

	`UID_ALIASES` variable (ASET)
		aliases file specification ( ) ( )
		description ( )

	`umask` setting ( )

	`unix_account` module, description ( )

	`unix_auth` module, description ( )

	`unix` module, description ( )

	`unix_session` module, description ( )

	URL for online help ( )

	`UseLogin` keyword, `sshd_config` file ( )

	user
		adding first user ( )
		assigning RBAC defaults ( )
		changing user properties from command line ( )
		database
			See `user_attr` database
		modifying properties ( )

	user accounts
		ASET check ( )
		displaying login status ( ) ( )

	User Accounts tool, description ( )

	user ACL entries
		default entries for directories ( )
		description ( )
		setting ( )

	`user administration` audit class ( )

	`user_attr` database
		description ( ) ( )
		RBAC relationships ( )

	user audit fields ( ) ( )

	user classes of files ( )

	user ID
		audit ID and ( )
		in NFS services ( )

	user ID (audit ID) ( )

	`User` keyword, `ssh_config` file ( )

	user-level events, auditing and ( )

	user principal, description ( )

	`useradd` command, description ( )

	`userdel` command, description ( )

	`UserKnownHostsFile` keyword, `ssh_config` file ( )

	`usermod` command, description ( )

	`UseRsh`, `ssh_config` file ( )

	using privileged applications, task description ( )

	`/usr/aset/asetenv` file ( )
		modifying ( )
		running ASET periodically ( )

	`/usr/aset` directory ( )

	`/usr/aset/masters/tune` files ( )
		example files ( )
		format ( )
		modifying ( ) ( )
		rules ( )

	`/usr/aset/masters/uid_aliases` file ( )

	`/usr/aset/reports` directory
		structure ( ) ( )

	`/usr/aset/reports/latest` directory ( )

	`/usr/lib/krb5/kadmind` daemon, SEAM and ( )

	`/usr/lib/krb5/kprop` command, description ( )

	`/usr/lib/krb5/kpropd` daemon, SEAM and ( )

	`/usr/lib/krb5/krb5kdc` daemon, SEAM and ( )

	`/usr/sbin/gkadmin` command, description ( )

	`/usr/sbin/kadmin` command, description ( )

	`/usr/sbin/kadmin.local` command, description ( )

	`/usr/sbin/kdb5_util` command, description ( )

	`/usr/share/lib/xml` directory ( )

	`usrgrp.rpt` file
		description ( ) ( )
		example ( )

	`uucico` command, login program ( )

	`uucp` service name, PAM ( )


V

	v1 protocol, Secure Shell ( )

	v2 protocol, Secure Shell ( )

	`/var/adm/loginlog` file, saving failed login attempts ( )

	`/var/krb5/.k5.`REALM file, description ( )

	`/var/krb5/kadmin.log` file, description ( )

	`/var/krb5/kdc.log` file, description ( )

	`/var/krb5/principal.db` file, description ( )

	`/var/krb5/principal.kadm5` file, description ( )

	`/var/krb5/principal.kadm5.lock` file, description ( )

	`/var/krb5/principal.ok` file, description ( )

	`/var/krb5/slave_datatrans` file, description ( )

	`/var/run/sshd.pid` file, description ( )

	variables
		ASET environment variables
			`ASETDIR` ( )
			`ASETSECLEVEL` ( )
			`CKLISTPATH_level` ( ) ( ) ( )
			`PERIODIC_SCHEDULE` ( ) ( ) ( ) ( )
			summary table ( )
			`TASKS` ( ) ( )
			`UID_ALIASES` ( ) ( ) ( )
			`YPCHECK` ( ) ( )

	verifiers
		description ( )
		returned to client ( )
		window ( )

	viewing
		keylist buffer with `list` command ( ) ( )
		list of policies ( )
		list of principals ( )
		policy attributes ( )
		principal's attributes ( )
		tickets ( )

	viruses
		denial of service attack ( )
		Trojan horse ( )

	`vnode` token, format ( )


W

	`warn.conf` file, description ( )

	warning about ticket expiration ( )

	wildcard characters, in ASET tune files ( )

	window verifier ( )

	write permissions, symbolic mode ( )

	writing new device-clean scripts ( )


X

	X11, use in Secure Shell ( )

	X11 forwarding, configuring `ssh_config` ( )

	`-x` option, `praudit` command ( )

	X Window system, and SEAM Administration Tool ( )

	`xauth` command, X11 forwarding ( )

	`XAuthLocation` keyword
		Secure Shell port forwarding ( )
		`sshd_config` file ( )

	Xylogics tape drive clean script ( )


Y

	`YPCHECK` variable (ASET)
		specifying system configuration file tables ( ) ( )