- System Administration Guide: Security Services

Rights Profiles for Administering Auditing

audit profiles,

auditing roles,

How to Audit Roles

authorization database,

auth_attr Database

authorizations,

RBAC Authorizations

basic concepts,

How to Change the Password of a Role

changing role passwords,

checking scripts or programs for authorizations,

How to Add RBAC Properties to Legacy Applications

commands for managing,

compared to superuser model,

Configuring and Using RBAC

configuring,

database relationships,

RBAC Database Relationships

databases,

Databases That Support RBAC

editing rights profiles,

How to Create or Change a Rights Profile

elements,

How to Obtain Administrative Rights

gaining administrative rights,

modifying roles,

How to Change the RBAC Properties of a User

modifying users,

naming services and,

RBAC Databases and the Naming Services

planning,

How to Plan Your RBAC Implementation

profile shells,

Profile Shell in RBAC

restricting rights,

How to Restrict an Administrator to Explicitly Assigned Rights

rights profile database,

prof_attr Database

rights profiles,

RBAC Rights Profiles

securing scripts,

How to Add RBAC Properties to Legacy Applications

troubleshooting,

How to Troubleshoot RBAC and Privilege Assignment

using user password to assume role,

How to Enable a User to Use Own Password to Assume a Role

using user password to use rights profile,

How to Enable a User to Use Own Password to Assume a Role

RC4, See ARCFOUR kernel provider

rcp command

Kerberos and

rdist command, Kerberos and,

How to Display the Keylist (Principals) in a Keytab File

read_kt command

How to Temporarily Disable Authentication for a Service on a Host

read permissions, symbolic mode,

File Permission Modes

readable audit record format

converting audit records to

How to View the Contents of Binary Audit Files

praudit Command

realms (Kerberos)

configuration decisions,

Planning Kerberos Realms

configuring cross-realm authentication,

Configuring Cross-Realm Authentication

contents of,

Kerberos Servers

direct,

How to Establish Direct Cross-Realm Authentication

hierarchical,

How to Establish Hierarchical Cross-Realm Authentication

hierarchical or nonhierarchical,

Kerberos Realms

hierarchy,

Realm Hierarchy

in principal names,

Kerberos Principals

mapping host names onto,

Mapping Host Names Onto Realms

names,

Realm Names

number of,

Number of Realms

requesting tickets for specific,

Assigning a Restricted Shell to Users

servers and,

Kerberos Servers

reauth_timeout option, SASL and,

SASL Options

redirecting arrow (>), preventing redirection,

reducing

audit files

How to Merge Audit Files From the Audit Trail

auditreduce Command

disk space required for audit files,

How to Compress Audit Files on a Dedicated File System

storage-space requirements for audit files,

Auditing Efficiently

refreshing

audit daemon,

How to Refresh the Audit Service

audit service

How to Refresh the Audit Service

cryptographic services,

How to Refresh or Restart All Cryptographic Services

registering providers, cryptographic framework,

Plugins to the Oracle Solaris Cryptographic Framework

RekeyLimit keyword, ssh_config file,

Authentication and Authorization for Remote Access

rem_drv command, description,

Device Policy Commands

remote logins

authentication,

authorization,

Authentication and Authorization for Remote Access

preventing superuser from,

Implementation of Diffie-Hellman Authentication

security and,

RemoteForward keyword, ssh_config file,

How to Prevent the Auditing of Specific Events

removing

audit events from audit_event file,

cryptographic providers

How to Prevent the Use of a User-Level Mechanism

How to Prevent the Use of a Kernel Software Provider

device policy,

How to Change the Device Policy on an Existing Device

plugins from KMF,

How to Manage Third-Party Plugins in KMF

policy from device,

How to Change the Device Policy on an Existing Device

principals with ktremove command,

How to Remove a Service Principal From a Keytab File

privileges from basic set,

How to Limit a User's or Role's Privileges

privileges from limit set,

How to Limit a User's or Role's Privileges

service principal from keytab file,

How to Remove a Service Principal From a Keytab File

software providers

permanently

How to Prevent the Use of a Kernel Software Provider

temporarily,

How to Prevent the Use of a Kernel Software Provider

user-specific auditing,

How to Configure a User's Audit Characteristics

renewable ticket, definition,

Types of Tickets

replacing

preselected audit classes,

How to Preselect Audit Classes

superuser with roles,

How to Plan Your RBAC Implementation

replayed transactions,

Implementation of Diffie-Hellman Authentication

reporting tool, See bart compare

reports, BART,

Basic Audit Reporting Tool (Overview)

repository, installing third-party providers,

How to Add a Software Provider

required control flag, PAM,

How PAM Stacking Works

requisite control flag, PAM,

How PAM Stacking Works

resetting, auditing defaults,

How to Display Audit Service Defaults

resource controls

privileges, and,

Privileges and System Resources

project.max-locked-memory,

Privileges and System Resources

zone.max-locked-memory,

Privileges and System Resources

restarting

cryptographic services,

How to Refresh or Restart All Cryptographic Services

ssh service,

How to Configure Port Forwarding in Solaris Secure Shell

sshd daemon,

How to Configure Port Forwarding in Solaris Secure Shell

restoring, cryptographic providers,

How to Prevent the Use of a Kernel Software Provider

restricted shell (rsh),

Assigning a Restricted Shell to Users

restricting

remote superuser access,

Monitoring and Restricting Superuser (Task Map)

superuser task map,

user privileges,

How to Limit a User's or Role's Privileges

restricting access for KDC servers,

How to Restrict Access to KDC Servers

RETRIES in Solaris Secure Shell,

Solaris Secure Shell and Login Environment Variables

return audit token, format,

return Token

rewoffl option

mt command

tape device cleanup and,

Device-Clean Scripts

.rhosts file, description,

Solaris Secure Shell Files

RhostsAuthentication keyword, Solaris Secure Shell,

RhostsRSAAuthentication keyword, Solaris Secure Shell,

How to Restrict an Administrator to Explicitly Assigned Rights

right, See rights profiles

rights, restricting administrator to explicitly assigned,

rights profiles

All

RBAC Database Relationships

All Rights Profile

Audit Control,

for audit service,

Rights Profiles for Administering Auditing

authenticating with user's password,

How to Enable a User to Use Own Password to Assume a Role

Basic Solaris User

Basic Solaris User Rights Profile

changing contents of,

How to Create or Change a Rights Profile

Console User

Order of Search for Assigned Security Attributes

Console User Rights Profile

contents of typical,

databases

See prof_attr database and exec_attr database

description

Device Allocation Rights Profiles

RBAC Rights Profiles

Device Management,

Device Security

How to Enable Device Allocation

Device Allocation Rights Profiles

major rights profiles descriptions,

How to Create or Change a Rights Profile

modifying,

Operator

Order of Search for Assigned Security Attributes

Operator Rights Profile

order of search,

ordering,

Order of Rights Profiles

Printer Management

Printer Management Rights Profile

Stop

Stop Rights Profile

System Administrator

System Administrator Rights Profile

troubleshooting,

How to Troubleshoot RBAC and Privilege Assignment

using the System Administrator profile,

How to Require a Password for Hardware Access

viewing contents,

Viewing the Contents of Rights Profiles

rlogin command

Kerberos and

rlogind daemon, Kerberos and,

Kerberos Daemons

role-based access control, See RBAC

roleadd command

description,

How to Create a Privileged User

using

How to Create a Role

roleauth keyword, passwords for roles,

How to Enable a User to Use Own Password to Assume a Role

roledel command, description,

rolemod command

changing properties of role,

description,

How to Enable a User to Use Own Password to Assume a Role

passwords for roles,

roles

assigning privileges to,

How to Assign Privileges to a User or Role

assigning with usermod command,

How to Assign a Role

assuming,

assuming after login,

RBAC Roles

assuming in a terminal window

Profile Shell in RBAC

assuming root role,

assuming System Administrator role,

How to Enable a User to Use Own Password to Assume a Role

auditing,

How to Audit Roles

authenticating with user's password,

changing password of,

How to Change the Password of a Role

changing properties of,

RBAC Database Relationships

creating,

How to Create a Role

audcontrol role,

Crypto Management role,

How to Assign a Role

root role,

How to Determine the Privileges That You Have Been Directly Assigned

description,

RBAC Roles

determining directly assigned privileges,

determining role's privileged commands,

How to Determine the Privileged Commands That a Role Can Run

listing local roles

making root user into role,

modifying,

recommended roles,

summary,

use in RBAC,

using an assigned role,

How to Require a Password for Hardware Access

using to access the hardware,

roles command

description,

using,

Administering Keytab Files

root principal, adding to host's keytab,

root role, recommended role,

root role (RBAC)

assuming role,

changing back into root user,

troubleshooting,

root user

changing from root role,

changing to root role,

displaying access attempts on console,

Limiting and Monitoring Superuser

description,

Special System Logins

monitoring su command attempts

How to Monitor Who Is Using the su Command

replacing in RBAC,

RBAC Roles

restricting access,

Restricting root Access to Shared Files

restricting remote access

Limiting and Monitoring Superuser

tracking logins,

RPCSEC_GSS API, Kerberos and,

SEAM 1.0 Components

RSA kernel provider,

How to List Available Providers

RSAAuthentication keyword, Solaris Secure Shell,

rsh command

Kerberos and