Several LDAP databases have been created or modified to hold Trusted Extensions data about label configuration, users, and remote systems. In this procedure, you populate the LDAP server databases with Trusted Extensions information.
Before You Begin
You must be in the root role in the global zone. You are on an LDAP client. For the prerequisites, see Create an LDAP Client to Populate the LDAP Server.
# mkdir -p /setup/files
# cd /etc # cp aliases group networks netmasks protocols /setup/files # cp rpc services auto_master /setup/files # cd /etc/security/tsol # cp tnrhdb tnrhtp /setup/files
Caution - Do not copy the *attr files. Rather, use the –S ldap option to the commands that add users, roles, and rights profiles to the LDAP repository. These commands add entries for the user_attr, auth_attr, exec_attr, and prof_attr databases. For more information, see the user_attr(5) and useradd(8) man pages. |
# cp /zone/public/root/etc/auto_home_public /setup/files # cp /zone/internal/root/etc/auto_home_internal /setup/files # cp /zone/needtoknow/root/etc/auto_home_needtoknow /setup/files # cp /zone/restricted/root/etc/auto_home_restricted /setup/files
In the following list of automaps, the first of each pair of lines shows the name of the file. The second line of each pair shows the file contents. The zone names identify labels from the default label_encodings file that is included with the Trusted Extensions software.
Substitute your zone names for the zone names in these lines.
myNFSserver identifies the NFS server for the home directories.
/setup/files/auto_home_public * myNFSserver_FQDN:/zone/public/root/export/home/& /setup/files/auto_home_internal * myNFSserver_FQDN:/zone/internal/root/export/home/& /setup/files/auto_home_needtoknow * myNFSserver_FQDN:/zone/needtoknow/root/export/home/& /setup/files/auto_home_restricted * myNFSserver_FQDN:/zone/restricted/root/export/home/&
For more information, see the ldapclient(8) man page.
For instructions, see Labeling Hosts and Networks.