| Skip Navigation Links | |
| Exit Print View | |
|
Oracle Solaris 10 8/11 What's New Oracle Solaris 10 8/11 Information Library |
| Skip Navigation Links | |
| Exit Print View | |
|
|
Oracle Solaris 10 8/11 What's New Oracle Solaris 10 8/11 Information Library |
1. What's New in the Oracle Solaris 10 8/11 Release
Support for Two-Terabyte Memory Systems
System Administration Enhancements
SPARC: Support for Fast Reboot
User-Level CMT Observability Tools
Solaris Volume Manager Data Recovery
Oracle Solaris Groups Functionality
x86: Generic FMA Topology Enumerator
System Performance Enhancements
Tunable Parameter for Flash Devices in the sd.conf Configuration File
x86: Oracle Solaris I/O Interrupt Framework Enhancement for Nehalem-EX Platforms
Support for IPv6 NAT on IPFilter
x86: Jumbo Frame Support in the bnx Driver
PKCS#11 Provider for Oracle Key Manager
Support for AES Cipher Suites in the KSSL
Assigning a New Password Does Not Unlock a Locked Account
Password Construction Policy Applies to the root User by Default
Samba Upgrade to Version 3.5.8
x86: Bash Upgrade to Version 3.2
Apache C++ Standard Library Version 4 Support
Support for New Devices in the ixgbe Driver
Support for New Devices in the igb Driver
Support for LAN-On-Motherboard (LOM) Devices in the e1000g Driver
Support for New Devices in the bge Driver
Support for New Device in the qlcnic Driver
Support for New Device in the mcxnex/mcxe Driver
Support for New Devices in the scu Driver
x86: Support for LSI MegaRAID Falcon SAS 2.0 HBA Device
Support for LSI SAS 2308 HBA Device
Support for LSI SAS 2208 HBA Device
Support for Public GLD Interfaces in the bge Driver
Support for MSI in the bge Driver
This section describes security enhancements in this release.
The new PKCS#11 provider provides access to Oracle Key Manager (OKM) functionality using standard Cryptographic and Key Management Framework interfaces in Oracle Solaris. The functionality includes:
Creating and storing private Advanced Encryption Standard (AES) keys in the OKM
Encrypting and decrypting the data using the generated keys
Deleting the stored keys
You can use the stored AES keys for symmetric cryptographic operations.
Oracle Solaris supports the following AES cipher suites in the kernel SSL (Secure Sockets Layer):
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
These suites are defined in RFC 3268 (AES cipher suites for Transport Layer Security). For more information, see the ksslcfg(1M) man page.
Assigning a new password no longer unlocks a locked account. This feature helps system administrators avoid inadvertently enabling a locked account.
Prior to this release, when a user account was locked (either by a system administrator or after a number of failed login attempts), the account could be unlocked in one of the following ways:
Using the passwd -u option
Deleting the password entry using the passwd -d option
Assigning a new password
You can still use passwd -u to unlock an account or passwd -d to delete the password entry and unlock the account. After deleting the password entry to unlock an account, you can then assign a new password.
For more information, see the passwd(1) man page.
Prior to this release, the root user (user id 0) was exempt from any password policy constraints configured in the /etc/default/passwd file. Starting with this release, by default, the configured password policy is applied to the root user. This configuration helps system administrators to avoid setting passwords accidentally that do not comply with the configured policy set for the system.
For more information, see the passwd(1) man page and the description of the force_check option in the pam_authtok_check(5) man page.
Starting with this release, the Oracle SSH supports the chroot capability. This feature allows the administrator to change the apparent root directory for a current running process and its children. A program running in the chroot environment cannot access directories or files outside the designated directory tree.
For more information, see the description of the ChrootDirectory option in the sshd_config(4) man page.
|