Remote Administration Daemon Developer Guide

Exit Print View

 
Updated: July 2014
 
 

Features Overview

The main functionality offered by rad is as follows:

  • Essentials

    • Managed and configured by two SMF services, svc:/system/rad:local and svc:/system/rad:remote

    • Structured, browsable namespace.

    • Inspectable, typed, versioned interfaces.

    • Asynchronous event sources.

    • XML-based IDL ADR supports formally defining APIs. The IDL compiler radadrgen generates client language bindings.

  • Security

    • Full PAM conversation support including use of pam_setcred(3PAM) to set the audit context.

    • Authentication via GSSAPI in deployments where kerberos (5) is configured.

    • Implicit authentication using getpeerucred(3C) when possible.

    • No non-local network connectivity by default. Preconfigured to use TLS.

    • Most operations automatically delegated to lesser-privileged processes.

    • Defines two authorizations (solaris.smf.manage.rad and solaris.smf.value.rad) and two Rights Profiles (rad Management and rad Configuration) to provide fine-grained separation of powers for managing and configuring the rad SMF services.

      • rad authorizations

        • solaris.smf.manage.rad — Grants the authorization to enable, disable, or restart the rad SMF services.

        • solaris.smf.value.rad — Grants the authorization to change rad SMF services' property values.

      • rad rights profiles

        • rad Management — Includes the solaris.smf.manage.rad authorization.

        • rad Configuration — Includes the solaris.smf.value.rad authorization.

    • Generates AUE_rad_login, AUE_logout, AUE_role_login, AUE_role_logout, and AUE_passwd audit events.

  • Connectivity

    • Local access via AF_UNIX sockets.

    • Remote access via TCP sockets.

    • Secure remote access via TLS sockets.

    • Captive execution with access through a pipe.

    • Connection points are completely configurable at the command line or via SMF.

  • Client support

    • A Java language binding provides access to all defined server interfaces.

    • A Python language binding provides access to all defined server interfaces.

    • A C language binding provides access to all defined server interfaces.

  • Extension

    • A public native C module interface supports addition of third-party content.

    • radadrgen can generate server-side type definitions and stubs from IDL input.

    • A native execution system can automatically run modules with authenticated user's privilege and audit context, simplifying authentication and auditing.

    • Private module interfaces permit defining new transports.

Copyright © 2012, 2014, Oracle and/or its affiliates. All rights reserved. Legal Notices
Previous
Next