Go to main content

Trusted Extensions Configuration and Administration

Exit Print View

Updated: March 2019

How to Log In and Administer a Remote Trusted Extensions System

This procedure enables you to use the command line and the txzonemgr GUI to administer a remote Trusted Extensions system.

Before You Begin

The user, role, and role assignment are identically defined on the local and remote systems, as described in Enable Remote Administration of a Remote Trusted Extensions System.

  1. On the desktop system, enable processes from the remote system to display.
    desktop # xhost + remote-sys
  2. Ensure that you are the user who is identically named on both systems.
  3. From a terminal window, log in to the remote system.

    Use the ssh command to log in.

    desktop % ssh -X -l identical-username remote-sys
    Password: xxxxxxxx
    remote-sys %

    The –X option enables GUIs to display.

  4. In the same terminal window, assume the role that is defined identically on both systems.

    For example, assume the root role.

    remote-sys % su - root
    Password: xxxxxxxx

    You are now in the global zone. You can now use this terminal window to administer the remote system from the command line. GUIs will display on your screen. For an example, see Example 2, Configuring Labeled Zones on a Remote System.

Example 2  Configuring Labeled Zones on a Remote System

In this example, the administrator uses the txzonemgr GUI to configure labeled zones on a labeled remote system from a labeled desktop system. As in Oracle Solaris, the administrator enables X server access to the desktop system by using the –X option to the ssh command. The user jandoe is defined identically on both systems and can assume the role remoterole.

TXdesk1 # xhost + TXnohead4
TXdesk1 % ssh -X -l jandoe TXnohead4
Password: xxxxxxxx
TXnohead4 %

To reach the global zone, the administrator uses the jandoe account to assume the role remoterole. This role is defined identically on both systems.

TXnohead4 % su - remoterole
Password: xxxxxxxx

In the same terminal, the administrator in the remoterole role starts the txzonemgr GUI.

TXnohead4 # /usr/sbin/txzonemgr &

The Labeled Zone Manager runs on the remote system and displays on the local system.

Example 3  Logging In to a Remote Labeled Zone

The administrator wants to change a configuration file on a remote system at the PUBLIC label.

    The administrator has two options.

  • Remotely log in to the global zone, display the remote global zone workspace, then change the workspace to the PUBLIC label, open a terminal window, and edit the file

  • Remotely log in to the PUBLIC zone by using the ssh command from a PUBLIC terminal window and then edit the file

Note that if the remote system is running one naming service daemon (nscd) for all the zones, and the remote system is using the files naming service, the password for the remote PUBLIC zone is the password that was in effect when it was last booted. If the password for the remote PUBLIC zone was changed, but the zone was not booted after the change, the original password allows access.


If the –X option does not work, you might need to install a package. X11 forwarding is disabled when the xauth binary is not installed. The following command loads the binary: pkg install pkg:/x11/session/xauth.