oracle home
Developer's Guide to Oracle
®
Solaris 11 Security
Exit Print View
Search Term
Search Scope:
This Document
Entire Library
» ...
Index G
Updated: July 2014
Developer's Guide to Oracle
®
Solaris 11 Security
Document Information
Using This Documentation
Product Documentation Library
Access to Oracle Support
Feedback
Chapter 1 Oracle Solaris Security for Developers (Overview)
Overview of Oracle Solaris Security Features for Developers
System Security
Address Space Layout Randomization (ASLR)
Debugging and ASLR
Network Security Architecture
Chapter 2 Developing Privileged Applications
Privileged Applications
About Privileges
How Administrators Assign Privileges
How Privileges Are Implemented
Permitted Privilege Set
Inheritable Privilege Set
Limit Privilege Set
Effective Privilege Set
Compatibility Between the Superuser and Privilege Models
Privilege Categories
Programming with Privileges
Privilege Data Types
Privilege Interfaces
setppriv: for Setting Privileges
priv_str_to_set for Mapping Privileges
Privilege Coding Example
Privilege Bracketing in the Superuser Model
Privilege Bracketing in the Least Privilege Model
Guidelines for Developing Privileged Applications
About Authorizations
Chapter 3 Writing PAM Applications and Services
Introduction to the PAM Framework
PAM Service Modules
Changes to PAM Modules in This Release
PAM Library
PAM Authentication Process
Requirements for PAM Consumers
PAM Configuration
Configuring PAM Through /etc/pam.d
Writing Applications That Use PAM Services
A Simple PAM Consumer Example
Other Useful PAM Functions
Writing Conversation Functions
Writing Modules That Provide PAM Services
Requirements for PAM Service Providers
Sample PAM Provider Service Module
Chapter 4 Writing Applications That Use GSS-API
Introduction to GSS-API
Application Portability With GSS-API
Security Services in GSS-API
Available Mechanisms in GSS-API
Remote Procedure Calls With GSS-API
Limitations of GSS-API
Language Bindings for GSS-API
Where to Get More Information on GSS-API
Important Elements of GSS-API
GSS-API Data Types
GSS-API Integers
Strings and Similar Data in GSS-API
Names in GSS-API
Comparing Names in GSS-API
GSS-API OIDs
Mechanisms and QOPs in GSS-API
Name Types in GSS-API
GSS-API Status Codes
GSS-API Tokens
Interprocess Tokens in GSS-API
Developing Applications That Use GSS-API
Generalized GSS-API Usage
Working With Credentials in GSS-API
Acquiring Credentials in GSS-API
Working With Contexts in GSS-API
Initiating a Context in GSS-API
Accepting a Context in GSS-API
Using Other Context Services in GSS-API
Delegating a Credential in GSS-API
Performing Mutual Authentication Between Peers in GSS-API
Performing Anonymous Authentication in GSS-API
Using Channel Bindings in GSS-API
Exporting and Importing Contexts in GSS-API
Obtaining Context Information in GSS-API
Sending Protected Data in GSS-API
Tagging Messages With gss_get_mic
Wrapping Messages With gss_wrap
Handling Wrap Size Issues in GSS-API
Detecting Sequence Problems in GSS-API
Confirming Message Transmission in GSS-API
Cleaning Up a GSS-API Session
Chapter 5 GSS-API Client Example
GSSAPI Client Example Overview
GSSAPI Client Example Structure
Running the GSSAPI Client Example
GSSAPI Client Example: main Function
Opening a Connection With the Server
Establishing a Security Context With the Server
Translating a Service Name into GSS-API Format
Establishing a Security Context for GSS-API
Miscellaneous GSSAPI Context Operations on the Client Side
Wrapping and Sending a Message
Reading and Verifying a Signature Block From a GSS-API Client
Deleting the Security Context
Chapter 6 GSS-API Server Example
GSSAPI Server Example Overview
GSSAPI Server Example Structure
Running the GSSAPI Server Example
GSSAPI Server Example: main Function
Acquiring Credentials
Checking for inetd
Receiving Data From a Client
Accepting a Context
Unwrapping the Message
Signing and Returning the Message
Using the test_import_export_context Function
Cleanup in the GSSAPI Server Example
Chapter 7 Writing Applications That Use SASL
Introduction to Simple Authentication Security Layer (SASL)
SASL Library Basics
SASL Architecture
Security Mechanisms
SASL Security Strength Factor
Communication in SASL
SASL Connection Contexts
Steps in the SASL Cycle
libsasl Initialization
SASL Session Initialization
SASL Authentication
SASL Confidentiality and Integrity
Releasing SASL Sessions
libsasl Cleanup
SASL Example
SASL for Service Providers
SASL Plug-in Overview
Important Structures for SASL Plug-ins
Client Plug-ins
Server Plug-ins
User Canonicalization Plug-ins
Auxiliary Property (auxprop) Plug-ins
SASL Plug-in Development Guidelines
Error Reporting in SASL Plug-ins
Memory Allocation in SASL Plug-ins
Setting the SASL Negotiation Sequence
Chapter 8 Introduction to the Oracle Solaris Cryptographic Framework
Oracle Solaris Cryptography Terminology
Overview of the Cryptographic Framework
Components of the Cryptographic Framework
What Cryptography Developers Need to Know
Requirements for Developers of User-Level Consumers
Requirements for Developers of Kernel-Level Consumers
Chapter 9 Writing User???Level Cryptographic Applications
Overview of the Cryptoki Library
PKCS #11 Function List
Functions for Using PKCS #11
PKCS #11 Functions: C_Initialize
PKCS #11 Functions: C_GetInfo
PKCS #11 Functions: C_GetSlotList
PKCS #11 Functions: C_GetTokenInfo
PKCS #11 Functions: C_OpenSession
PKCS #11 Functions: C_GetMechanismList
Extended PKCS #11 Functions
Extended PKCS #11 Functions: SUNW_C_GetMechSession
Extended PKCS #11 Functions: SUNW_C_KeyToObject
User-Level Cryptographic Application Examples
Message Digest Example
Symmetric Encryption Example
Sign and Verify Example
Random Byte Generation Example
Chapter 10 Introduction to the Oracle Solaris Key Management Framework
Oracle Solaris Key Management Framework Features
Oracle Solaris Key Management Framework Components
KMF Key Management Tool
KMF Policy Enforcement Mechanisms
KMF Application Programming Interfaces
Oracle Solaris Key Management Framework Example Application
KMF Headers and Libraries
KMF Basic Data Types
KMF Application Results Verification
Complete KMF Application Source Code
Appendix A Secure Coding Guidelines for Developers
Appendix B Sample C???Based GSS-API Programs
Client-Side Application
Server-Side Application
Miscellaneous GSS-API Sample Functions
Appendix C GSS-API Reference
GSS-API Functions
Functions From Previous Versions of GSS-API
Functions for Manipulating OIDs
Renamed Functions
GSS-API Status Codes
GSS-API Major Status Code Values
Displaying Status Codes
Status Code Macros
GSS-API Data Types and Values
Basic GSS-API Data Types
OM_uint32
gss_buffer_desc
gss_OID_desc
gss_OID_set_desc
gss_channel_bindings_struct
Name Types
Address Types for Channel Bindings
Implementation-Specific Features in GSS-API
Oracle Solaris-Specific Functions
Human-Readable Name Syntax
Format of Anonymous Names
Implementations of Selected Data Types
Deletion of Contexts and Stored Data
Protection of Channel-Binding Information
Context Exportation and Interprocess Tokens
Types of Credentials Supported
Credential Expiration
Context Expiration
Wrap Size Limits and QOP Values
Use of minor_status Parameter
Kerberos v5 Status Codes
Messages Returned in Kerberos v5 for Status Code 1
Messages Returned in Kerberos v5 for Status Code 2
Messages Returned in Kerberos v5 for Status Code 3
Messages Returned in Kerberos v5 for Status Code 4
Messages Returned in Kerberos v5 for Status Code 5
Messages Returned in Kerberos v5 for Status Code 6
Messages Returned in Kerberos v5 for Status Code 7
Appendix D Specifying an OID
Files with OID Values
/etc/gss/mech File
/etc/gss/qop File
gss_str_to_oid Function
Constructing Mechanism OIDs
createMechOid Function
Specifying a Non-Default Mechanism
Appendix E Source Code for SASL Example
SASL Client Example
SASL Server Example
Common Code
Appendix F SASL Reference Tables
SASL Interface Summaries
Appendix G Security Considerations When Using C Functions
Glossary
Index
Index A
Index C
Index D
Index E
Index F
Index G
Index H
Index I
Index J
Index K
Index L
Index M
Index N
Index O
Index P
Index Q
Index R
Index S
Index T
Index U
Index V
Index W
Language:
English
G
General Security Standard Application Programming Interface
See
GSS-API
GetMechanismInfo()
function
Sign and Verify Example
GetRandSlot()
function
Random Byte Generation Example
GetTokenInfo()
function
Random Byte Generation Example
GSS-API
acquiring credentials
Acquiring Credentials
anonymous authentication
Performing Anonymous Authentication in GSS-API
anonymous name format
Format of Anonymous Names
channel bindings
Address Types for Channel Bindings
Using Channel Bindings in GSS-API
communication layers
Introduction to GSS-API
comparing names in
Comparing Names in GSS-API
confidentiality
Sending Protected Data in GSS-API
constructing OIDs
Constructing Mechanism OIDs
context establishment example
Establishing a Security Context for GSS-API
contexts
acceptance example
Accepting a Context
deallocation
Cleaning Up a GSS-API Session
expiration
Context Expiration
createMechOid()
function
createMechOid Function
credentials
Working With Credentials in GSS-API
expiration
Credential Expiration
data types
GSS-API Data Types and Values
GSS-API Data Types
detecting out-of-sequence problems
Detecting Sequence Problems in GSS-API
developing applications
Developing Applications That Use GSS-API
displaying status codes
Displaying Status Codes
encryption
Wrapping Messages With gss_wrap
Sending Protected Data in GSS-API
exporting contexts
Context Exportation and Interprocess Tokens
Exporting and Importing Contexts in GSS-API
files containing OID values
Files with OID Values
functions
GSS-API Functions
generalized steps
Generalized GSS-API Usage
gss-client
example
context deletion
Deleting the Security Context
contexts
Miscellaneous GSSAPI Context Operations on the Client Side
sending messages
Wrapping and Sending a Message
signature blocks
Reading and Verifying a Signature Block From a GSS-API Client
gss-server
example
signing messages
Signing and Returning the Message
unwrapping messages
Unwrapping the Message
gss_str_to_oid()
function
gss_str_to_oid Function
include files
Generalized GSS-API Usage
integrity
Sending Protected Data in GSS-API
interprocess tokens
Context Exportation and Interprocess Tokens
introduction
Introduction to GSS-API
Kerberos v5 status codes
Kerberos v5 Status Codes
language bindings
Language Bindings for GSS-API
limitations
Limitations of GSS-API
mech
file
/etc/gss/mech File
message transmission
Confirming Message Transmission in GSS-API
MICs
Sending Protected Data in GSS-API
minor-status codes
Use of minor_status Parameter
miscellaneous sample functions
source code
Miscellaneous GSS-API Sample Functions
mutual authentication
Performing Mutual Authentication Between Peers in GSS-API
name types
Name Types
Name Types in GSS-API
OIDs
GSS-API OIDs
other context services
Using Other Context Services in GSS-API
outside references
Where to Get More Information on GSS-API
portability
Application Portability With GSS-API
protecting channel-binding information
Protection of Channel-Binding Information
QOP
/etc/gss/qop File
Application Portability With GSS-API
readable name syntax
Human-Readable Name Syntax
releasing contexts
Cleanup in the GSSAPI Server Example
releasing stored data
Deletion of Contexts and Stored Data
remote procedure calls
Remote Procedure Calls With GSS-API
replaced functions
Functions From Previous Versions of GSS-API
role in Oracle Solaris OS
Network Security Architecture
sample client application
description
GSSAPI Client Example Overview
source code
Client-Side Application
sample server application
description
GSSAPI Server Example Overview
source code
Server-Side Application
specifying non-default mechanisms
Specifying a Non-Default Mechanism
specifying OIDs
Specifying an OID
status code macros
Status Code Macros
status codes
GSS-API Major Status Code Values
GSS-API Status Codes
GSS-API Status Codes
supported credentials
Types of Credentials Supported
tokens
GSS-API Tokens
context-level
GSS-API Tokens
interprocess
Interprocess Tokens in GSS-API
per-message
GSS-API Tokens
translation into GSS-API format
Translating a Service Name into GSS-API Format
wrap-size limits
Wrap Size Limits and QOP Values
gss-client
example
context deletion
Deleting the Security Context
obtaining context status
Miscellaneous GSSAPI Context Operations on the Client Side
restoring contexts
Miscellaneous GSSAPI Context Operations on the Client Side
saving contexts
Miscellaneous GSSAPI Context Operations on the Client Side
sending messages
Wrapping and Sending a Message
signature blocks
Reading and Verifying a Signature Block From a GSS-API Client
gss-client
sample application
GSSAPI Client Example Overview
gss-server
example
signing messages
Signing and Returning the Message
unwrapping messages
Unwrapping the Message
gss-server
sample application
GSSAPI Server Example Overview
gss_accept_sec_context()
function
GSS-API Functions
Accepting a Context in GSS-API
GSS-API server example
server_establish_context Function
gss_acquire_cred()
function
GSS-API Functions
Acquiring Credentials in GSS-API
GSS-API server example
Acquiring Credentials
gss_add_cred()
function
GSS-API Functions
Acquiring Credentials in GSS-API
gss_add_oid_set_member()
function
GSS-API Functions
gss_buffer_desc structure
gss_buffer_desc
gss_buffer_desc
structure
Strings and Similar Data in GSS-API
gss_buffer_t
pointer
Strings and Similar Data in GSS-API
GSS_C_ACCEPT
credential
Working With Credentials in GSS-API
GSS_C_BOTH
credential
Working With Credentials in GSS-API
GSS_C_INITIATE
credential
Working With Credentials in GSS-API
GSS_CALLING_ERROR
macro
Status Code Macros
GSS-API Status Codes
gss_canonicalize_name()
function
GSS-API Functions
Using gss_import_name
gss_channel_bindings_structure structure
gss_channel_bindings_struct
gss_channel_bindings_t data type
Using Channel Bindings in GSS-API
gss_compare_name()
function
GSS-API Functions
Comparing Names (Slow)
Comparing Names in GSS-API
gss_context_time()
function
GSS-API Functions
gss_create_empty_oid_set()
function
GSS-API Functions
gss_delete_oid()
function
Functions for Manipulating OIDs
gss_delete_sec_context()
function
GSS-API Functions
Cleaning Up a GSS-API Session
releasing contexts
Deletion of Contexts and Stored Data
gss_display_name()
function
GSS-API Functions
Using gss_import_name
gss_display_status()
function
Displaying Status Codes
GSS-API Functions
gss_duplicate_name()
function
GSS-API Functions
gss_export_context()
function
Interprocess Tokens in GSS-API
gss_export_name()
function
GSS-API Functions
gss_export_sec_context()
function
GSS-API Functions
Exporting and Importing Contexts in GSS-API
gss_get_mic()
function
GSS-API Functions
Tagging Messages With gss_get_mic
Sending Protected Data in GSS-API
comparison with
gss_wrap()
function
Sending Protected Data in GSS-API
GSS-API server example
Signing and Returning the Message
gss_import_name()
function
GSS-API Functions
Names in GSS-API
GSS-API client example
Translating a Service Name into GSS-API Format
GSS-API server example
Acquiring Credentials
gss_import_sec_context()
function
GSS-API Functions
Exporting and Importing Contexts in GSS-API
gss_indicate_mechs()
function
GSS-API Functions
gss_init_sec_context()
function
GSS-API Functions
Using Other Context Services in GSS-API
Initiating a Context in GSS-API
GSS-API client example
Establishing a Security Context for GSS-API
use in anonymous authentication
Performing Anonymous Authentication in GSS-API
use in mutual authentication
Performing Mutual Authentication Between Peers in GSS-API
gss_inquire_context function
Obtaining Context Information in GSS-API
gss_inquire_context()
function
GSS-API Functions
gss_inquire_cred()
function
GSS-API Functions
gss_inquire_cred_by_mech()
function
GSS-API Functions
gss_inquire_mechs_for_name()
function
GSS-API Functions
gss_inquire_names_for_mech()
function
GSS-API Functions
gss_OID
pointer
GSS-API OIDs
gss_OID_desc structure
gss_OID_desc
gss_OID_set
pointer
OIDs Structure
gss_OID_set_desc structure
gss_OID_set_desc
gss_OID_set_desc
structure
OIDs Structure
gss_oid_to_str()
function
Functions for Manipulating OIDs
gss_process_context_token()
function
GSS-API Functions
gss_release_buffer()
function
GSS-API Functions
Cleaning Up a GSS-API Session
gss_release_cred()
function
GSS-API Functions
Cleaning Up a GSS-API Session
GSS-API server example
Cleanup in the GSSAPI Server Example
gss_release_name()
function
GSS-API Functions
Cleaning Up a GSS-API Session
releasing stored data
Deletion of Contexts and Stored Data
gss_release_oid()
function
GSS-API client example
GSSAPI Client Example: main Function
GSS-API server example
Acquiring Credentials
gss_release_oid_set()
function
GSS-API Functions
Cleaning Up a GSS-API Session
GSS_ROUTINE_ERROR
macro
Status Code Macros
GSS-API Status Codes
gss_seal()
function
Renamed Functions
gss_sign()
function
Renamed Functions
gss_str_to_oid()
function
gss_str_to_oid Function
Functions for Manipulating OIDs
GSS_SUPPLEMENTARY_INFO
macro
Status Code Macros
GSS-API Status Codes
gss_test_oid_set_member()
function
GSS-API Functions
gss_unseal()
function
Renamed Functions
gss_unwrap()
function
GSS-API Functions
GSS-API server example
Unwrapping the Message
gss_verify()
function
Renamed Functions
gss_verify_mic()
function
GSS-API Functions
gss_wrap()
function
GSS-API Functions
Handling Wrap Size Issues in GSS-API
Sending Protected Data in GSS-API
comparison with
gss_get_mic()
function
Sending Protected Data in GSS-API
wrapping messages
Wrapping Messages With gss_wrap
gss_wrap_size_limit()
function
GSS-API Functions
Handling Wrap Size Issues in GSS-API
gssapi.h file
Generalized GSS-API Usage
guidelines for privileged applications
Guidelines for Developing Privileged Applications
Previous
Next