Skip Navigation Links | |
Exit Print View | |
Trusted Extensions Configuration and Administration Oracle Solaris 11 Information Library |
Part I Initial Configuration of Trusted Extensions
1. Security Planning for Trusted Extensions
2. Configuration Roadmap for Trusted Extensions
3. Adding the Trusted Extensions Feature to Oracle Solaris (Tasks)
4. Configuring Trusted Extensions (Tasks)
5. Configuring LDAP for Trusted Extensions (Tasks)
Part II Administration of Trusted Extensions
6. Trusted Extensions Administration Concepts
7. Trusted Extensions Administration Tools
8. Security Requirements on a Trusted Extensions System (Overview)
9. Performing Common Tasks in Trusted Extensions (Tasks)
10. Users, Rights, and Roles in Trusted Extensions (Overview)
11. Managing Users, Rights, and Roles in Trusted Extensions (Tasks)
12. Remote Administration in Trusted Extensions (Tasks)
13. Managing Zones in Trusted Extensions (Tasks)
14. Managing and Mounting Files in Trusted Extensions (Tasks)
15. Trusted Networking (Overview)
16. Managing Networks in Trusted Extensions (Tasks)
17. Trusted Extensions and LDAP (Overview)
18. Multilevel Mail in Trusted Extensions (Overview)
19. Managing Labeled Printing (Tasks)
Labels, Printers, and Printing
Restricting Access to Printers and Print Job Information in Trusted Extensions
Configuring Labeled Printing (Task Map)
How to Configure a Zone As a Single-Level Print Server
How to Configure a Multilevel Print Server and Its Printers
How to Enable a Trusted Extensions Client to Access a Printer
How to Configure a Restricted Label Range for a Printer
Reducing Printing Restrictions in Trusted Extensions (Task Map)
How to Remove Labels From Printed Output
How to Assign a Label to an Unlabeled Print Server
How to Remove Page Labels From All Print Jobs
How to Enable Specific Users to Suppress Page Labels
How to Suppress Banner and Trailer Pages for Specific Users
How to Enable Users to Print PostScript Files in Trusted Extensions
20. Devices in Trusted Extensions (Overview)
21. Managing Devices for Trusted Extensions (Tasks)
22. Trusted Extensions Auditing (Overview)
23. Software Management in Trusted Extensions (Reference)
Creating and Managing a Security Policy
Site Security Policy and Trusted Extensions
Computer Security Recommendations
Physical Security Recommendations
Personnel Security Recommendations
Additional Security References
B. Configuration Checklist for Trusted Extensions
Checklist for Configuring Trusted Extensions
C. Quick Reference to Trusted Extensions Administration
Administrative Interfaces in Trusted Extensions
Oracle Solaris Interfaces Extended by Trusted Extensions
Tighter Security Defaults in Trusted Extensions
Limited Options in Trusted Extensions
D. List of Trusted Extensions Man Pages
Trusted Extensions Man Pages in Alphabetical Order
Oracle Solaris Man Pages That Are Modified by Trusted Extensions
Trusted Extensions software uses labels to control printer access. Labels are used to control access to printers and to information about queued print jobs. The software also labels printed output. Body pages are labeled, and mandatory banner and trailer pages are labeled.
The system administrator handles basic printer administration. The security administrator role manages printer security, which includes labels and how the labeled output is handled. The administrators follow basic Oracle Solaris printer administration procedures, then they assign labels to the print servers and printers.
Trusted Extensions software supports both single-level and multilevel printing. By default, single-level printing is configured. Multilevel printing is implemented in the global zone only. To use the global zone's print server, a labeled zone must be configured as an IP instance or as a vnic. The address must be distinct from the global zone's IP address.
Users and roles on a system that is configured with Trusted Extensions software create print jobs at the label of their session. The print jobs can print only on printers that recognize that label. The label must be in the printer's label range.
Users and roles can view print jobs whose label is the same as the label of the session. In the global zone, a role can view jobs whose labels are dominated by the label of the zone.
Printers that are configured with Trusted Extensions software print labels on the printer output. Printers that are managed by unlabeled print servers do not print labels on the printer output. Such printers have the same label as their unlabeled server. For example, an Oracle Solaris print server can be assigned an arbitrary label. Users can then print jobs at that arbitrary label on the Oracle Solaris printer. As with Trusted Extensions printers, those Oracle Solaris printers can only accept print jobs from users who are working at the label that has been assigned to the print server.
Trusted Extensions prints labels on body pages and banner and trailer pages. The information comes from the label_encodings file.
The security administrator can configure user accounts to use printers that do not print labels on the output.
Labeled printing in Trusted Extensions relies on features from Oracle Solaris printing. In the Oracle Solaris OS, the job-sheets option handles banner page creation. To implement labeling, the print job is converted to a PostScript file. Then, the PostScript file is manipulated to insert labels on body pages, and to create banner and trailer pages.