- System Administration Guide: Security Services

pam_roles command, description,

PAMServiceName keyword, sshd_config file,

PAMServicePrefix keyword, sshd_config file,

SEAM Tool Panel Descriptions

panels, table of SEAM Tool,

passphrases

changing for Solaris Secure Shell,

How to Change the Passphrase for a Solaris Secure Shell Private Key

encrypt command,

How to Encrypt and Decrypt a File

example,

How to Log In to a Remote Host With Solaris Secure Shell

generating in KMF,

How to Generate a Passphrase by Using the pktool setpin Command

mac command,

How to Compute a MAC of a File

storing safely,

How to Encrypt and Decrypt a File

using for MAC,

How to Compute a MAC of a File

using in Solaris Secure Shell

How to Generate a Public/Private Key Pair for Use With Solaris Secure Shell

How to Reduce Password Prompts in Solaris Secure Shell

PASSREQ in Solaris Secure Shell,

Solaris Secure Shell and Login Environment Variables

passwd command

and kpasswd command,

and naming services,

How to Change the Password of a Role

changing password of role,

passwd file, and /etc/d_passwd file,

Dial-Up Logins

password authentication, Solaris Secure Shell,

Solaris Secure Shell Authentication

PasswordAuthentication keyword, Solaris Secure Shell,

Solaris Secure Shell Authentication

passwords

authentication in Solaris Secure Shell,

changing role password,

How to Change the Password of a Role

changing with kpasswd command,

changing with passwd -r command,

changing with passwd command,

How to Create a Dial-Up Password

creating for dial-up,

dial-up passwords

disabling temporarily,

How to Temporarily Disable Dial-Up Logins

/etc/d_passwd file,

Dial-Up Logins

disabling dial-up temporarily,

How to Temporarily Disable Dial-Up Logins

displaying users with no passwords,

How to Display Users Without Passwords

eliminating in Solaris Secure Shell,

How to Reduce Password Prompts in Solaris Secure Shell

encryption algorithms,

Password Encryption

finding users with no passwords,

How to Display Users Without Passwords

granting access without revealing,

Granting Access to Your Account

hardware access and,

LDAP,

How to Specify a New Password Algorithm for an LDAP Domain

specifying new password algorithm,

local,

Maintaining Login Control

Kerberos Password Management

managing,

modifying a principal's password,

How to Modify a Kerberos Principal

NIS,

How to Specify a New Password Algorithm for an NIS Domain

specifying new password algorithm,

policies and,

Maintaining Physical Security

PROM security mode

Controlling Access to System Hardware

protecting

keystore,

How to Export a Certificate and Private Key in PKCS #12 Format

PKCS #12 file,

How to Export a Certificate and Private Key in PKCS #12 Format

requiring for hardware access,

secret-key decryption for Secure RPC,

How to Specify an Algorithm for Password Encryption

specifying algorithm,

in naming services,

How to Specify a New Password Algorithm for an NIS Domain

locally,

Changing the Password Algorithm (Task Map)

suggestions on choosing,

Advice on Choosing a Password

system logins

Securing Logins and Passwords (Task Map)

Special System Logins

task map,

UNIX and Kerberos,

Kerberos Password Management

using Blowfish encryption algorithm for,

How to Specify an Algorithm for Password Encryption

using MD5 encryption algorithm for,

How to Specify an Algorithm for Password Encryption

using new algorithm,

How to Specify an Algorithm for Password Encryption

using user's to assume role,

How to Enable a User to Use Own Password to Assume a Role

path_attr audit token,

path_attr Token

path audit policy, description,

Setting the PATH Variable

path audit token, format,

path Token

PATH environment variable

and security,

setting,

Setting the PATH Variable

PATH in Solaris Secure Shell,

Solaris Secure Shell and Login Environment Variables

permanent audit policy, configured audit policy,

How to Change Audit Policy

permissions

ACLs and,

Using Access Control Lists

changing file permissions

absolute mode

How to Change File Permissions in Absolute Mode

chmod command,

Commands for Viewing and Securing Files

symbolic mode

How to Change File Permissions in Symbolic Mode

defaults,

Default umask Value

directory permissions,

UNIX File Permissions

file permissions

absolute mode

How to Change File Permissions in Absolute Mode

changing

How to Change File Permissions in Symbolic Mode

description,

UNIX File Permissions

special permissions

symbolic mode

How to Change File Permissions in Symbolic Mode

finding files with setuid permissions,

How to Find Files With Special File Permissions

setgid permissions

absolute mode

How to Change Special File Permissions in Absolute Mode

description,

setgid Permission

symbolic mode,

setuid permissions

absolute mode

How to Change Special File Permissions in Absolute Mode

description,

setuid Permission

security risks,

setuid Permission

symbolic mode,

Special File Permissions (setuid, setgid and Sticky Bit)

special file permissions

sticky bit,

Using Access Control Lists to Protect UFS Files

UFS ACLs and,

umask value,

Default umask Value

user classes and,

File and Directory Ownership

PermitEmptyPasswords keyword, sshd_config file,

PermitRootLogin keyword, sshd_config file,

permitted privilege set,

PermitUserEnvironment keyword, sshd_config file,

perzone audit policy

description,

How to Change Audit Policy

setting,

using

How to Plan Auditing in Zones

How to Configure Per-Zone Auditing

Auditing and Oracle Solaris Zones

when to use,

Auditing on a System With Zones

pfcsh command, description,

pfexec command, description,

pfksh command, description,

pfsh command, description,

Maintaining Physical Security

physical security, description,

PidFile keyword, Solaris Secure Shell,

How to Sign a Certificate Request by Using the pktool signcsr Command

PKCS #10 CSR

signing

using the pktool command,

PKCS #11 library

adding provider library,

Oracle Solaris Cryptographic Framework

in Oracle Solaris Cryptographic Framework,

PKCS #11 softtokens, managing keystore,

KMF Keystore Management

PKCS #12 files, protecting,

How to Export a Certificate and Private Key in PKCS #12 Format

pkcs11_kernel.so user-level provider,

How to List Available Providers

pkcs11_softtoken.so user-level provider,

How to List Available Providers

PKI

managed by KMF,

Managing Public Key Technologies

policy managed by KMF,

KMF Policy Management

pktool command

creating self-signed certificate,

How to Create a Certificate by Using the pktool gencert Command

export subcommand,

How to Export a Certificate and Private Key in PKCS #12 Format

gencert subcommand,

How to Create a Certificate by Using the pktool gencert Command

generating key pairs,

How to Generate a Key Pair by Using the pktool genkeypair Command

generating secret keys,

How to Generate a Symmetric Key by Using the pktool Command

import subcommand,

How to Import a Certificate Into Your Keystore

list subcommand,

How to Create a Certificate by Using the pktool gencert Command

managing PKI objects,

Managing Public Key Technologies

setpin subcommand,

How to Generate a Passphrase by Using the pktool setpin Command

signing PKCS #10 CSR,

How to Sign a Certificate Request by Using the pktool signcsr Command

plain.so.1 plug-in, SASL and,

SASL Plug-ins

planning

auditing,

Planning Oracle Solaris Auditing (Tasks)

auditing in zones,

How to Plan Auditing in Zones

auditing task map,

Planning Oracle Solaris Auditing (Task Map)

Kerberos

client and service principal names,

Client and Service Principal Names

clock synchronization,

Clock Synchronization Within a Realm

configuration decisions,

Planning for the Kerberos Service

database propagation,

Which Database Propagation System to Use

number of realms,

Number of Realms

ports,

Ports for the KDC and Admin Services

realm hierarchy,

Realm Hierarchy

realm names,

Realm Names

realms,

Planning Kerberos Realms

slave KDCs,

The Number of Slave KDCs

PAM,

Planning for Your PAM Implementation

RBAC,

How to Plan Your RBAC Implementation

pluggable authentication module, See PAM

plugin_list option, SASL and,

SASL Options

plugins

adding to KMF,

How to Manage Third-Party Plugins in KMF

auditing,

Audit Plugin Modules

cryptographic framework,

Oracle Solaris Cryptographic Framework

managed in KMF,

KMF Plugin Management

removing from KMF,

How to Manage Third-Party Plugins in KMF

SASL and,

SASL Plug-ins

plus sign (+)

audit class prefix,

Audit Class Syntax

entry in sulog file,

How to Monitor Who Is Using the su Command

file permissions symbol,

How to Configure syslog Audit Logs

plus sign (+) in audit class prefixes,

policies

administering

Administering Kerberos Principals and Policies (Tasks)

Administering Kerberos Policies

creating (Kerberos),

How to Create a New Kerberos Principal

creating new (Kerberos),

How to Create a New Kerberos Policy

deleting,

How to Delete a Kerberos Policy

for auditing,

How to Modify a Kerberos Policy

modifying,

on devices,

How to View Device Policy

overview,

Oracle Solaris Security Policy

passwords and,

SEAM Tool Panel Descriptions

SEAM Tool panels for,

specifying password algorithm,

Changing the Password Algorithm (Task Map)

task map for administering,

Administering Kerberos Policies (Task Map)

viewing attributes,

How to View a Kerberos Policy's Attributes

viewing list of,

How to View the List of Kerberos Policies

policy

definition in cryptographic framework,

Terminology in the Oracle Solaris Cryptographic Framework

definition in Oracle Solaris operating system,

Oracle Solaris Security Policy

policy.conf file

Basic Solaris User rights profile,

Basic Solaris User Rights Profile

description

keywords

for password algorithms,

Password Encryption

for privileges

for RBAC authorizations,

for rights profiles,

for workstation owner,

How to Specify an Algorithm for Password Encryption

specifying encryption algorithms in,

specifying password algorithm

in naming services,

How to Specify a New Password Algorithm for an NIS Domain

specifying password algorithms,

How to Specify an Algorithm for Password Encryption

port forwarding

configuring in Solaris Secure Shell,

How to Configure Port Forwarding in Solaris Secure Shell

Solaris Secure Shell

How to Use Port Forwarding in Solaris Secure Shell

Port keyword, Solaris Secure Shell,

Ports for the KDC and Admin Services

ports, for Kerberos KDC,

post-selection in auditing,

How the Kerberos Service Works

postdated ticket

definition,

Types of Tickets

description,

pound sign (#)

device_allocate file,

device_allocate File

device_maps file,

device_maps File

ppriv command

for debugging,

How to Determine Which Privileges a Program Requires

listing privileges,

How to Determine the Privileges on a Process

praudit command

converting audit records to readable format

DTD for -x option,

options,

output formats,

piping auditreduce output to,

use in a script,

viewing audit records,

with no options,

praudit Command

XML format,

PreferredAuthentications keyword, ssh_config file,

How to Preselect Audit Classes

prefixes for audit classes,

Audit Class Syntax

preselecting, audit classes,

preselection in auditing,

preselection mask (auditing), description,

PreUserauthHook keyword, ssh_config file,

SPARC: Controlling Access to System Hardware (Task Map)

preventing

access to system hardware,

audit trail overflow,

How to Prevent Audit Trail Overflow

executables from compromising security,

Preventing Executable Files From Compromising Security

kernel software provider use,

How to Prevent the Use of a Kernel Software Provider

use of hardware mechanism,

How to Disable Hardware Provider Mechanisms and Features

primary, in principal names,

How to Manually Configure a Master KDC

principal

adding administration

How to Configure a KDC to Use an LDAP Data Server

adding service principal to keytab

Administering Keytab Files

How to Add a Kerberos Service Principal to a Keytab File

administering

Administering Kerberos Principals and Policies (Tasks)

Administering Kerberos Principals

automating creation of,

Automating the Creation of New Kerberos Principals

creating,

How to Create a New Kerberos Principal

creating clntconfig

How to Manually Configure a Master KDC

How to Configure a KDC to Use an LDAP Data Server

creating host

How to Manually Configure a Master KDC

How to Configure a KDC to Use an LDAP Data Server

deleting,

How to Delete a Kerberos Principal

duplicating,

How to Duplicate a Kerberos Principal

Kerberos,

How to Modify a Kerberos Principal

modifying,

principal name,

How to Remove a Service Principal From a Keytab File

removing from keytab file,

removing service principal from keytab,

How to Remove a Service Principal From a Keytab File

SEAM Tool panels for,

SEAM Tool Panel Descriptions

service principal,

How to Set Up Defaults for Creating New Kerberos Principals

setting up defaults,

task map for administering,

Administering Kerberos Principals (Task Map)

user ID comparison,

How to Create a Credential Table

user principal,

How to View a Kerberos Principal's Attributes

viewing attributes,

viewing list of,

How to View the List of Kerberos Principals

viewing sublist of principals,

How to View the List of Kerberos Principals

principal file, description,

principal.kadm5 file, description,

principal.kadm5.lock file, description,

principal.ok file, description,

principal.ulog file, description,

Privileges Protect Kernel Processes

principle of least privilege,

Printer Management (RBAC), contents of rights profile,

Printer Management Rights Profile

printing, audit log,

PrintLastLog keyword, ssh_config file,

PrintMotd keyword, sshd_config file,

priv.debug entry, syslog.conf file,

PRIV_DEFAULT keyword

policy.conf file

PRIV_LIMIT keyword

policy.conf file

Privileges and System Resources

PRIV_PROC_LOCK_MEMORY privilege,

privacy

availability,

What Is the Kerberos Service?

Kerberos and,

security service,

Kerberos Security Services

private keys

See also secret keys

definition in Kerberos,

Authentication-Specific Terminology

Solaris Secure Shell identity files,

Solaris Secure Shell Files

private protection level,

Applications That Check for Privileges

privilege audit token,

privilege Token

privilege checking, in applications,

privilege sets

adding privileges to,

Expanding a User or Role's Privileges

basic,

effective,

inheritable,

limit,

listing,

permitted,

Restricting a User or Role's Privileges

removing privileges from,

privileged application

authorization checking,

Applications That Check Authorizations

description,

Oracle Solaris RBAC Elements and Basic Concepts

ID checking,

Applications That Check UIDs and GIDs

privilege checking,

Applications That Check for Privileges

privileged ports, alternative to Secure RPC,

Authentication and Authorization for Remote Access

privileges

adding to command,

How to Add Privileges to a Command

administering,

Managing Privileges (Task Map)

assigning to a command,

Assigning Privileges

assigning to a script,

Assigning Privileges to a Script

assigning to a user,

Assigning Privileges

assigning to user or role,

How to Assign Privileges to a User or Role

auditing and,

Privileges and Auditing

categories,

Administrative Commands for Handling Privileges

commands,

compared to superuser model,

Privileges (Overview)

debugging

Privileges and Debugging

How to Determine Which Privileges a Program Requires

description

Oracle Solaris RBAC Elements and Basic Concepts

How to Determine the Privileges That You Have Been Directly Assigned

determining directly assigned ones,

devices and,

Privileges and Devices

differences from superuser model,

Administrative Differences on a System With Privileges

effects on SEAM Tool,

Using the SEAM Tool With Limited Kerberos Administration Privileges

escalation,

Prevention of Privilege Escalation

executing commands with privilege,

Expanding a User or Role's Privileges

files,

How to Determine Which Privileges a Program Requires

finding missing,

how to use,

Determining Your Privileges (Task Map)

implemented in sets,

inherited by processes,

How to Limit a User's or Role's Privileges

limiting use by user or role,

listing on a process,

How to Determine the Privileges on a Process

PRIV_PROC_LOCK_MEMORY,

Privileges and System Resources

processes with assigned privileges,

programs aware of privileges,

Privileges Protect Kernel Processes

protecting kernel processes,

removing from a user,

Restricting a User or Role's Privileges

removing from basic set,

How to Limit a User's or Role's Privileges

removing from limit set,

How to Limit a User's or Role's Privileges

task map,

Managing and Using Privileges (Task Map)

troubleshooting

to users,

How to Troubleshoot RBAC and Privilege Assignment

troubleshooting requirements for,

How to Determine Which Privileges a Program Requires

using in shell script,

How to Run a Shell Script With Privileged Commands

privs keyword

prof_attr database,

user_attr database,

PROC privileges,

process audit characteristics

audit ID,

audit session ID,

process preselection mask,

terminal ID,

Definitions of Audit Classes

process audit class,

process audit token, format,

process Token

process modify audit class,

Definitions of Audit Classes

process preselection mask, description,

process privileges,

Definitions of Audit Classes

process rights management, See privileges

process start/stop audit class,

processing time costs, of audit service,

Cost of Increased Processing Time of Audit Data

prof_attr database

defaultpriv keyword,

description,

prof_attr Database

limitpriv keyword,

privs keyword,

Databases That Support RBAC

summary,

profile shells

description,

How to Obtain Administrative Rights

opening,

restricting rights,

How to Restrict an Administrator to Explicitly Assigned Rights

profiles, See rights profiles

profiles command, description,

PROFS_GRANTED keyword, policy.conf file,

How to Add RBAC Properties to Legacy Applications

programs

checking for RBAC authorizations,

privilege-aware

Privileges and System Resources

project.max-locked-memory resource control,

PROM security mode,

Controlling Access to System Hardware

propagation

KDC database,

Which Database Propagation System to Use

Kerberos database,

Backing Up and Propagating the Kerberos Database

protecting

BIOS, pointer to,

Using the Key Management Framework (Task Map)

by using passwords with cryptographic framework,

contents of keystore,

How to Export a Certificate and Private Key in PKCS #12 Format

files with cryptographic framework,

Protecting Files With the Oracle Solaris Cryptographic Framework (Task Map)

PROM,

Protecting Against Programs With Security Risk (Task Map)

system from risky programs,

protecting files

task map,

Protecting Files (Task Map)

user procedures,

Protecting Files With UNIX Permissions (Task Map)

with UFS ACLs,

Using Access Control Lists to Protect UFS Files

with UNIX permissions

Using UNIX Permissions to Protect Files

Protecting Files With UNIX Permissions (Task Map)

with UNIX permissions task map,

Protecting Files With UNIX Permissions (Task Map)

protection level

clear,

private,

safe,

setting in ftp,

Protocol keyword, Solaris Secure Shell,

providers

adding library,

adding software provider,

adding user-level software provider,

Plugins to the Oracle Solaris Cryptographic Framework

connecting to cryptographic framework,

definition as plugins

Oracle Solaris Cryptographic Framework

Terminology in the Oracle Solaris Cryptographic Framework

definition in cryptographic framework,

Terminology in the Oracle Solaris Cryptographic Framework

disabling hardware mechanisms,

How to Disable Hardware Provider Mechanisms and Features

installing,

Plugins to the Oracle Solaris Cryptographic Framework

listing hardware providers,

How to List Hardware Providers

listing in cryptographic framework,

How to List Available Providers

preventing use of kernel software provider,

How to Prevent the Use of a Kernel Software Provider

registering,

Plugins to the Oracle Solaris Cryptographic Framework

restoring use of kernel software provider,

How to Prevent the Use of a Kernel Software Provider

signing,

Plugins to the Oracle Solaris Cryptographic Framework

proxiable ticket, definition,

Types of Tickets

proxy ticket, definition,

Types of Tickets

ProxyCommand keyword, ssh_config file,

Command Execution and Data Forwarding in Solaris Secure Shell

pseudo-tty, use in Solaris Secure Shell,

PubkeyAuthentication keyword, Solaris Secure Shell,

public audit policy

description,

read-only events,

public directories

auditing,

sticky bit and,

Solaris Secure Shell Authentication

public key authentication, Solaris Secure Shell,

public key cryptography

AUTH_DH client-server session,

changing NFS public keys and secret keys,

common keys

calculation,

database of public keys for Secure RPC,

generating keys

conversation keys for Secure NFS,

using Diffie-Hellman,

NFS secret keys,

How to Change the Passphrase for a Solaris Secure Shell Private Key

public key technologies, See PKI

public keys

changing passphrase,

DH authentication and,

Diffie-Hellman Authentication and Secure RPC

generating public-private key pair,

How to Generate a Public/Private Key Pair for Use With Solaris Secure Shell

Solaris Secure Shell identity files,

Solaris Secure Shell Files

public objects, auditing,