JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Trusted Extensions Configuration and Administration     Oracle Solaris 11 Information Library
search filter icon
search icon

Document Information


Part I Initial Configuration of Trusted Extensions

1.  Security Planning for Trusted Extensions

2.  Configuration Roadmap for Trusted Extensions

3.  Adding the Trusted Extensions Feature to Oracle Solaris (Tasks)

4.  Configuring Trusted Extensions (Tasks)

5.  Configuring LDAP for Trusted Extensions (Tasks)

Part II Administration of Trusted Extensions

6.  Trusted Extensions Administration Concepts

7.  Trusted Extensions Administration Tools

8.  Security Requirements on a Trusted Extensions System (Overview)

9.  Performing Common Tasks in Trusted Extensions (Tasks)

10.  Users, Rights, and Roles in Trusted Extensions (Overview)

11.  Managing Users, Rights, and Roles in Trusted Extensions (Tasks)

12.  Remote Administration in Trusted Extensions (Tasks)

13.  Managing Zones in Trusted Extensions (Tasks)

14.  Managing and Mounting Files in Trusted Extensions (Tasks)

15.  Trusted Networking (Overview)

16.  Managing Networks in Trusted Extensions (Tasks)

17.  Trusted Extensions and LDAP (Overview)

18.  Multilevel Mail in Trusted Extensions (Overview)

19.  Managing Labeled Printing (Tasks)

Labels, Printers, and Printing

Restricting Access to Printers and Print Job Information in Trusted Extensions

Labeled Printer Output

PostScript Printing of Security Information

Configuring Labeled Printing (Task Map)

How to Configure a Zone As a Single-Level Print Server

How to Configure a Multilevel Print Server and Its Printers

How to Enable a Trusted Extensions Client to Access a Printer

How to Configure a Restricted Label Range for a Printer

Reducing Printing Restrictions in Trusted Extensions (Task Map)

How to Remove Labels From Printed Output

How to Assign a Label to an Unlabeled Print Server

How to Remove Page Labels From All Print Jobs

How to Enable Specific Users to Suppress Page Labels

How to Suppress Banner and Trailer Pages for Specific Users

How to Enable Users to Print PostScript Files in Trusted Extensions

20.  Devices in Trusted Extensions (Overview)

21.  Managing Devices for Trusted Extensions (Tasks)

22.  Trusted Extensions Auditing (Overview)

23.  Software Management in Trusted Extensions (Reference)

A.  Site Security Policy

Creating and Managing a Security Policy

Site Security Policy and Trusted Extensions

Computer Security Recommendations

Physical Security Recommendations

Personnel Security Recommendations

Common Security Violations

Additional Security References

B.  Configuration Checklist for Trusted Extensions

Checklist for Configuring Trusted Extensions

C.  Quick Reference to Trusted Extensions Administration

Administrative Interfaces in Trusted Extensions

Oracle Solaris Interfaces Extended by Trusted Extensions

Tighter Security Defaults in Trusted Extensions

Limited Options in Trusted Extensions

D.  List of Trusted Extensions Man Pages

Trusted Extensions Man Pages in Alphabetical Order

Oracle Solaris Man Pages That Are Modified by Trusted Extensions



Labels, Printers, and Printing

Trusted Extensions software uses labels to control printer access. Labels are used to control access to printers and to information about queued print jobs. The software also labels printed output. Body pages are labeled, and mandatory banner and trailer pages are labeled.

The system administrator handles basic printer administration. The security administrator role manages printer security, which includes labels and how the labeled output is handled. The administrators follow basic Oracle Solaris printer administration procedures, then they assign labels to the print servers and printers.

Trusted Extensions software supports both single-level and multilevel printing. By default, single-level printing is configured. Multilevel printing is implemented in the global zone only. To use the global zone's print server, a labeled zone must be configured as an IP instance or as a vnic. The address must be distinct from the global zone's IP address.

Restricting Access to Printers and Print Job Information in Trusted Extensions

Users and roles on a system that is configured with Trusted Extensions software create print jobs at the label of their session. The print jobs can print only on printers that recognize that label. The label must be in the printer's label range.

Users and roles can view print jobs whose label is the same as the label of the session. In the global zone, a role can view jobs whose labels are dominated by the label of the zone.

Printers that are configured with Trusted Extensions software print labels on the printer output. Printers that are managed by unlabeled print servers do not print labels on the printer output. Such printers have the same label as their unlabeled server. For example, an Oracle Solaris print server can be assigned an arbitrary label. Users can then print jobs at that arbitrary label on the Oracle Solaris printer. As with Trusted Extensions printers, those Oracle Solaris printers can only accept print jobs from users who are working at the label that has been assigned to the print server.

Labeled Printer Output

Trusted Extensions prints labels on body pages and banner and trailer pages. The information comes from the label_encodings file.

The security administrator can configure user accounts to use printers that do not print labels on the output.

PostScript Printing of Security Information

Labeled printing in Trusted Extensions relies on features from Oracle Solaris printing. In the Oracle Solaris OS, the job-sheets option handles banner page creation. To implement labeling, the print job is converted to a PostScript file. Then, the PostScript file is manipulated to insert labels on body pages, and to create banner and trailer pages.