P

p_minfree attribute, audit_warn condition, audit_warn Script

-p option

aset command, How to Run ASET Periodically

bart create, How to Compare Manifests for the Same System Over Time

bsmrecord command, How to Display Audit Record Formats

cryptoadm command

How to Prevent the Use of a User-Level Mechanism

How to Prevent the Use of a Kernel Software Provider

logins command, How to Display Users Without Passwords

packages, Secure Shell, Secure Shell Packages and Initialization

packet transfers

firewall security, Firewall Systems

packet smashing, Encryption and Firewall Systems

PAM

adding a module, How to Add a PAM Module

configuration file

control flags, How PAM Stacking Works

introduction, PAM Configuration (Reference)

Kerberos and, Kerberos Files

stacking diagrams, How PAM Stacking Works

stacking example, PAM Stacking Example

stacking explained, How PAM Stacking Works

syntax, PAM Configuration File Syntax

/etc/syslog.conf file, How to Log PAM Error Reports

framework, Introduction to the PAM Framework

Kerberos and

Kerberos Components

Kerberos Components in the Solaris 8 Release

overview, PAM (Overview)

planning, Planning for Your PAM Implementation

task map, PAM (Tasks)

pam.conf file, See PAM configuration file

pam_roles command, description, Commands That Manage RBAC

PAMAuthenticationViaKBDInt keyword, sshd_config file, Keywords in Secure Shell

panels, table of SEAM Tool, SEAM Tool Panel Descriptions

passphrases

changing for Secure Shell, How to Change the Passphrase for a Secure Shell Private Key

encrypt command, How to Encrypt and Decrypt a File

example, How to Log In to a Remote Host With Secure Shell

generating in KMF, How to Generate a Passphrase by Using the pktool setpin Command

mac command, How to Compute a MAC of a File

storing safely, How to Encrypt and Decrypt a File

using for MAC, How to Compute a MAC of a File

using in Secure Shell

How to Generate a Public/Private Key Pair for Use With Secure Shell

How to Reduce Password Prompts in Secure Shell

PASSREQ in Secure Shell, Secure Shell and Login Environment Variables

passwd command

and kpasswd command, Changing Your Password

and naming services, Managing Password Information

changing password of role, How to Change the Password of a Role

passwd file

and /etc/d_passwd file, Dial-Up Logins

ASET checks, User and Group Checks

password authentication, Secure Shell, Secure Shell Authentication

PasswordAuthentication keyword, Secure Shell, Keywords in Secure Shell

passwords

authentication in Secure Shell, Secure Shell Authentication

changing role password, How to Change the Password of a Role

changing with kpasswd command, Changing Your Password

changing with passwd -r command, Managing Password Information

changing with passwd command, Changing Your Password

creating for dial-up, How to Create a Dial-Up Password

dial-up passwords

disabling temporarily, How to Temporarily Disable Dial-Up Logins

/etc/d_passwd file, Dial-Up Logins

disabling dial-up temporarily, How to Temporarily Disable Dial-Up Logins

displaying users with no passwords, How to Display Users Without Passwords

eliminating in Secure Shell, How to Reduce Password Prompts in Secure Shell

eliminating in Secure Shell in CDE, How to Set Up the ssh-agent Command to Run Automatically in CDE

encryption algorithms, Password Encryption

finding users with no passwords, How to Display Users Without Passwords

granting access without revealing, Granting Access to Your Account

hardware access and, How to Require a Password for Hardware Access

installing third-party encryption module, How to Install a Password Encryption Module From a Third Party

LDAP, Managing Password Information

specifying new password algorithm, How to Specify a New Password Algorithm for an LDAP Domain

local, Managing Password Information

login security

Maintaining Login Control

Maintaining Login Control

Managing Password Information

managing, Kerberos Password Management

modifying a principal's password, How to Modify a Kerberos Principal

NIS, Managing Password Information

specifying new password algorithm, How to Specify a New Password Algorithm for an NIS Domain

NIS+, Managing Password Information

specifying new password algorithm, How to Specify a New Password Algorithm for an NIS+ Domain

policies and, Changing Your Password

PROM security mode

Maintaining Physical Security

Controlling Access to System Hardware

protecting

keystore, How to Export a Certificate and Private Key in PKCS #12 Format

PKCS #12 file, How to Export a Certificate and Private Key in PKCS #12 Format

requiring for hardware access, How to Require a Password for Hardware Access

secret-key decryption for Secure RPC, Implementation of Diffie-Hellman Authentication

specifying algorithm, How to Specify an Algorithm for Password Encryption

in naming services, How to Specify a New Password Algorithm for an NIS Domain

locally, Changing the Password Algorithm (Task Map)

suggestions on choosing, Advice on Choosing a Password

system logins, Managing Password Information

task map, Securing Logins and Passwords (Task Map)

UNIX and Kerberos, Kerberos Password Management

using Blowfish encryption algorithm for, How to Specify an Algorithm for Password Encryption

using MD5 encryption algorithm for, How to Specify an Algorithm for Password Encryption

using new algorithm, How to Specify an Algorithm for Password Encryption

path_attr audit token

Auditing Enhancements in the Solaris 10 Release

path_attr Token

path audit policy, description, Determining Audit Policy

path audit token, format, path Token

PATH environment variable

and security, Setting the PATH Variable

setting, Setting the PATH Variable

PATH in Secure Shell, Secure Shell and Login Environment Variables

PERIODIC_SCHEDULE variable (ASET)

Scheduling ASET Execution: PERIODIC_SCHEDULE

PERIODIC_SCHEDULE Environment Variable

permissions

ACLs and, Using Access Control Lists

ASET handling of

ASET Security Levels

System Files Permissions Tuning

changing file permissions

absolute mode

File Permission Modes

How to Change File Permissions in Absolute Mode

chmod command, Commands for Viewing and Securing Files

symbolic mode

File Permission Modes

File Permission Modes

How to Change File Permissions in Symbolic Mode

How to Change File Permissions in Symbolic Mode

defaults, Default umask Value

directory permissions, UNIX File Permissions

file permissions

absolute mode

File Permission Modes

How to Change File Permissions in Absolute Mode

changing

File Permission Modes

How to Change File Permissions in Symbolic Mode

description, UNIX File Permissions

special permissions

Sticky Bit

File Permission Modes

symbolic mode

File Permission Modes

File Permission Modes

How to Change File Permissions in Symbolic Mode

How to Change File Permissions in Symbolic Mode

finding files with setuid permissions, How to Find Files With Special File Permissions

setgid permissions

absolute mode

File Permission Modes

How to Change Special File Permissions in Absolute Mode

description, setgid Permission

symbolic mode, File Permission Modes

setuid permissions

absolute mode

File Permission Modes

How to Change Special File Permissions in Absolute Mode

description, setuid Permission

security risks, setuid Permission

symbolic mode, File Permission Modes

special file permissions

Special File Permissions (setuid, setgid and Sticky Bit)

Sticky Bit

File Permission Modes

sticky bit, Sticky Bit

tune files (ASET)

Tune Files

Modifying the Tune Files

Modifying the Tune Files

UFS ACLs and, Using Access Control Lists to Protect UFS Files

umask value, Default umask Value

user classes and, File and Directory Ownership

PermitEmptyPasswords keyword, sshd_config file, Keywords in Secure Shell

PermitRootLogin keyword, sshd_config file, Keywords in Secure Shell

permitted privilege set, How Privileges Are Implemented

PermitUserEnvironment keyword, sshd_config file, Keywords in Secure Shell

perzone audit policy

description, Determining Audit Policy

setting, How to Configure Audit Policy

using

How to Plan Auditing in Zones

How to Configure Per-Zone Auditing

Auditing and Oracle Solaris Zones

when to use, Auditing on a System With Oracle Solaris Zones

pfcsh command, description, Profile Shells and RBAC

pfexec command, description, Commands That Manage RBAC

pfksh command, description, Profile Shells and RBAC

pfsh command, description, Profile Shells and RBAC

physical security, description, Maintaining Physical Security

PidFile keyword, Secure Shell, Keywords in Secure Shell

PKCS #11 library

adding provider library, How to Add a Software Provider

in Oracle Solaris Cryptographic Framework, Oracle Solaris Cryptographic Framework

PKCS #11 softtokens, managing keystore, KMF Keystore Management

PKCS #12 files, protecting, How to Export a Certificate and Private Key in PKCS #12 Format

pkcs11_kernel.so user-level provider, How to List Available Providers

pkcs11_softtoken.so user-level provider, How to List Available Providers

pkgadd command

installing third-party providers, How to Add a Software Provider

installing third-party software, How to Install a Password Encryption Module From a Third Party

PKI

managed by KMF, Managing Public Key Technologies

policy managed by KMF, KMF Policy Management

pktool command

creating self-signed certificate, How to Create a Certificate by Using the pktool gencert Command

export subcommand, How to Export a Certificate and Private Key in PKCS #12 Format

gencert subcommand, How to Create a Certificate by Using the pktool gencert Command

generating secret keys, How to Generate a Symmetric Key by Using the pktool Command

import subcommand, How to Import a Certificate Into Your Keystore

list subcommand, How to Create a Certificate by Using the pktool gencert Command

managing PKI objects, Managing Public Key Technologies

setpin subcommand, How to Generate a Passphrase by Using the pktool setpin Command

plain.so.1 plug-in, SASL and, SASL Plug-ins

planning

auditing, Planning Oracle Solaris Auditing (Tasks)

auditing in zones, How to Plan Auditing in Zones

auditing task map, Planning Oracle Solaris Auditing (Task Map)

Kerberos

client and service principal names, Client and Service Principal Names

clock synchronization, Clock Synchronization Within a Realm

configuration decisions, Planning for the Kerberos Service

database propagation, Which Database Propagation System to Use

number of realms, Number of Realms

ports, Ports for the KDC and Admin Services

realm hierarchy, Realm Hierarchy

realm names, Realm Names

realms, Planning Kerberos Realms

slave KDCs, The Number of Slave KDCs

PAM, Planning for Your PAM Implementation

RBAC, How to Plan Your RBAC Implementation

pluggable authentication module, See PAM

plugin line

audit_control file, audit_control File

p_* attributes, How to Configure syslog Audit Logs

qsize attribute, How to Configure syslog Audit Logs

plugin_list option, SASL and, SASL Options

plugins

cryptographic framework, Oracle Solaris Cryptographic Framework

in audit service, How to Configure syslog Audit Logs

loaded by auditd daemon, auditd Daemon

SASL and, SASL Plug-ins

plus sign (+)

ACL entry, How to Check if a File Has an ACL

audit class prefix, Audit Class Syntax

entry in sulog file, How to Monitor Who Is Using the su Command

file permissions symbol, File Permission Modes

policies

administering

Administering Kerberos Principals and Policies (Tasks)

Administering Kerberos Policies

creating (Kerberos), How to Create a New Kerberos Principal

creating new (Kerberos), How to Create a New Kerberos Policy

deleting, How to Delete a Kerberos Policy

for auditing, Determining Audit Policy

modifying, How to Modify a Kerberos Policy

on devices, How to View Device Policy

overview, Security Policy

passwords and, Changing Your Password

SEAM Tool panels for, SEAM Tool Panel Descriptions

specifying password algorithm, Changing the Password Algorithm (Task Map)

task map for administering, Administering Kerberos Policies (Task Map)

viewing attributes, How to View a Kerberos Policy's Attributes

viewing list of, How to View the List of Kerberos Policies

policy

definition in cryptographic framework, Terminology in the Oracle Solaris Cryptographic Framework

definition in Oracle Solaris, Security Policy

policy.conf file

adding password encryption module, How to Install a Password Encryption Module From a Third Party

Basic Solaris User rights profile, Basic Solaris User Rights Profile

description

policy.conf File

Commands That Manage RBAC

keywords

for password algorithms, Password Encryption

for privileges

policy.conf File

Files With Privilege Information

for RBAC authorizations, policy.conf File

for rights profiles, policy.conf File

specifying encryption algorithms in, How to Specify an Algorithm for Password Encryption

specifying password algorithm

in naming services, How to Specify a New Password Algorithm for an NIS Domain

specifying password algorithms, How to Specify an Algorithm for Password Encryption

port forwarding

configuring in Secure Shell, How to Configure Port Forwarding in Secure Shell

Secure Shell

How to Use Port Forwarding in Secure Shell

How to Use Port Forwarding in Secure Shell

Port keyword, Secure Shell, Keywords in Secure Shell

ports, for Kerberos KDC, Ports for the KDC and Admin Services

postdated ticket

definition, Types of Tickets

description, How the Kerberos Service Works

postsigterm string, audit_warn script, audit_warn Script

pound sign (#)

device_allocate file, device_allocate File

device_maps file, device_maps File

ppriv command

for debugging, How to Determine Which Privileges a Program Requires

listing privileges, How to Determine the Privileges on a Process

praudit command

converting audit records to readable format

How to View the Contents of Binary Audit Files

praudit Command

DTD for -x option, praudit Command

options, praudit Command

output formats, praudit Command

piping auditreduce output to, How to View the Contents of Binary Audit Files

use in a script, praudit Command

viewing audit records, How to View the Contents of Binary Audit Files

with no options, praudit Command

XML format, How to View the Contents of Binary Audit Files

PreferredAuthentications keyword, ssh_config file, Keywords in Secure Shell

prefixes for audit classes, Audit Class Syntax

preselecting, audit classes, How to Modify the audit_control File

preselection in auditing, Audit Terminology and Concepts

preselection mask (auditing)

description, Process Audit Characteristics

reducing storage costs, audit Command

system-wide, audit_control File

preventing

access to system hardware, SPARC: Controlling Access to System Hardware (Task Map)

audit trail overflow, How to Prevent Audit Trail Overflow

executables from compromising security, Preventing Executable Files From Compromising Security

kernel software provider use, How to Prevent the Use of a Kernel Software Provider

use of hardware mechanism, How to Disable Hardware Provider Mechanisms and Features

primary, in principal names, Kerberos Principals

Primary Administrator (RBAC)

assuming role, How to Assume a Role in a Terminal Window

recommended role, RBAC: An Alternative to the Superuser Model

rights profile contents, Primary Administrator Rights Profile

primary audit directory, audit_control File

principal

adding administration

How to Manually Configure a Master KDC

How to Configure a KDC to Use an LDAP Data Server

adding service principal to keytab

Administering Keytab Files

How to Add a Kerberos Service Principal to a Keytab File

administering

Administering Kerberos Principals and Policies (Tasks)

Administering Kerberos Principals

automating creation of, Automating the Creation of New Kerberos Principals

creating, How to Create a New Kerberos Principal

creating clntconfig

How to Manually Configure a Master KDC

How to Configure a KDC to Use an LDAP Data Server

creating host

How to Manually Configure a Master KDC

How to Configure a KDC to Use an LDAP Data Server

deleting, How to Delete a Kerberos Principal

duplicating, How to Duplicate a Kerberos Principal

Kerberos, Kerberos Principals

modifying, How to Modify a Kerberos Principal

principal name, Kerberos Principals

removing from keytab file, How to Remove a Service Principal From a Keytab File

removing service principal from keytab, How to Remove a Service Principal From a Keytab File

SEAM Tool panels for, SEAM Tool Panel Descriptions

service principal, Kerberos Principals

setting up defaults, How to Set Up Defaults for Creating New Kerberos Principals

task map for administering, Administering Kerberos Principals (Task Map)

user ID comparison, How to Create a Credential Table

user principal, Kerberos Principals

viewing attributes, How to View a Kerberos Principal's Attributes

viewing list of, How to View the List of Kerberos Principals

viewing sublist of principals, How to View the List of Kerberos Principals

principal file, description, Kerberos Files

principal.kadm5 file, description, Kerberos Files

principal.kadm5.lock file, description, Kerberos Files

principal.ok file, description, Kerberos Files

principal.ulog file, description, Kerberos Files

principle of least privilege, Privileges Protect Kernel Processes

print format field, arbitrary token, arbitrary Token (Obsolete)

Printer Management (RBAC), contents of rights profile, Printer Management Rights Profile

printing, audit log, How to View the Contents of Binary Audit Files

PrintLastLog keyword, ssh_config file, Keywords in Secure Shell

PrintMotd keyword, sshd_config file, Keywords in Secure Shell

priv.debug entry, syslog.conf file, Files With Privilege Information

PRIV_DEFAULT keyword

policy.conf file

policy.conf File

Files With Privilege Information

PRIV_LIMIT keyword

policy.conf file

policy.conf File

Files With Privilege Information

PRIV_PROC_LOCK_MEMORY privilege

What's New in RBAC?

Privileges and System Resources

privacy

availability, Overview of Kerberized Commands

Kerberos and, What Is the Kerberos Service?

security service, Kerberos Security Services

private keys

See also secret keys

definition in Kerberos, Authentication-Specific Terminology

Secure Shell identity files, Secure Shell Files

private protection level, Overview of Kerberized Commands

privilege audit token

Auditing Enhancements in the Solaris 10 Release

privilege Token

privilege checking, in applications, Applications That Check for Privileges

privilege sets

adding privileges to, Expanding a User or Role's Privileges

basic, How Privileges Are Implemented

effective, How Privileges Are Implemented

inheritable, How Privileges Are Implemented

limit, How Privileges Are Implemented

listing, How Privileges Are Implemented

permitted, How Privileges Are Implemented

removing privileges from, Restricting a User or Role's Privileges

privileged application

authorization checking, Applications That Check Authorizations

description, Oracle Solaris RBAC Elements and Basic Concepts

ID checking, Applications That Check UIDs and GIDs

privilege checking, Applications That Check for Privileges

privileged ports, alternative to Secure RPC, Authentication and Authorization for Remote Access

privileges

adding to command, How to Add Privileges to a Command

administering, Managing Privileges (Task Map)

assigning to a command, Assigning Privileges

assigning to a script, Assigning Privileges to a Script

assigning to a user, Assigning Privileges

assigning to user or role, How to Assign Privileges to a User or Role

auditing and, Privileges and Auditing

categories, Privilege Descriptions

commands, Administrative Commands for Handling Privileges

compared to superuser model, Privileges (Overview)

debugging

Privileges and Debugging

How to Determine Which Privileges a Program Requires

description

Oracle Solaris RBAC Elements and Basic Concepts

Oracle Solaris RBAC Elements and Basic Concepts

Privilege Descriptions

determining directly assigned ones, How to Determine the Privileges That You Have Been Directly Assigned

devices and, Privileges and Devices

differences from superuser model, Administrative Differences on a System With Privileges

effects on SEAM Tool, Using the SEAM Tool With Limited Kerberos Administration Privileges

escalation, Prevention of Privilege Escalation

executing commands with privilege, Expanding a User or Role's Privileges

files, Files With Privilege Information

finding missing, How to Determine Which Privileges a Program Requires

how to use, Determining Your Privileges (Task Map)

implemented in sets, How Privileges Are Implemented

inherited by processes, How Processes Get Privileges

limiting use by user or role, How to Limit a User's or Role's Privileges

listing on a process, How to Determine the Privileges on a Process

PRIV_PROC_LOCK_MEMORY

What's New in RBAC?

Privileges and System Resources

processes with assigned privileges, How Processes Get Privileges

programs aware of privileges, How Processes Get Privileges

protecting kernel processes, Privileges Protect Kernel Processes

removing from a user, Restricting a User or Role's Privileges

removing from basic set, How to Limit a User's or Role's Privileges

removing from limit set, How to Limit a User's or Role's Privileges

task map, Managing and Using Privileges (Task Map)

troubleshooting requirements for, How to Determine Which Privileges a Program Requires

using in shell script, How to Run a Shell Script With Privileged Commands

privileges file, description, Privilege Descriptions

privs keyword, user_attr database, Files With Privilege Information

PROC privileges, Privilege Descriptions

process audit characteristics

audit ID, Process Audit Characteristics

audit session ID, Process Audit Characteristics

process preselection mask, Process Audit Characteristics

terminal ID, Process Audit Characteristics

process audit class, Definitions of Audit Classes

process audit token, format, process Token

process modify audit class, Definitions of Audit Classes

process preselection mask, description, Process Audit Characteristics

process privileges, Privilege Descriptions

process rights management, See privileges

process start audit class, Definitions of Audit Classes

processing time costs, of audit service, Cost of Increased Processing Time of Audit Data

prof_attr database

description, prof_attr Database

summary, Databases That Support RBAC

.profile file, path variable entry, Setting the PATH Variable

profile shells, description, Profile Shells and RBAC

profiles, See rights profiles

profiles command, description, Commands That Manage RBAC

PROFS_GRANTED keyword, policy.conf file, policy.conf File

programs

checking for RBAC authorizations, How to Add RBAC Properties to Legacy Applications

privilege-aware

How Privileges Are Implemented

How Processes Get Privileges

project.max-locked-memory resource control

What's New in RBAC?

Privileges and System Resources

PROM security mode, Controlling Access to System Hardware

propagation

KDC database, Which Database Propagation System to Use

Kerberos database, Backing Up and Propagating the Kerberos Database

protecting

BIOS, pointer to, How to Require a Password for Hardware Access

by using passwords with cryptographic framework, Using the Key Management Framework (Task Map)

contents of keystore, How to Export a Certificate and Private Key in PKCS #12 Format

files with cryptographic framework, Protecting Files With the Oracle Solaris Cryptographic Framework (Task Map)

PROM, How to Require a Password for Hardware Access

system from risky programs, Protecting Against Programs With Security Risk (Task Map)

protecting files

task map, Protecting Files (Task Map)

user procedures, Protecting Files With UNIX Permissions (Task Map)

with ACLs, Protecting UFS Files With ACLs (Task Map)

with ACLs task map, Protecting UFS Files With ACLs (Task Map)

with UFS ACLs, Using Access Control Lists to Protect UFS Files

with UNIX permissions

Using UNIX Permissions to Protect Files

Protecting Files With UNIX Permissions (Task Map)

with UNIX permissions task map, Protecting Files With UNIX Permissions (Task Map)

protection level

clear, Overview of Kerberized Commands

private, Overview of Kerberized Commands

safe, Overview of Kerberized Commands

setting in ftp, Overview of Kerberized Commands

Protocol keyword, Secure Shell, Keywords in Secure Shell

providers

adding library, How to Add a Software Provider

adding software provider, How to Add a Software Provider

adding user-level software provider, How to Add a Software Provider

connecting to cryptographic framework, Plugins to the Oracle Solaris Cryptographic Framework

definition as plugins

Oracle Solaris Cryptographic Framework

Terminology in the Oracle Solaris Cryptographic Framework

definition in cryptographic framework, Terminology in the Oracle Solaris Cryptographic Framework

disabling hardware mechanisms, How to Disable Hardware Provider Mechanisms and Features

installing, Plugins to the Oracle Solaris Cryptographic Framework

listing hardware providers, How to List Hardware Providers

listing in cryptographic framework, How to List Available Providers

preventing use of kernel software provider, How to Prevent the Use of a Kernel Software Provider

registering, Plugins to the Oracle Solaris Cryptographic Framework

restoring use of kernel software provider, How to Prevent the Use of a Kernel Software Provider

signing, Plugins to the Oracle Solaris Cryptographic Framework

proxiable ticket, definition, Types of Tickets

proxy ticket, definition, Types of Tickets

ProxyCommand keyword, ssh_config file, Keywords in Secure Shell

pseudo-tty, use in Secure Shell, Command Execution and Data Forwarding in Secure Shell

PubkeyAuthentication keyword, Secure Shell, Keywords in Secure Shell

public audit policy

description, Determining Audit Policy

read-only events, Determining Audit Policy

public directories

auditing, Audit Terminology and Concepts

sticky bit and, Sticky Bit

public key authentication, Secure Shell, Secure Shell Authentication

public key cryptography

AUTH_DH client-server session, Implementation of Diffie-Hellman Authentication

changing NFS public keys and secret keys, Implementation of Diffie-Hellman Authentication

common keys

calculation, Implementation of Diffie-Hellman Authentication

database of public keys for Secure RPC, Implementation of Diffie-Hellman Authentication

generating keys

conversation keys for Secure NFS, Implementation of Diffie-Hellman Authentication

using Diffie-Hellman, Implementation of Diffie-Hellman Authentication

NFS secret keys, Implementation of Diffie-Hellman Authentication

public key technologies, See PKI

public keys

changing passphrase, How to Change the Passphrase for a Secure Shell Private Key

DH authentication and, Diffie-Hellman Authentication and Secure RPC

generating public-private key pair, How to Generate a Public/Private Key Pair for Use With Secure Shell

Secure Shell identity files, Secure Shell Files

public objects, auditing, Audit Terminology and Concepts

publickey map, DH authentication, Diffie-Hellman Authentication and Secure RPC

pwcheck_method option, SASL and, SASL Options