Go to main content
oracle home
Developer's Guide to Oracle
®
Solaris 11.4 Security
Exit Print View
Search Term
Search Scope:
This Document
Entire Library
» ...
Documentation Home
»
Oracle Solaris 11.4 Information Library
»
Developer's Guide to Oracle
®
...
»
Index A
Updated: November 2020
Developer's Guide to Oracle
®
Solaris 11.4 Security
Document Information
Using This Documentation
Product Documentation Library
Feedback
Chapter 1 Oracle Solaris Security for Developers (Overview)
What's New in Security Features for Developers in Oracle Solaris 11.4
Overview of Oracle Solaris Security Features for Developers
System Security
Security Extensions Framework
Using the sxadm Command to Manage Security Extensions
Debugging When Using Security Extensions
Network Security Architecture
Chapter 2 Developing Privileged Applications
Privileged Applications
About Privileges
How Administrators Assign Privileges
How Privileges Are Implemented
Permitted Privilege Set
Inheritable Privilege Set
Limit Privilege Set
Effective Privilege Set
Compatibility Between the Superuser and Privilege Models
Privilege Categories
Programming with Privileges
Privilege Data Types
Privilege Interfaces
setppriv() for Setting Privileges
priv_str_to_set() for Mapping Privileges
Privilege Coding Example
Privilege Bracketing in the Superuser Model
Privilege Bracketing in the Least Privilege Model
Guidelines for Developing Privileged Applications
About Authorizations
Chapter 3 Writing PAM Applications and Services
Introduction to the PAM Framework
PAM Service Modules
PAM Library
PAM Authentication Process
Requirements for PAM Consumers
PAM Configuration
Writing Applications That Use PAM Services
Simple PAM Consumer Example
Useful PAM Functions
Writing Conversation Functions
Writing Modules That Provide PAM Services
Requirements for PAM Service Providers
Sample PAM Provider Service Module
Chapter 4 Writing Applications That Use GSS-API
Introduction to GSS-API
Application Portability With GSS-API
Security Services in GSS-API
Available Mechanisms in GSS-API
Remote Procedure Calls With GSS-API
Limitations of GSS-API
Language Bindings for GSS-API
Where to Get More Information on GSS-API
Important Elements of GSS-API
GSS-API Data Types
GSS-API Integers
Strings and Similar Data in GSS-API
Names in GSS-API
Comparing Names in GSS-API
GSS-API OIDs
GSS-API Status Codes
GSS-API Tokens
Interprocess Tokens in GSS-API
Developing Applications That Use GSS-API
Generalized GSS-API Usage
Working With Credentials in GSS-API
Acquiring Credentials in GSS-API
Working With Contexts in GSS-API
Initiating a Context in GSS-API
Accepting a Context in GSS-API
Using Other Context Services in GSS-API
Delegating a Credential in GSS-API
Performing Mutual Authentication Between Peers in GSS-API
Performing Anonymous Authentication in GSS-API
Using Channel Bindings in GSS-API
Exporting and Importing Contexts in GSS-API
Obtaining Context Information in GSS-API
Sending Protected Data in GSS-API
Tagging Messages With gss_get_mic()
Wrapping Messages With gss_wrap()
Handling Wrap Size Issues in GSS-API
Detecting Sequence Problems in GSS-API
Confirming Message Transmission in GSS-API
Cleaning Up a GSS-API Session
Chapter 5 GSS-API Client Example
GSSAPI Client Example Overview
GSSAPI Client Example Structure
Running the GSSAPI Client Example
GSSAPI Client Example: main() Function
Opening a Connection With the Server
Establishing a Security Context With the Server
Translating a Service Name into GSS-API Format
Establishing a Security Context for GSS-API
Miscellaneous GSSAPI Context Operations on the Client Side
Wrapping and Sending a Message
Reading and Verifying a Signature Block From a GSS-API Client
Deleting the Security Context
Chapter 6 GSS-API Server Example
GSSAPI Server Example Overview
GSSAPI Server Example Structure
Running the GSSAPI Server Example
GSSAPI Server Example: main() Function
Acquiring Credentials
Checking for inetd
Receiving Data From a Client
Accepting a Context
Unwrapping the Message
Signing and Returning the Message
Using the test_import_export_context() Function
Cleaning Up the GSSAPI Server Example
Chapter 7 Introduction to the Oracle Solaris Cryptographic Framework
Oracle Solaris Cryptography Terminology
Overview of the Cryptographic Framework
Components of the Cryptographic Framework
What Cryptography Developers Need to Know
Requirements for Developers of User-Level Consumers
Requirements for Developers of User-Level Providers
Chapter 8 Writing User-Level Cryptographic Applications
Overview of the Cryptoki Library
PKCS #11 Function List
Functions for Using PKCS #11
PKCS #11 Functions: C_Initialize()
PKCS #11 Functions: C_GetInfo()
PKCS #11 Functions: C_GetSlotList()
PKCS #11 Functions: C_GetTokenInfo()
PKCS #11 Functions: C_OpenSession()
PKCS #11 Functions: C_GetMechanismList()
Extended PKCS #11 Functions
SUNW_C_GetMechSession() Extended PKCS #11 Function
SUNW_C_KeyToObject() Extended PKCS #11 Function
User-Level Cryptographic Application Examples
Message Digest Example
Symmetric Encryption Example
Sign and Verify Example
Random Byte Generation Example
Chapter 9 Introduction to the Oracle Solaris Key Management Framework
Oracle Solaris Key Management Framework Features
Oracle Solaris Key Management Framework Components
KMF Key Management Tool
KMF Policy Enforcement Mechanisms
KMF Application Programming Interfaces
Oracle Solaris Key Management Framework Example Application
KMF Headers and Libraries
KMF Basic Data Types
KMF Application Results Verification
Complete KMF Application Source Code
Appendix A Secure Coding Guidelines for Developers
Appendix B Sample C-Based GSS-API Programs
Client-Side GSS-API Application
Server-Side GSS-API Application
Miscellaneous GSS-API Sample Functions
Appendix C GSS-API Reference
GSS-API Functions
Functions From Previous Versions of GSS-API
Functions for Manipulating s
Renamed GSS-API Functions
GSS-API Status Codes
GSS-API Major Status Code Values
Displaying GSS-API Status Codes
GSS-API Status Code Macros
GSS-API Data Types and Values
Basic GSS-API Data Types
OM_uint32 Data Type
gss_buffer_desc Data Type
gss_OID_desc Data Type
gss_OID_set_desc Data Type
gss_channel_bindings_struct Data Type
GSS-API Name Types
GSS-API Address Types for Channel Bindings
Implementation-Specific Features in GSS-API
Oracle Solaris-Specific Functions
Human-Readable GSS-API Name Syntax
GSS-API Format of Anonymous Names
Implementations of Selected GSS-API Data Types
Deletion of GSS-API Contexts and Stored Data
Protection of GSS-API Channel-Binding Information
GSS-API Context Exportation and Interprocess Tokens
Types of Credentials That GSS-API Supports
Credential Expiration in GSS-API
GSS-API Context Expiration
GSS-API Wrap Size Limits and QOP Values
Use of minor_status Parameter in GSS-API
Kerberos v5 Status Codes
Messages Returned in Kerberos v5 for Status Code 1
Messages Returned in Kerberos v5 for Status Code 2
Messages Returned in Kerberos v5 for Status Code 3
Messages Returned in Kerberos v5 for Status Code 4
Messages Returned in Kerberos v5 for Status Code 5
Messages Returned in Kerberos v5 for Status Code 6
Messages Returned in Kerberos v5 for Status Code 7
Appendix D Specifying an OID
Files with OID Values
/etc/gss/mech File
/etc/gss/qop File
gss_str_to_oid() Function
Constructing Mechanism OIDs
createMechOid() Function
Specifying a Non-Default Mechanism
Appendix E Security Considerations When Using C Functions
Glossary
Index
Index A
Index B
Index C
Index D
Index E
Index F
Index G
Index H
Index I
Index J
Index K
Index L
Index M
Index N
Index O
Index P
Index Q
Index R
Index S
Index T
Index V
Index W
Language:
English
Index
A
access control lists
use in GSS-API
Comparing Names in GSS-API
account management
PAM service module
PAM Service Modules
ACL
See
access control list
acquiring context information
Obtaining Context Information in GSS-API
adiheap
security extension
Security Extensions Framework
adistack
security extension
Security Extensions Framework
anonymous authentication
Performing Anonymous Authentication in GSS-API
aslr
security extension
Security Extensions Framework
authentication
GSS-API
Security Services in GSS-API
anonymous
Performing Anonymous Authentication in GSS-API
mutual
Performing Mutual Authentication Between Peers in GSS-API
PAM process for
PAM Authentication Process
PAM service module
PAM Service Modules
authorizations
code example
Checking for User Authorizations
defined
Privileged Applications
use in application development
About Authorizations
B
basic privileges
Privilege Categories
C
C_CloseSession()
function
digest message example
Message Digest Example
message signing example
Sign and Verify Example
random byte generation example
Random Byte Generation Example
C_Decrypt()
function
Symmetric Encryption Example
C_DecryptInit()
function
Symmetric Encryption Example
C_EncryptFinal()
function
Symmetric Encryption Example
C_EncryptInit()
function
Symmetric Encryption Example
C_EncryptUpdate()
function
Symmetric Encryption Example
C_Finalize()
function
digest message example
Message Digest Example
message signing example
Sign and Verify Example
C_GenerateKeyPair()
function
Sign and Verify Example
C_GenerateRandom()
function
Random Byte Generation Example
C_GetAttributeValue()
function
Sign and Verify Example
C_GetInfo()
function
Message Digest Example
PKCS #11 Functions: C_GetInfo
C_GetMechanismList()
function
PKCS #11 Functions: C_GetMechanismList
C_GetSlotList()
function
PKCS #11 Functions: C_GetSlotList
message signing example
Sign and Verify Example
random byte generation example
Random Byte Generation Example
C_Initialize()
function
PKCS #11 Functions: C_Initialize
C_OpenSession()
function
PKCS #11 Functions: C_OpenSession
random byte generation example
Random Byte Generation Example
C_SignInit()
function
Sign and Verify Example
C_Verify()
function
Sign and Verify Example
C_VerifyInit()
function
Sign and Verify Example
Certificate Revocation List (CRL)
Oracle Solaris Key Management Framework Features
Certificate Signing Request (CSR)
KMF Key Management Tool
channel bindings
GSS-API
GSS-API Address Types for Channel Bindings
Using Channel Bindings in GSS-API
client_establish_context()
function
GSS-API client example
Establishing a Security Context With the Server
confidentiality
GSS-API
Sending Protected Data in GSS-API
Security Services in GSS-API
connect_to_server()
function
GSS-API client example
Establishing a Security Context for GSS-API
Opening a Connection With the Server
consumers
Cryptographic Framework
Oracle Solaris Cryptography Terminology
defined
Network Security Architecture
context-level tokens
GSS-API
GSS-API Tokens
contexts
GSS-API
acceptance
Accepting a Context in GSS-API
acceptance example
Accepting a Context
deletion
Cleaning Up a GSS-API Session
establishing
Working With Contexts in GSS-API
establishing example
Establishing a Security Context for GSS-API
exporting
Exporting and Importing Contexts in GSS-API
getting acquisition information
Obtaining Context Information in GSS-API
gss-client
example
Deleting the Security Context
import and export
Using the test_import_export_context Function
Exporting and Importing Contexts in GSS-API
introduction
GSS-API Layer
other context services
Using Other Context Services in GSS-API
releasing
Cleaning Up the GSSAPI Server Example
initiation in GSS-API
Initiating a Context in GSS-API
createMechOid()
function
createMechOid Function
credentials
GSS-API
acquiring
Acquiring Credentials
default
Acquiring Credentials in GSS-API
delegating
Delegating a Credential in GSS-API
types
Types of Credentials That GSS-API Supports
using
Working With Credentials in GSS-API
CRL (Certificate Revocation List)
Oracle Solaris Key Management Framework Features
cryptoadm
command
Components of the Cryptographic Framework
cryptographic checksum (MIC)
Tagging Messages With gss_get_mic
Cryptographic Framework
architecture
Overview of the Cryptographic Framework
cryptoadm
command
Components of the Cryptographic Framework
cryptographic providers
Components of the Cryptographic Framework
cryptoki
library
Overview of the Cryptoki Library
described
System Security
design requirements
user-level consumers
Requirements for Developers of User-Level Consumers
user-level providers
Requirements for Developers of User-Level Providers
elfsign
command
Components of the Cryptographic Framework
examples
message digest
Message Digest Example
random byte generation
Random Byte Generation Example
signing and verifying messages
Sign and Verify Example
symmetric encryption
Symmetric Encryption Example
introduction
Introduction to the Oracle Solaris Cryptographic Framework
kernel programmer interface
Components of the Cryptographic Framework
libpkcs11.so
Components of the Cryptographic Framework
modules verification library
Components of the Cryptographic Framework
pkcs11_softtoken.so
Components of the Cryptographic Framework
pluggable interface
Components of the Cryptographic Framework
scheduler / load balancer
Components of the Cryptographic Framework
Components of the Cryptographic Framework
cryptographic providers
Cryptographic Framework
Components of the Cryptographic Framework
cryptoki
library
overview
Overview of the Cryptoki Library
CSR (Certificate Signing Request)
KMF Key Management Tool
D
data encryption
GSS-API
Wrapping Messages With gss_wrap
data protection
GSS-API
Sending Protected Data in GSS-API
data types
GSS-API
GSS-API Data Types and Values
GSS-API Data Types
integers
GSS-API Integers
names
Names in GSS-API
strings
Strings and Similar Data in GSS-API
privileges
Privilege Data Types
debugging
security extensions and
Debugging When Using Security Extensions
default credentials
GSS-API
Acquiring Credentials in GSS-API
delegation
credentials
Delegating a Credential in GSS-API
design requirements
Cryptographic Framework
user-level consumers
Requirements for Developers of User-Level Consumers
user-level providers
Requirements for Developers of User-Level Providers
digesting messages
Cryptographic Framework
Message Digest Example
E
/etc/gss/mech
file
/etc/gss/mech File
/etc/gss/qop
file
/etc/gss/qop File
effective privilege set
Effective Privilege Set
elfdump
command
Using elfdump and elfedit to Manage Security Extensions in Objects
elfedit
command
Using elfdump and elfedit to Manage Security Extensions in Objects
elfsign
command
Components of the Cryptographic Framework
encryption
GSS-API
Sending Protected Data in GSS-API
wrapping messages with
gss_wrap()
Wrapping Messages With gss_wrap
error codes
GSS-API
GSS-API Major Status Code Values
examples
checking for authorizations
Checking for User Authorizations
Cryptographic Framework
message digest
Message Digest Example
random byte generation
Random Byte Generation Example
signing and verifying messages
Sign and Verify Example
symmetric encryption
Symmetric Encryption Example
GSS-API client application
description
GSSAPI Client Example Overview
source code
Client-Side GSS-API Application
GSS-API miscellaneous functions
source code
Miscellaneous GSS-API Sample Functions
GSS-API server application
description
GSSAPI Server Example Overview
source code
Server-Side GSS-API Application
PAM consumer application
Simple PAM Consumer Example
PAM conversation function
Writing Conversation Functions
PAM service provider
Sample PAM Provider Service Module
privilege bracketing
Privilege Bracketing in the Least Privilege Model
exporting GSS-API contexts
Exporting and Importing Contexts in GSS-API
Extended PKCS#11, v2.40 Errata 01
See
PKCS #11
F
functions
See
specific function name
GSS-API
GSS-API Functions
G
General Security Standard Application Programming Interface
See
GSS-API
GetMechanismInfo()
function
Sign and Verify Example
GetRandSlot()
function
Random Byte Generation Example
GetTokenInfo()
function
Random Byte Generation Example
GSS-API
acquiring credentials
Acquiring Credentials
anonymous authentication
Performing Anonymous Authentication in GSS-API
anonymous name format
GSS-API Format of Anonymous Names
channel bindings
GSS-API Address Types for Channel Bindings
Using Channel Bindings in GSS-API
communication layers
Introduction to GSS-API
comparing names in
Comparing Names in GSS-API
confidentiality
Sending Protected Data in GSS-API
constructing OIDs
Constructing Mechanism OIDs
context establishment example
Establishing a Security Context for GSS-API
contexts
acceptance example
Accepting a Context
deallocation
Cleaning Up a GSS-API Session
Cleaning Up a GSS-API Session
expiration
GSS-API Context Expiration
createMechOid()
function
createMechOid Function
credentials
Working With Credentials in GSS-API
expiration
Credential Expiration in GSS-API
data types
GSS-API Data Types and Values
GSS-API Data Types
described
Network Security Architecture
detecting out-of-sequence problems
Detecting Sequence Problems in GSS-API
developing applications
Developing Applications That Use GSS-API
displaying status codes
Displaying GSS-API Status Codes
encryption
Wrapping Messages With gss_wrap
Sending Protected Data in GSS-API
exporting contexts
GSS-API Context Exportation and Interprocess Tokens
Exporting and Importing Contexts in GSS-API
files containing OID values
Files with OID Values
functions
GSS-API Functions
generalized steps
Generalized GSS-API Usage
gss-client
example
context deletion
Deleting the Security Context
contexts
Miscellaneous GSSAPI Context Operations on the Client Side
sending messages
Wrapping and Sending a Message
signature blocks
Reading and Verifying a Signature Block From a GSS-API Client
gss-server
example
signing messages
Signing and Returning the Message
unwrapping messages
Unwrapping the Message
gss_str_to_oid()
function
gss_str_to_oid Function
include files
Generalized GSS-API Usage
integrity
Sending Protected Data in GSS-API
interprocess tokens
GSS-API Context Exportation and Interprocess Tokens
introduction
Introduction to GSS-API
Kerberos v5 status codes
Kerberos v5 Status Codes
language bindings
Language Bindings for GSS-API
limitations
Limitations of GSS-API
mech
file
/etc/gss/mech File
message transmission
Confirming Message Transmission in GSS-API
MICs
Sending Protected Data in GSS-API
minor-status codes
Use of minor_status Parameter in GSS-API
miscellaneous sample functions
source code
Miscellaneous GSS-API Sample Functions
mutual authentication
Performing Mutual Authentication Between Peers in GSS-API
name types
GSS-API Name Types
Name Types in GSS-API
OIDs
GSS-API OIDs
other context services
Using Other Context Services in GSS-API
outside references
Where to Get More Information on GSS-API
portability
Application Portability With GSS-API
protecting channel-binding information
Protection of GSS-API Channel-Binding Information
QOP
/etc/gss/qop File
Application Portability With GSS-API
readable name syntax
Human-Readable GSS-API Name Syntax
releasing contexts
Cleaning Up the GSSAPI Server Example
releasing stored data
Deletion of GSS-API Contexts and Stored Data
remote procedure calls
Remote Procedure Calls With GSS-API
replaced functions
Functions From Previous Versions of GSS-API
sample client application
description
GSSAPI Client Example Overview
source code
Client-Side GSS-API Application
sample server application
description
GSSAPI Server Example Overview
source code
Server-Side GSS-API Application
specifying non-default mechanisms
Specifying a Non-Default Mechanism
specifying OIDs
Specifying an OID
status code macros
GSS-API Status Code Macros
status codes
GSS-API Major Status Code Values
GSS-API Status Codes
GSS-API Status Codes
supported credentials
Types of Credentials That GSS-API Supports
tokens
GSS-API Tokens
context-level
GSS-API Tokens
interprocess
Interprocess Tokens in GSS-API
per-message
GSS-API Tokens
translation into GSS-API format
Translating a Service Name into GSS-API Format
wrap-size limits
GSS-API Wrap Size Limits and QOP Values
gss-client
example
context deletion
Deleting the Security Context
obtaining context status
Miscellaneous GSSAPI Context Operations on the Client Side
restoring contexts
Miscellaneous GSSAPI Context Operations on the Client Side
saving contexts
Miscellaneous GSSAPI Context Operations on the Client Side
sending messages
Wrapping and Sending a Message
signature blocks
Reading and Verifying a Signature Block From a GSS-API Client
gss-client
sample application
GSSAPI Client Example Overview
gss-server
example
signing messages
Signing and Returning the Message
unwrapping messages
Unwrapping the Message
gss-server
sample application
GSSAPI Server Example Overview
gss_accept_sec_context()
function
GSS-API Functions
gss_accept_sec_context()
function
Accepting a Context in GSS-API
GSS-API server example
GSSAPI Server server_establish_context Function
gss_acquire_cred()
function
GSS-API Functions
gss_acquire_cred()
function
Acquiring Credentials in GSS-API
GSS-API server example
Acquiring Credentials
gss_add_cred()
function
GSS-API Functions
gss_add_cred()
function
Acquiring Credentials in GSS-API
gss_add_oid_set_member()
function
GSS-API Functions
gss_buffer_desc structure
gss_buffer_desc Data Type
gss_buffer_desc
structure
Strings and Similar Data in GSS-API
gss_buffer_t
pointer
Strings and Similar Data in GSS-API
GSS_C_ACCEPT
credential
Working With Credentials in GSS-API
GSS_C_BOTH
credential
Working With Credentials in GSS-API
GSS_C_INITIATE
credential
Working With Credentials in GSS-API
GSS_CALLING_ERROR
macro
GSS-API Status Code Macros
GSS-API Status Codes
gss_canonicalize_name()
function
GSS-API Functions
gss_canonicalize_name()
function
Using gss_import_name
gss_channel_bindings_structure structure
gss_channel_bindings_struct Data Type
gss_channel_bindings_t data type
Using Channel Bindings in GSS-API
gss_compare_name()
function
GSS-API Functions
gss_compare_name()
function
Comparing GSSAPI Names (Slow)
Comparing Names in GSS-API
gss_context_time()
function
GSS-API Functions
gss_create_empty_oid_set()
function
GSS-API Functions
gss_delete_oid()
function
Functions for Manipulating OIDs
gss_delete_sec_context()
function
GSS-API Functions
gss_delete_sec_context()
function
Cleaning Up a GSS-API Session
releasing contexts
Deletion of GSS-API Contexts and Stored Data
gss_display_name()
function
GSS-API Functions
gss_display_name()
function
Using gss_import_name
gss_display_status()
function
GSS-API Functions
gss_display_status()
function
Displaying GSS-API Status Codes
gss_duplicate_name()
function
GSS-API Functions
gss_export_context()
function
Interprocess Tokens in GSS-API
gss_export_name()
function
GSS-API Functions
gss_export_sec_context()
function
GSS-API Functions
gss_export_sec_context()
function
Exporting and Importing Contexts in GSS-API
gss_get_mic()
function
GSS-API Functions
gss_get_mic()
function
Tagging Messages With gss_get_mic
Sending Protected Data in GSS-API
comparison with
gss_wrap()
function
Sending Protected Data in GSS-API
GSS-API server example
Signing and Returning the Message
gss_import_name()
function
GSS-API Functions
gss_import_name()
function
Names in GSS-API
GSS-API client example
Translating a Service Name into GSS-API Format
GSS-API server example
Acquiring Credentials
gss_import_sec_context()
function
GSS-API Functions
gss_import_sec_context()
function
Exporting and Importing Contexts in GSS-API
gss_indicate_mechs()
function
GSS-API Functions
gss_init_sec_context()
function
GSS-API Functions
gss_init_sec_context()
function
Using Other Context Services in GSS-API
Initiating a Context in GSS-API
GSS-API client example
Establishing a Security Context for GSS-API
use in anonymous authentication
Performing Anonymous Authentication in GSS-API
use in mutual authentication
Performing Mutual Authentication Between Peers in GSS-API
gss_inquire_context()
function
GSS-API Functions
gss_inquire_context()
function
Obtaining Context Information in GSS-API
gss_inquire_cred()
function
GSS-API Functions
gss_inquire_cred_by_mech()
function
GSS-API Functions
gss_inquire_mechs_for_name()
function
GSS-API Functions
gss_inquire_names_for_mech()
function
GSS-API Functions
gss_OID
pointer
GSS-API OIDs
gss_OID_desc structure
gss_OID_desc Data Type
gss_OID_set
pointer
OIDs Structure
gss_OID_set_desc structure
gss_OID_set_desc Data Type
gss_OID_set_desc
structure
OIDs Structure
gss_oid_to_str()
function
Functions for Manipulating OIDs
gss_process_context_token()
function
GSS-API Functions
gss_release_buffer()
function
GSS-API Functions
gss_release_buffer()
function
Cleaning Up a GSS-API Session
gss_release_cred()
function
GSS-API Functions
gss_release_cred()
function
Cleaning Up a GSS-API Session
GSS-API server example
Cleaning Up the GSSAPI Server Example
gss_release_name()
function
GSS-API Functions
gss_release_name()
function
Cleaning Up a GSS-API Session
releasing stored data
Deletion of GSS-API Contexts and Stored Data
gss_release_oid()
function
GSS-API client example
GSSAPI Client Example: main Function
GSS-API server example
Acquiring Credentials
gss_release_oid_set()
function
GSS-API Functions
gss_release_oid_set()
function
Cleaning Up a GSS-API Session
GSS_ROUTINE_ERROR
macro
GSS-API Status Code Macros
GSS-API Status Codes
gss_seal()
function
Renamed GSS-API Functions
gss_sign()
function
Renamed GSS-API Functions
gss_str_to_oid()
function
gss_str_to_oid Function
Functions for Manipulating OIDs
GSS_SUPPLEMENTARY_INFO
macro
GSS-API Status Code Macros
GSS-API Status Codes
gss_test_oid_set_member()
function
GSS-API Functions
gss_unseal()
function
Renamed GSS-API Functions
gss_unwrap()
function
GSS-API Functions
gss_unwrap()
function
GSS-API server example
Unwrapping the Message
gss_verify()
function
Renamed GSS-API Functions
gss_verify_mic()
function
GSS-API Functions
gss_wrap()
function
comparison with
gss_get_mic()
Sending Protected Data in GSS-API
message encryption and
Sending Protected Data in GSS-API
size issues
Handling Wrap Size Issues in GSS-API
wrapping messages
Wrapping Messages With gss_wrap
gss_wrap()
function
describing
GSS-API Functions
gss_wrap_size_limit()
function
GSS-API Functions
gss_wrap_size_limit()
function
Handling Wrap Size Issues in GSS-API
gssapi.h
file
Generalized GSS-API Usage
guidelines for privileged applications
Guidelines for Developing Privileged Applications
H
header files
GSS-API
Generalized GSS-API Usage
I
importing GSS-API contexts
Exporting and Importing Contexts in GSS-API
inetd
checking for in
gss-client()
example
Checking for inetd
inheritable privilege set
Inheritable Privilege Set
integers
GSS-API
GSS-API Integers
integrity
GSS-API
Sending Protected Data in GSS-API
Security Services in GSS-API
interprocess tokens
GSS-API
Interprocess Tokens in GSS-API
J
Java API
System Security
K
kadi
security extension
Security Extensions Framework
Kerberos v5
GSS-API
Available Mechanisms in GSS-API
key management
System Security
Key Management Framework (KMF)
Introduction to the Oracle Solaris Key Management Framework
keypair
KMF Application Programming Interfaces
keystore
Oracle Solaris Key Management Framework Features
KMF (Key Management Framework)
Introduction to the Oracle Solaris Key Management Framework
kmfcfg
command
KMF Policy Enforcement Mechanisms
L
language bindings
GSS-API
Language Bindings for GSS-API
libpam
library
PAM Library
libpkcs11.so
library
Cryptographic Framework
Components of the Cryptographic Framework
libraries
cryptoki
Overview of the Cryptoki Library
libpam
PAM Library
libpkcs11
Components of the Cryptographic Framework
pkcs11_softtoken
Components of the Cryptographic Framework
limit privilege set
Limit Privilege Set
M
macros
GSS-API
GSS-API Status Codes
major status codes
GSS-API
GSS-API Status Codes
descriptions
GSS-API Major Status Code Values
mech
file
/etc/gss/mech File
Mechanism Name (MN)
Using gss_import_name
mechanisms
Cryptographic Framework
Oracle Solaris Cryptography Terminology
defined
Network Security Architecture
GSS-API
Available Mechanisms in GSS-API
printable formats
gss_str_to_oid Function
specifying GSS-API
Mechanisms and QOPs in GSS-API
memcmp function
Comparing GSSAPI Names (Slow)
message digesting
Cryptographic Framework
Message Digest Example
Message Integrity Code
See
MICs
messages
See Also
data
encrypting with
gss_wrap()
Wrapping Messages With gss_wrap
GSS-API
GSS-API Tokens
out-of-sequence problems
Detecting Sequence Problems in GSS-API
sending
Wrapping and Sending a Message
signing
Signing and Returning the Message
transmission confirmation
Confirming Message Transmission in GSS-API
unwrapping
Unwrapping the Message
tagging with MICs
Tagging Messages With gss_get_mic
wrapping in GSS-API
Handling Wrap Size Issues in GSS-API
metaslot
Cryptographic Framework
Oracle Solaris Cryptography Terminology
MICs
defined
Sending Protected Data in GSS-API
GSS-API
tagging messages
Tagging Messages With gss_get_mic
message transmission confirmation
Confirming Message Transmission in GSS-API
minor status codes
GSS-API
GSS-API Status Codes
MN
See
Mechanism Name
mutual authentication
GSS-API
Performing Mutual Authentication Between Peers in GSS-API
N
name types
GSS-API
GSS-API Name Types
names
comparing in GSS-API
Comparing Names in GSS-API
GSS-API
Names in GSS-API
types in GSS-API
Name Types in GSS-API
network security
overview
Network Security Architecture
nxheap
security extension
Security Extensions Framework
nxstack
security extension
Security Extensions Framework
O
Object Identifiers
See
OIDs
OCSP (Online Certificate Status Protocol)
Oracle Solaris Key Management Framework Features
OIDs
constructing
Constructing Mechanism OIDs
deallocation of
OID Set Structure
GSS-API
GSS-API OIDs
sets
OIDs Structure
specifying
Specifying an OID
Mechanisms and QOPs in GSS-API
types of data stored as
GSS-API OIDs
Online Certificate Status Protocol (OCSP)
Oracle Solaris Key Management Framework Features
Oracle Solaris cryptographic framework
See
Cryptographic Framework
out-of-sequence problems
GSS-API
Detecting Sequence Problems in GSS-API
P
PAM
authentication process
PAM Authentication Process
consumer application example
Simple PAM Consumer Example
described
Network Security Architecture
framework
Introduction to the PAM Framework
items
Requirements for PAM Consumers
library
PAM Library
requirements for PAM consumers
Requirements for PAM Consumers
service modules
PAM Service Modules
service provider example
Sample PAM Provider Service Module
service provider requirements
Requirements for PAM Service Providers
writing applications and services
Writing PAM Applications and Services
writing conversation functions
Writing Conversation Functions
pam.conf
file
See
PAM configuration file
pam_end()
function
Requirements for PAM Consumers
pam_getenvlist()
function
Useful PAM Functions
pam_open_session()
function
Useful PAM Functions
pam_set_item()
function
Requirements for PAM Consumers
pam_setcred()
function
Simple PAM Consumer Example
pam_start()
function
Requirements for PAM Consumers
parse_oid()
function
Specifying a Non-Default Mechanism
GSS-API client example
GSSAPI Client Example: main Function
per-message tokens
GSS-API
GSS-API Tokens
permitted privilege set
Permitted Privilege Set
PKCS #11
C_GetInfo()
function
PKCS #11 Functions: C_GetInfo
C_GetMechanismList()
function
PKCS #11 Functions: C_GetMechanismList
C_GetSlotList()
function
PKCS #11 Functions: C_GetSlotList
C_GetTokenInfo()
function
PKCS #11 Functions: C_GetTokenInfo
C_Initialize()
function
PKCS #11 Functions: C_Initialize
C_OpenSession()
function
PKCS #11 Functions: C_OpenSession
Extended PKCS#11, v2.40 Errata 01
System Security
function list
PKCS #11 Function List
pkcs11_softtoken.so
module
Overview of the Cryptoki Library
SUNW_C_GetMechSession()
function
SUNW_C_KeyToObject Extended PKCS #11 Function
SUNW_C_GetMechSession Extended PKCS #11 Function
pkcs11_softtoken.so
library
Cryptographic Framework
Components of the Cryptographic Framework
PKI (Public Key Infrastructure)
Introduction to the Oracle Solaris Key Management Framework
pktool
key management tool
KMF Key Management Tool
pluggable authentication module
See
PAM
pluggable interface
Cryptographic Framework
Components of the Cryptographic Framework
plugins
Cryptographic Framework
Oracle Solaris Cryptography Terminology
principals
GSS-API
Names in GSS-API
PRIV_DAX_ACCESS
basic privilege
Privilege Categories
PRIV_FILE_LINK_ANY
basic privilege
Privilege Categories
PRIV_FILE_READ
basic privilege
Privilege Categories
PRIV_FILE_WRITE
basic privilege
Privilege Categories
PRIV_NET_ACCESS
basic privilege
Privilege Categories
PRIV_OFF
flag
Privilege Data Types
PRIV_ON
flag
Privilege Data Types
PRIV_PROC_EXEC
basic privilege
Privilege Categories
PRIV_PROC_FORK
basic privilege
Privilege Categories
PRIV_PROC_INFO
basic privilege
Privilege Categories
PRIV_PROC_SELF
basic privilege
Privilege Categories
PRIV_PROC_SESSION
basic privilege
Privilege Categories
PRIV_SET
flag
Privilege Data Types
priv_set_t
structure
Privilege Data Types
priv_str_to_set()
function
priv_str_to_set for Mapping Privileges
PRIV_SYS_IB_INFO
basic privilege
Privilege Categories
priv_t
type
Privilege Data Types
privilege sets
How Privileges Are Implemented
privileged applications
Developing Privileged Applications
privileges
assignment
How Administrators Assign Privileges
basic
Privilege Categories
bracketing in the least privilege model
Privilege Bracketing in the Least Privilege Model
bracketing in the superuser model
Privilege Bracketing in the Superuser Model
categories
Privilege Categories
code example
Privilege Bracketing in the Least Privilege Model
compatibility with superuser
Compatibility Between the Superuser and Privilege Models
data types
Privilege Data Types
defined
Privileged Applications
interfaces
Privilege Interfaces
introduction
System Security
not basic
Privilege Categories
operation flags
Privilege Data Types
overview
About Privileges
priv_str_to_set()
function
priv_str_to_set for Mapping Privileges
privilege ID data type
Privilege Data Types
required header file
Programming with Privileges
setppriv()
function
setppriv for Setting Privileges
use in application development
Guidelines for Developing Privileged Applications
process privileges
See
privileges
protecting data
GSS-API
Sending Protected Data in GSS-API
providers
Cryptographic Framework
Components of the Cryptographic Framework
Oracle Solaris Cryptography Terminology
defined
Network Security Architecture
Public Key Infrastructure (PKI)
Introduction to the Oracle Solaris Key Management Framework
Q
QOP
GSS-API and
Application Portability With GSS-API
role in wrap size
Handling Wrap Size Issues in GSS-API
specifying
Files with OID Values
Mechanisms and QOPs in GSS-API
storage in OIDs
GSS-API OIDs
qop
file
/etc/gss/qop File
Quality of Protection
See
QOP
R
random byte generation
Cryptographic Framework
example
Random Byte Generation Example
remote procedure calls
GSS-API
Remote Procedure Calls With GSS-API
return codes
GSS-API
GSS-API Status Codes
RPCSEC_GSS
Remote Procedure Calls With GSS-API
S
SASL
Network Security Architecture
SEAM (obsolete)
See
Kerberos v5
security context
See
contexts
security extensions
kernel
Security Extensions Framework
security mechanisms
See
GSS-API
security policy
privileged application guidelines
Guidelines for Developing Privileged Applications
send_token()
function
GSS-API client example
Establishing a Security Context for GSS-API
sequence problems
GSS-API
Detecting Sequence Problems in GSS-API
server_acquire_creds()
function
GSS-API server example
Acquiring Credentials
server_establish_context()
function
GSS-API server example
Accepting a Context
session management
PAM service module
PAM Service Modules
session objects
Cryptographic Framework
Oracle Solaris Cryptography Terminology
setppriv()
function
setppriv for Setting Privileges
shell escapes
privileges and
Guidelines for Developing Privileged Applications
sign_server()
function
GSS-API client example
GSSAPI Server Example: main Function
GSS-API server example
Receiving Data From a Client
signature blocks
GSS-API
gss-client
example
Reading and Verifying a Signature Block From a GSS-API Client
signing messages
GSS-API
Signing and Returning the Message
signing messages example
Cryptographic Framework
Sign and Verify Example
slots
Cryptographic Framework
Oracle Solaris Cryptography Terminology
soft tokens
Cryptographic Framework
Oracle Solaris Cryptography Terminology
specifying a QOP
Files with OID Values
specifying mechanisms in GSS-API
Files with OID Values
specifying OIDs
Specifying an OID
SPI
Cryptographic Framework
user level
Components of the Cryptographic Framework
status codes
GSS-API
GSS-API Status Codes
GSS-API Status Codes
major
GSS-API Status Codes
minor
GSS-API Status Codes
strings
GSS-API
Strings and Similar Data in GSS-API
SUNW_C_GetMechSession()
function
digest message example
Message Digest Example
symmetric encryption example
Symmetric Encryption Example
SUNW_C_GetMechSession()
function
SUNW_C_KeyToObject Extended PKCS #11 Function
SUNW_C_GetMechSession Extended PKCS #11 Function
sxadm
command
Using the sxadm Command to Manage Security Extensions
symmetric encryption
Cryptographic Framework
example
Symmetric Encryption Example
T
test_import_export_context()
function
GSS-API server example
Using the test_import_export_context Function
token objects
Cryptographic Framework
Oracle Solaris Cryptography Terminology
tokens
Cryptographic Framework
Oracle Solaris Cryptography Terminology
distinguishing GSS-API types
GSS-API Tokens
GSS-API
context-level
GSS-API Tokens
interprocess
Interprocess Tokens in GSS-API
per-message
GSS-API Tokens
V
verifying messages example
Cryptographic Framework
example
Sign and Verify Example
W
wrapping messages
GSS-API
Handling Wrap Size Issues in GSS-API
Previous