oracle home
Developer's Guide to Oracle
®
Solaris 11 Security
Exit Print View
Search Term
Search Scope:
This Document
Entire Library
» ...
Index S
Updated: July 2014
Developer's Guide to Oracle
®
Solaris 11 Security
Document Information
Using This Documentation
Product Documentation Library
Access to Oracle Support
Feedback
Chapter 1 Oracle Solaris Security for Developers (Overview)
Overview of Oracle Solaris Security Features for Developers
System Security
Address Space Layout Randomization (ASLR)
Debugging and ASLR
Network Security Architecture
Chapter 2 Developing Privileged Applications
Privileged Applications
About Privileges
How Administrators Assign Privileges
How Privileges Are Implemented
Permitted Privilege Set
Inheritable Privilege Set
Limit Privilege Set
Effective Privilege Set
Compatibility Between the Superuser and Privilege Models
Privilege Categories
Programming with Privileges
Privilege Data Types
Privilege Interfaces
setppriv: for Setting Privileges
priv_str_to_set for Mapping Privileges
Privilege Coding Example
Privilege Bracketing in the Superuser Model
Privilege Bracketing in the Least Privilege Model
Guidelines for Developing Privileged Applications
About Authorizations
Chapter 3 Writing PAM Applications and Services
Introduction to the PAM Framework
PAM Service Modules
Changes to PAM Modules in This Release
PAM Library
PAM Authentication Process
Requirements for PAM Consumers
PAM Configuration
Configuring PAM Through /etc/pam.d
Writing Applications That Use PAM Services
A Simple PAM Consumer Example
Other Useful PAM Functions
Writing Conversation Functions
Writing Modules That Provide PAM Services
Requirements for PAM Service Providers
Sample PAM Provider Service Module
Chapter 4 Writing Applications That Use GSS-API
Introduction to GSS-API
Application Portability With GSS-API
Security Services in GSS-API
Available Mechanisms in GSS-API
Remote Procedure Calls With GSS-API
Limitations of GSS-API
Language Bindings for GSS-API
Where to Get More Information on GSS-API
Important Elements of GSS-API
GSS-API Data Types
GSS-API Integers
Strings and Similar Data in GSS-API
Names in GSS-API
Comparing Names in GSS-API
GSS-API OIDs
Mechanisms and QOPs in GSS-API
Name Types in GSS-API
GSS-API Status Codes
GSS-API Tokens
Interprocess Tokens in GSS-API
Developing Applications That Use GSS-API
Generalized GSS-API Usage
Working With Credentials in GSS-API
Acquiring Credentials in GSS-API
Working With Contexts in GSS-API
Initiating a Context in GSS-API
Accepting a Context in GSS-API
Using Other Context Services in GSS-API
Delegating a Credential in GSS-API
Performing Mutual Authentication Between Peers in GSS-API
Performing Anonymous Authentication in GSS-API
Using Channel Bindings in GSS-API
Exporting and Importing Contexts in GSS-API
Obtaining Context Information in GSS-API
Sending Protected Data in GSS-API
Tagging Messages With gss_get_mic
Wrapping Messages With gss_wrap
Handling Wrap Size Issues in GSS-API
Detecting Sequence Problems in GSS-API
Confirming Message Transmission in GSS-API
Cleaning Up a GSS-API Session
Chapter 5 GSS-API Client Example
GSSAPI Client Example Overview
GSSAPI Client Example Structure
Running the GSSAPI Client Example
GSSAPI Client Example: main Function
Opening a Connection With the Server
Establishing a Security Context With the Server
Translating a Service Name into GSS-API Format
Establishing a Security Context for GSS-API
Miscellaneous GSSAPI Context Operations on the Client Side
Wrapping and Sending a Message
Reading and Verifying a Signature Block From a GSS-API Client
Deleting the Security Context
Chapter 6 GSS-API Server Example
GSSAPI Server Example Overview
GSSAPI Server Example Structure
Running the GSSAPI Server Example
GSSAPI Server Example: main Function
Acquiring Credentials
Checking for inetd
Receiving Data From a Client
Accepting a Context
Unwrapping the Message
Signing and Returning the Message
Using the test_import_export_context Function
Cleanup in the GSSAPI Server Example
Chapter 7 Writing Applications That Use SASL
Introduction to Simple Authentication Security Layer (SASL)
SASL Library Basics
SASL Architecture
Security Mechanisms
SASL Security Strength Factor
Communication in SASL
SASL Connection Contexts
Steps in the SASL Cycle
libsasl Initialization
SASL Session Initialization
SASL Authentication
SASL Confidentiality and Integrity
Releasing SASL Sessions
libsasl Cleanup
SASL Example
SASL for Service Providers
SASL Plug-in Overview
Important Structures for SASL Plug-ins
Client Plug-ins
Server Plug-ins
User Canonicalization Plug-ins
Auxiliary Property (auxprop) Plug-ins
SASL Plug-in Development Guidelines
Error Reporting in SASL Plug-ins
Memory Allocation in SASL Plug-ins
Setting the SASL Negotiation Sequence
Chapter 8 Introduction to the Oracle Solaris Cryptographic Framework
Oracle Solaris Cryptography Terminology
Overview of the Cryptographic Framework
Components of the Cryptographic Framework
What Cryptography Developers Need to Know
Requirements for Developers of User-Level Consumers
Requirements for Developers of Kernel-Level Consumers
Chapter 9 Writing User???Level Cryptographic Applications
Overview of the Cryptoki Library
PKCS #11 Function List
Functions for Using PKCS #11
PKCS #11 Functions: C_Initialize
PKCS #11 Functions: C_GetInfo
PKCS #11 Functions: C_GetSlotList
PKCS #11 Functions: C_GetTokenInfo
PKCS #11 Functions: C_OpenSession
PKCS #11 Functions: C_GetMechanismList
Extended PKCS #11 Functions
Extended PKCS #11 Functions: SUNW_C_GetMechSession
Extended PKCS #11 Functions: SUNW_C_KeyToObject
User-Level Cryptographic Application Examples
Message Digest Example
Symmetric Encryption Example
Sign and Verify Example
Random Byte Generation Example
Chapter 10 Introduction to the Oracle Solaris Key Management Framework
Oracle Solaris Key Management Framework Features
Oracle Solaris Key Management Framework Components
KMF Key Management Tool
KMF Policy Enforcement Mechanisms
KMF Application Programming Interfaces
Oracle Solaris Key Management Framework Example Application
KMF Headers and Libraries
KMF Basic Data Types
KMF Application Results Verification
Complete KMF Application Source Code
Appendix A Secure Coding Guidelines for Developers
Appendix B Sample C???Based GSS-API Programs
Client-Side Application
Server-Side Application
Miscellaneous GSS-API Sample Functions
Appendix C GSS-API Reference
GSS-API Functions
Functions From Previous Versions of GSS-API
Functions for Manipulating OIDs
Renamed Functions
GSS-API Status Codes
GSS-API Major Status Code Values
Displaying Status Codes
Status Code Macros
GSS-API Data Types and Values
Basic GSS-API Data Types
OM_uint32
gss_buffer_desc
gss_OID_desc
gss_OID_set_desc
gss_channel_bindings_struct
Name Types
Address Types for Channel Bindings
Implementation-Specific Features in GSS-API
Oracle Solaris-Specific Functions
Human-Readable Name Syntax
Format of Anonymous Names
Implementations of Selected Data Types
Deletion of Contexts and Stored Data
Protection of Channel-Binding Information
Context Exportation and Interprocess Tokens
Types of Credentials Supported
Credential Expiration
Context Expiration
Wrap Size Limits and QOP Values
Use of minor_status Parameter
Kerberos v5 Status Codes
Messages Returned in Kerberos v5 for Status Code 1
Messages Returned in Kerberos v5 for Status Code 2
Messages Returned in Kerberos v5 for Status Code 3
Messages Returned in Kerberos v5 for Status Code 4
Messages Returned in Kerberos v5 for Status Code 5
Messages Returned in Kerberos v5 for Status Code 6
Messages Returned in Kerberos v5 for Status Code 7
Appendix D Specifying an OID
Files with OID Values
/etc/gss/mech File
/etc/gss/qop File
gss_str_to_oid Function
Constructing Mechanism OIDs
createMechOid Function
Specifying a Non-Default Mechanism
Appendix E Source Code for SASL Example
SASL Client Example
SASL Server Example
Common Code
Appendix F SASL Reference Tables
SASL Interface Summaries
Appendix G Security Considerations When Using C Functions
Glossary
Index
Index A
Index C
Index D
Index E
Index F
Index G
Index H
Index I
Index J
Index K
Index L
Index M
Index N
Index O
Index P
Index Q
Index R
Index S
Index T
Index U
Index V
Index W
Language:
English
S
SASL
architecture
SASL Architecture
authentication
SASL Authentication
authid
SASL Library Basics
auxprop
plug-ins
Auxiliary Property (auxprop) Plug-ins
callbacks
SASL_CB_AUTHNAME
Communication in SASL
SASL_CB_CANON_USER
Communication in SASL
SASL_CB_ECHOPROMPT
Communication in SASL
SASL_CB_GETCONF
Communication in SASL
SASL_CB_GETOPT
Communication in SASL
SASL_CB_GETPATH
Communication in SASL
SASL_CB_GETREALM
Communication in SASL
SASL_CB_LANGUAGE
Communication in SASL
SASL_CB_LOG
Communication in SASL
SASL_CB_NOECHOPROMPT
Communication in SASL
SASL_CB_PASS
Communication in SASL
SASL_CB_PROXY_POLICY
Communication in SASL
SASL_CB_SERVER_USERDB_CHECKPASS
Communication in SASL
SASL_CB_SERVER_USERDB_SETPASS
Communication in SASL
SASL_CB_USER
Communication in SASL
SASL_CB_VERIFYFILE
Communication in SASL
canonicalization
User Canonicalization Plug-ins
client sample application
SASL Client Example
confidentiality
SASL Confidentiality and Integrity
connection contexts
SASL Connection Contexts
functions
SASL Interface Summaries
integrity
SASL Confidentiality and Integrity
library
SASL Library Basics
libsasl
API
Communication in SASL
libsasl
initialization
libsasl Initialization
life cycle
Steps in the SASL Cycle
mechanisms
Security Mechanisms
overview
Introduction to Simple Authentication Security Layer (SASL)
plug-in design
SASL Plug-in Development Guidelines
client plug-ins
Client Plug-ins
overview
SASL Plug-in Overview
server plug-ins
Server Plug-ins
structures
Important Structures for SASL Plug-ins
reference tables
SASL Interface Summaries
releasing resources
libsasl Cleanup
releasing sessions
Releasing SASL Sessions
role in Oracle Solaris OS
Network Security Architecture
sample functions
Common Code
sample output
SASL Example
server sample application
SASL Server Example
session initialization
SASL Session Initialization
setting SSF
SASL Session Initialization
SPI
SASL Plug-in Overview
SSF
SASL Security Strength Factor
userid
SASL Library Basics
sasl_canonuser_plug_nit()
function
User Canonicalization Plug-ins
SASL_CB_AUTHNAME
callback
Communication in SASL
SASL_CB_CANON_USER
callback
Communication in SASL
SASL_CB_ECHOPROMPT
callback
Communication in SASL
SASL_CB_GETCONF
callback
Communication in SASL
SASL_CB_GETOPT
callback
Communication in SASL
SASL_CB_GETPATH
callback
Communication in SASL
SASL_CB_GETREALM
callback
Communication in SASL
SASL_CB_LANGUAGE
callback
Communication in SASL
SASL_CB_LOG
callback
Communication in SASL
SASL_CB_NOECHOPROMPT
callback
Communication in SASL
SASL_CB_PASS
callback
Communication in SASL
SASL_CB_PROXY_POLICY
callback
Communication in SASL
SASL_CB_SERVER_USERDB_CHECKPASS
callback
Communication in SASL
SASL_CB_SERVER_USERDB_SETPASS
callback
Communication in SASL
SASL_CB_USER
callback
Communication in SASL
SASL_CB_VERIFYFILE
callback
Communication in SASL
sasl_client_add_plugin()
function
SASL Plug-in Overview
sasl_client_init()
function
SASL Plug-in Overview
libsasl Initialization
sasl_client_new()
function
SASL life cycle
SASL Session Initialization
sasl_client_start()
function
SASL life cycle
SASL Authentication
SASL_CONTINUE
flag
SASL Authentication
sasl_decode()
function
SASL Confidentiality and Integrity
sasl_dispose()
function
libsasl Cleanup
Releasing SASL Sessions
sasl_done()
function
libsasl Cleanup
Releasing SASL Sessions
sasl_encode()
function
SASL Confidentiality and Integrity
sasl_getprop()
function
checking SSF
SASL Confidentiality and Integrity
SASL_INTERACT
flag
SASL Authentication
SASL_O
K flag
SASL Authentication
sasl_server_add_plugin()
function
SASL Plug-in Overview
sasl_server_init()
function
SASL Plug-in Overview
libsasl Initialization
sasl_server_new()
function
SASL life cycle
SASL Session Initialization
sasl_server_start()
function
SASL life cycle
SASL Authentication
SEAM
GSS-API
Available Mechanisms in GSS-API
security context
See
contexts
security flavor
flavor
security mechanisms
See
GSS-API
security policy
privileged application guidelines
Guidelines for Developing Privileged Applications
security strength factor
See
SSF
send_token()
function
GSS-API client example
Establishing a Security Context for GSS-API
sequence problems
GSS-API
Detecting Sequence Problems in GSS-API
server plug-ins
SASL
Server Plug-ins
server_acquire_creds()
function
GSS-API server example
Acquiring Credentials
server_establish_context()
function
GSS-API server example
Accepting a Context
service provider interface
See
SPI
session management
PAM service module
PAM Service Modules
session objects
Oracle Solaris cryptographic framework
Oracle Solaris Cryptography Terminology
setppriv()
function
synopsis
setppriv: for Setting Privileges
shell escapes
and privileges
Guidelines for Developing Privileged Applications
sign_server()
function
GSS-API client example
GSSAPI Server Example: main Function
GSS-API server example
Receiving Data From a Client
signature blocks
GSS-API
gss-client
example
Reading and Verifying a Signature Block From a GSS-API Client
signing messages
GSS-API
Signing and Returning the Message
signing messages example
Oracle Solaris cryptographic framework
Sign and Verify Example
Simple Authentication and Security Layer
See
SASL
slots
Oracle Solaris cryptographic framework
Oracle Solaris Cryptography Terminology
soft tokens
Oracle Solaris cryptographic framework
Oracle Solaris Cryptography Terminology
specifying a QOP
Files with OID Values
specifying mechanisms in GSS-API
Files with OID Values
specifying OIDs
Specifying an OID
SPI
Oracle Solaris cryptographic framework
user level
Components of the Cryptographic Framework
SSF
defined
SASL Security Strength Factor
setting
SASL Authentication
SASL Session Initialization
status codes
GSS-API
GSS-API Status Codes
GSS-API Status Codes
major
GSS-API Status Codes
minor
GSS-API Status Codes
strings
GSS-API
Strings and Similar Data in GSS-API
SUNW_C_GetMechSession()
function
Extended PKCS #11 Functions: SUNW_C_KeyToObject
Extended PKCS #11 Functions: SUNW_C_GetMechSession
digest message example
Message Digest Example
symmetric encryption example
Symmetric Encryption Example
symmetric encryption
Oracle Solaris cryptographic framework
example
Symmetric Encryption Example
system privileges
Privilege Categories
System V IPC privileges
Privilege Categories
Previous
Next