The main functionality offered by rad is as follows:
Essentials
Managed and configured by two SMF services, svc:/system/rad:local and svc:/system/rad:remote
Structured, browsable namespace.
Inspectable, typed, versioned interfaces.
Asynchronous event sources.
XML-based IDL ADR supports formally defining APIs. The IDL compiler radadrgen generates client language bindings.
Security
Full PAM conversation support including use of pam_setcred(3PAM) to set the audit context.
Authentication via GSSAPI in deployments where kerberos (5) is configured.
Implicit authentication using getpeerucred(3C) when possible.
No non-local network connectivity by default. Preconfigured to use TLS.
Most operations automatically delegated to lesser-privileged processes.
Defines two authorizations (solaris.smf.manage.rad and solaris.smf.value.rad) and two Rights Profiles (rad Management and rad Configuration) to provide fine-grained separation of powers for managing and configuring the rad SMF services.
rad authorizations
solaris.smf.manage.rad — Grants the authorization to enable, disable, or restart the rad SMF services.
solaris.smf.value.rad — Grants the authorization to change rad SMF services' property values.
rad rights profiles
rad Management — Includes the solaris.smf.manage.rad authorization.
rad Configuration — Includes the solaris.smf.value.rad authorization.
Generates AUE_rad_login, AUE_logout, AUE_role_login, AUE_role_logout, and AUE_passwd audit events.
Connectivity
Local access via AF_UNIX sockets.
Remote access via TCP sockets.
Secure remote access via TLS sockets.
Captive execution with access through a pipe.
Connection points are completely configurable at the command line or via SMF.
Client support
A Java language binding provides access to all defined server interfaces.
A Python language binding provides access to all defined server interfaces.
A C language binding provides access to all defined server interfaces.
Extension
A public native C module interface supports addition of third-party content.
radadrgen can generate server-side type definitions and stubs from IDL input.
A native execution system can automatically run modules with authenticated user's privilege and audit context, simplifying authentication and auditing.
Private module interfaces permit defining new transports.