primary# svccfg -s vntsd setprop vntsd/authorization = true primary# svcadm refresh vntsd primary# svcadm restart vntsd
The authorization name is derived from the name of the domain and has the form solaris.vntsd.console-domain-name:
solaris.vntsd.console-domain-name:::Access domain-name Console::
primary# roleadd -A solaris.vntsd.console-domain-name role-name primary# passwd role-name New Password: Re-enter new Password: passwd: password successfully changed for role-name
primary# usermod -R role-name username
This example shows how user terry assumes the ldg1cons role and accesses the ldg1 domain console.
First, add an authorization for a single domain, ldg1, to the authorization description database.
solaris.vntsd.console-ldg1:::Access ldg1 Console::
Then, create a role with the new authorization to permit access only to the console of the domain.
primary# roleadd -A solaris.vntsd.console-ldg1 ldg1cons primary# passwd ldg1cons New Password: Re-enter new Password: passwd: password successfully changed for ldg1cons
Assign the ldg1cons role to user terry, assume the ldg1cons role, and access the domain console.
primary# usermod -R ldg1cons terry primary# su terry Password: $ id uid=700300(terry) gid=1(other) $ su ldg1cons Password: $ id uid=700303(ldg1cons) gid=1(other) $ telnet localhost 5000 Trying 0.0.0.0... Escape character is '^]'. Connecting to console "ldg1" in group "ldg1" .... Press ~? for control options ..
The following example shows that the user terry cannot access the ldg2 domain console:
$ telnet localhost 5001 Trying 0.0.0.0... Connected to 0. Escape character is '^]'. Connection to 0 closed by foreign host.