Go to main content
oracle home
Developer's Guide to Oracle
®
Solaris 11.3 Security
Exit Print View
Search Term
Search Scope:
This Document
Entire Library
» ...
Documentation Home
»
Oracle Solaris 11.3 Information Library
»
Developer's Guide to Oracle
®
...
»
Index A
Updated: April 2020
Developer's Guide to Oracle
®
Solaris 11.3 Security
Document Information
Using This Documentation
Product Documentation Library
Feedback
Chapter 1 Oracle Solaris Security for Developers (Overview)
Overview of Oracle Solaris Security Features for Developers
System Security
Security Extensions Framework
Using the sxadm Command to Manage Security Extensions
Debugging When Using Security Extensions
Network Security Architecture
Chapter 2 Developing Privileged Applications
Privileged Applications
About Privileges
How Administrators Assign Privileges
How Privileges Are Implemented
Permitted Privilege Set
Inheritable Privilege Set
Limit Privilege Set
Effective Privilege Set
Compatibility Between the Superuser and Privilege Models
Privilege Categories
Programming with Privileges
Privilege Data Types
Privilege Interfaces
setppriv() for Setting Privileges
priv_str_to_set() for Mapping Privileges
Privilege Coding Example
Privilege Bracketing in the Superuser Model
Privilege Bracketing in the Least Privilege Model
Guidelines for Developing Privileged Applications
About Authorizations
Chapter 3 Writing PAM Applications and Services
Introduction to the PAM Framework
PAM Service Modules
PAM Library
PAM Authentication Process
Requirements for PAM Consumers
PAM Configuration
Writing Applications That Use PAM Services
A Simple PAM Consumer Example
Other Useful PAM Functions
Writing Conversation Functions
Writing Modules That Provide PAM Services
Requirements for PAM Service Providers
Sample PAM Provider Service Module
Chapter 4 Writing Applications That Use GSS-API
Introduction to GSS-API
Application Portability With GSS-API
Security Services in GSS-API
Available Mechanisms in GSS-API
Remote Procedure Calls With GSS-API
Limitations of GSS-API
Language Bindings for GSS-API
Where to Get More Information on GSS-API
Important Elements of GSS-API
GSS-API Data Types
GSS-API Integers
Strings and Similar Data in GSS-API
Names in GSS-API
Comparing Names in GSS-API
GSS-API OIDs
GSS-API Status Codes
GSS-API Tokens
Interprocess Tokens in GSS-API
Developing Applications That Use GSS-API
Generalized GSS-API Usage
Working With Credentials in GSS-API
Acquiring Credentials in GSS-API
Working With Contexts in GSS-API
Initiating a Context in GSS-API
Accepting a Context in GSS-API
Using Other Context Services in GSS-API
Delegating a Credential in GSS-API
Performing Mutual Authentication Between Peers in GSS-API
Performing Anonymous Authentication in GSS-API
Using Channel Bindings in GSS-API
Exporting and Importing Contexts in GSS-API
Obtaining Context Information in GSS-API
Sending Protected Data in GSS-API
Tagging Messages With gss_get_mic()
Wrapping Messages With gss_wrap()
Handling Wrap Size Issues in GSS-API
Detecting Sequence Problems in GSS-API
Confirming Message Transmission in GSS-API
Cleaning Up a GSS-API Session
Chapter 5 GSS-API Client Example
GSSAPI Client Example Overview
GSSAPI Client Example Structure
Running the GSSAPI Client Example
GSSAPI Client Example: main() Function
Opening a Connection With the Server
Establishing a Security Context With the Server
Translating a Service Name into GSS-API Format
Establishing a Security Context for GSS-API
Miscellaneous GSSAPI Context Operations on the Client Side
Wrapping and Sending a Message
Reading and Verifying a Signature Block From a GSS-API Client
Deleting the Security Context
Chapter 6 GSS-API Server Example
GSSAPI Server Example Overview
GSSAPI Server Example Structure
Running the GSSAPI Server Example
GSSAPI Server Example: main() Function
Acquiring Credentials
Checking for inetd
Receiving Data From a Client
Accepting a Context
Unwrapping the Message
Signing and Returning the Message
Using the test_import_export_context() Function
Cleanup in the GSSAPI Server Example
Chapter 7 Writing Applications That Use SASL
Introduction to Simple Authentication Security Layer (SASL)
SASL Library Basics
SASL Architecture
Security Mechanisms
SASL Security Strength Factor
Communication in SASL
SASL Connection Contexts
Steps in the SASL Cycle
libsasl Initialization
SASL Session Initialization
SASL Authentication
SASL Confidentiality and Integrity
Releasing SASL Sessions
libsasl Cleanup
SASL Example
SASL for Service Providers
SASL Plugin Overview
Important Structures for SASL Plugins
Client Plugins
Server Plugins
User Canonicalization Plugins
Auxiliary Property (auxprop) Plugins
SASL Plugin Development Guidelines
Error Reporting in SASL Plugins
Memory Allocation in SASL Plugins
Setting the SASL Negotiation Sequence
Chapter 8 Introduction to the Oracle Solaris Cryptographic Framework
Oracle Solaris Cryptography Terminology
Overview of the Cryptographic Framework
Components of the Cryptographic Framework
What Cryptography Developers Need to Know
Requirements for Developers of User-Level Consumers
Requirements for Developers of User-Level Providers
Chapter 9 Writing User-Level Cryptographic Applications
Overview of the Cryptoki Library
PKCS #11 Function List
Functions for Using PKCS #11
PKCS #11 Functions: C_Initialize()
PKCS #11 Functions: C_GetInfo()
PKCS #11 Functions: C_GetSlotList()
PKCS #11 Functions: C_GetTokenInfo()
PKCS #11 Functions: C_OpenSession()
PKCS #11 Functions: C_GetMechanismList()
Extended PKCS #11 Functions
Extended PKCS #11 Functions: SUNW_C_GetMechSession()
Extended PKCS #11 Functions: SUNW_C_KeyToObject
User-Level Cryptographic Application Examples
Message Digest Example
Symmetric Encryption Example
Sign and Verify Example
Random Byte Generation Example
Chapter 10 Introduction to the Oracle Solaris Key Management Framework
Oracle Solaris Key Management Framework Features
Oracle Solaris Key Management Framework Components
KMF Key Management Tool
KMF Policy Enforcement Mechanisms
KMF Application Programming Interfaces
Oracle Solaris Key Management Framework Example Application
KMF Headers and Libraries
KMF Basic Data Types
KMF Application Results Verification
Complete KMF Application Source Code
Appendix A Secure Coding Guidelines for Developers
Appendix B Sample C-Based GSS-API Programs
Client-Side Application
Server-Side Application
Miscellaneous GSS-API Sample Functions
Appendix C GSS-API Reference
GSS-API Functions
Functions From Previous Versions of GSS-API
Functions for Manipulating s
Renamed Functions
GSS-API Status Codes
GSS-API Major Status Code Values
Displaying Status Codes
Status Code Macros
GSS-API Data Types and Values
Basic GSS-API Data Types
OM_uint32 Data Type
gss_buffer_desc Data Type
gss_OID_desc Data Type
gss_OID_set_desc Data Type
gss_channel_bindings_struct Data Type
Name Types
Address Types for Channel Bindings
Implementation-Specific Features in GSS-API
Oracle Solaris-Specific Functions
Human-Readable Name Syntax
Format of Anonymous Names
Implementations of Selected Data Types
Deletion of Contexts and Stored Data
Protection of Channel-Binding Information
Context Exportation and Interprocess Tokens
Types of Credentials Supported
Credential Expiration
Context Expiration
Wrap Size Limits and QOP Values
Use of minor_status Parameter
Kerberos v5 Status Codes
Messages Returned in Kerberos v5 for Status Code 1
Messages Returned in Kerberos v5 for Status Code 2
Messages Returned in Kerberos v5 for Status Code 3
Messages Returned in Kerberos v5 for Status Code 4
Messages Returned in Kerberos v5 for Status Code 5
Messages Returned in Kerberos v5 for Status Code 6
Messages Returned in Kerberos v5 for Status Code 7
Appendix D Specifying an OID
Files with OID Values
/etc/gss/mech File
/etc/gss/qop File
gss_str_to_oid() Function
Constructing Mechanism OIDs
createMechOid() Function
Specifying a Non-Default Mechanism
Appendix E Source Code for SASL Example
SASL Client Example
SASL Server Example
Common Code
Appendix F SASL Reference Tables
SASL Interface Summaries
Appendix G Security Considerations When Using C Functions
Glossary
Index
Index A
Index C
Index D
Index E
Index F
Index G
Index H
Index I
Index J
Index K
Index L
Index M
Index N
Index O
Index P
Index Q
Index R
Index S
Index T
Index U
Index V
Index W
Language:
English
Index
A
access control lists
use in GSS-API
Comparing Names in GSS-API
account management
PAM service module
PAM Service Modules
ACL
See
access control list
acquiring context information
Obtaining Context Information in GSS-API
anonymous authentication
Performing Anonymous Authentication in GSS-API
aslr
security extension
Security Extensions Framework
authentication
GSS-API
Security Services in GSS-API
anonymous
Performing Anonymous Authentication in GSS-API
mutual
Performing Mutual Authentication Between Peers in GSS-API
PAM process for
PAM Authentication Process
PAM service module
PAM Service Modules
SASL
SASL Authentication
authid
auxprop
plugins
Auxiliary Property (auxprop) Plugins
SASL
SASL Library Basics
authorizations
code example
Checking for Authorizations
defined
Privileged Applications
use in application development
About Authorizations
authzid
auxprop
plugins
Auxiliary Property (auxprop) Plugins
auxiliary properties
See
auxprop
plugins
auxprop
plugins
Auxiliary Property (auxprop) Plugins
C
C_CloseSession()
function
digest message example
Message Digest Example
message signing example
Sign and Verify Example
random byte generation example
Random Byte Generation Example
C_Decrypt()
function
Symmetric Encryption Example
C_DecryptInit()
function
Symmetric Encryption Example
C_EncryptFinal()
function
Symmetric Encryption Example
C_EncryptInit()
function
Symmetric Encryption Example
C_EncryptUpdate()
function
Symmetric Encryption Example
C_Finalize()
function
digest message example
Message Digest Example
message signing example
Sign and Verify Example
C_GenerateKeyPair()
function
Sign and Verify Example
C_GenerateRandom()
function
Random Byte Generation Example
C_GetAttributeValue()
function
Sign and Verify Example
C_GetInfo()
function
Message Digest Example
PKCS #11 Functions: C_GetInfo
C_GetMechanismList()
function
PKCS #11 Functions: C_GetMechanismList
C_GetSlotList()
function
PKCS #11 Functions: C_GetSlotList
message signing example
Sign and Verify Example
random byte generation example
Random Byte Generation Example
C_Initialize()
function
PKCS #11 Functions: C_Initialize
C_OpenSession()
function
PKCS #11 Functions: C_OpenSession
random byte generation example
Random Byte Generation Example
C_SignInit()
function
Sign and Verify Example
C_Verify()
function
Sign and Verify Example
C_VerifyInit()
function
Sign and Verify Example
callbacks
SASL
Communication in SASL
SASL_CB_AUTHNAME
Communication in SASL
SASL_CB_CANON_USER
Communication in SASL
SASL_CB_ECHOPROMPT
Communication in SASL
SASL_CB_GETCONF
Communication in SASL
SASL_CB_GETOPT
Communication in SASL
SASL_CB_GETPATH
Communication in SASL
SASL_CB_GETREALM
Communication in SASL
SASL_CB_LANGUAGE
Communication in SASL
SASL_CB_LOG
Communication in SASL
SASL_CB_NOECHOPROMPT
Communication in SASL
SASL_CB_PASS
Communication in SASL
SASL_CB_PROXY_POLICY
Communication in SASL
SASL_CB_SERVER_USERDB_CHECKPASS
Communication in SASL
SASL_CB_SERVER_USERDB_SETPASS
Communication in SASL
SASL_CB_USER
Communication in SASL
SASL_CB_VERIFYFILE
Communication in SASL
canonicalization
SASL
User Canonicalization Plugins
Certificate Revocation List (CRL)
Oracle Solaris Key Management Framework Features
Certificate Signing Request (CSR)
KMF Key Management Tool
channel bindings
GSS-API
Address Types for Channel Bindings
Using Channel Bindings in GSS-API
client plugins
SASL
SASL Plugin Development Guidelines
Client Plugins
client_establish_context()
function
GSS-API client example
Establishing a Security Context With the Server
confidentiality
GSS-API
Sending Protected Data in GSS-API
Security Services in GSS-API
connect_to_server()
function
GSS-API client example
Establishing a Security Context for GSS-API
Opening a Connection With the Server
connection contexts
SASL
SASL Connection Contexts
consumers
Cryptographic Framework
Oracle Solaris Cryptography Terminology
defined
Network Security Architecture
context-level tokens
GSS-API
GSS-API Tokens
contexts
GSS-API
acceptance
Accepting a Context in GSS-API
acceptance example
Accepting a Context
deletion
Cleaning Up a GSS-API Session
establishing
Working With Contexts in GSS-API
establishing example
Establishing a Security Context for GSS-API
exporting
Exporting and Importing Contexts in GSS-API
getting acquisition information
Obtaining Context Information in GSS-API
gss-client
example
Deleting the Security Context
import and export
Using the test_import_export_context Function
Exporting and Importing Contexts in GSS-API
introduction
GSS-API Layer
other context services
Using Other Context Services in GSS-API
releasing
Cleanup in the GSSAPI Server Example
initiation in GSS-API
Initiating a Context in GSS-API
createMechOid()
function
createMechOid Function
credentials
delegation
Delegating a Credential in GSS-API
GSS-API
Types of Credentials Supported
Working With Credentials in GSS-API
acquisition
Acquiring Credentials
GSS-API default
Acquiring Credentials in GSS-API
CRL (Certificate Revocation List)
Oracle Solaris Key Management Framework Features
crypto
pseudo device driver
Components of the Cryptographic Framework
cryptoadm
pseudo device driver
Components of the Cryptographic Framework
cryptoadm
utility
Components of the Cryptographic Framework
cryptographic checksum (MIC)
Tagging Messages With gss_get_mic
Cryptographic Framework
architecture
Overview of the Cryptographic Framework
crypto
pseudo device driver
Components of the Cryptographic Framework
cryptoadm
pseudo device driver
Components of the Cryptographic Framework
cryptoadm
utility
Components of the Cryptographic Framework
cryptographic providers
Components of the Cryptographic Framework
cryptoki
library
Overview of the Cryptoki Library
design requirements
user-level consumers
Requirements for Developers of User-Level Consumers
user-level providers
Requirements for Developers of User-Level Providers
elfsign
utility
Components of the Cryptographic Framework
examples
message digest
Message Digest Example
random byte generation
Random Byte Generation Example
signing and verifying messages
Sign and Verify Example
symmetric encryption
Symmetric Encryption Example
introduction
Introduction to the Oracle Solaris Cryptographic Framework
kernel programmer interface
Components of the Cryptographic Framework
libpkcs11.so
Components of the Cryptographic Framework
modules verification library
Components of the Cryptographic Framework
pkcs11_kernel.so
Components of the Cryptographic Framework
pkcs11_softtoken.so
Components of the Cryptographic Framework
pluggable interface
Components of the Cryptographic Framework
role in Oracle Solaris
System Security
scheduler / load balancer
Components of the Cryptographic Framework
Components of the Cryptographic Framework
cryptographic providers
Cryptographic Framework
Components of the Cryptographic Framework
cryptoki
library
overview
Overview of the Cryptoki Library
CSR (Certificate Signing Request)
KMF Key Management Tool
D
data encryption
GSS-API
Wrapping Messages With gss_wrap
data protection
GSS-API
Sending Protected Data in GSS-API
data types
GSS-API
GSS-API Data Types and Values
GSS-API Data Types
integers
GSS-API Integers
names
Names in GSS-API
strings
Strings and Similar Data in GSS-API
privileges
Privilege Data Types
debugging
security extensions and
Debugging When Using Security Extensions
default credentials
GSS-API
Acquiring Credentials in GSS-API
delegation
credentials
Delegating a Credential in GSS-API
design requirements
Cryptographic Framework
user-level consumers
Requirements for Developers of User-Level Consumers
user-level providers
Requirements for Developers of User-Level Providers
digesting messages
Cryptographic Framework
Message Digest Example
E
effective privilege set
defined
Effective Privilege Set
elfdump
command
Managing Security Extensions in Objects With elfdump and elfedit
elfedit
command
Managing Security Extensions in Objects With elfdump and elfedit
elfsign
command
Cryptographic Framework
Components of the Cryptographic Framework
encryption
GSS-API
Sending Protected Data in GSS-API
wrapping messages with
gss_wrap()
Wrapping Messages With gss_wrap
error codes
GSS-API
GSS-API Major Status Code Values
examples
checking for authorizations
Checking for Authorizations
Cryptographic Framework
message digest
Message Digest Example
random byte generation
Random Byte Generation Example
signing and verifying messages
Sign and Verify Example
symmetric encryption
Symmetric Encryption Example
GSS-API client application
description
GSSAPI Client Example Overview
source code
Client-Side Application
GSS-API miscellaneous functions
source code
Miscellaneous GSS-API Sample Functions
GSS-API server application
description
GSSAPI Server Example Overview
source code
Server-Side Application
miscellaneous SASL functions
Common Code
PAM consumer application
A Simple PAM Consumer Example
PAM conversation function
Writing Conversation Functions
PAM service provider
Sample PAM Provider Service Module
privilege bracketing
Privilege Bracketing in the Least Privilege Model
SASL client application
SASL Client Example
SASL server application
SASL Server Example
exporting GSS-API contexts
Exporting and Importing Contexts in GSS-API
F
functions
See
specific function name
GSS-API
GSS-API Functions
G
General Security Standard Application Programming Interface
See
GSS-API
GetMechanismInfo()
function
Sign and Verify Example
GetRandSlot()
function
Random Byte Generation Example
GetTokenInfo()
function
Random Byte Generation Example
GSS-API
acquiring credentials
Acquiring Credentials
anonymous authentication
Performing Anonymous Authentication in GSS-API
anonymous name format
Format of Anonymous Names
channel bindings
Address Types for Channel Bindings
Using Channel Bindings in GSS-API
communication layers
Introduction to GSS-API
comparing names in
Comparing Names in GSS-API
confidentiality
Sending Protected Data in GSS-API
constructing OIDs
Constructing Mechanism OIDs
context establishment example
Establishing a Security Context for GSS-API
contexts
acceptance example
Accepting a Context
deallocation
Cleaning Up a GSS-API Session
expiration
Context Expiration
createMechOid()
function
createMechOid Function
credentials
Working With Credentials in GSS-API
expiration
Credential Expiration
data types
GSS-API Data Types and Values
GSS-API Data Types
detecting out-of-sequence problems
Detecting Sequence Problems in GSS-API
developing applications
Developing Applications That Use GSS-API
displaying status codes
Displaying Status Codes
encryption
Wrapping Messages With gss_wrap
Sending Protected Data in GSS-API
exporting contexts
Context Exportation and Interprocess Tokens
Exporting and Importing Contexts in GSS-API
files containing OID values
Files with OID Values
functions
GSS-API Functions
generalized steps
Generalized GSS-API Usage
gss-client
example
context deletion
Deleting the Security Context
contexts
Miscellaneous GSSAPI Context Operations on the Client Side
sending messages
Wrapping and Sending a Message
signature blocks
Reading and Verifying a Signature Block From a GSS-API Client
gss-server
example
signing messages
Signing and Returning the Message
unwrapping messages
Unwrapping the Message
gss_str_to_oid()
function
gss_str_to_oid Function
include files
Generalized GSS-API Usage
integrity
Sending Protected Data in GSS-API
interprocess tokens
Context Exportation and Interprocess Tokens
introduction
Introduction to GSS-API
Kerberos v5 status codes
Kerberos v5 Status Codes
language bindings
Language Bindings for GSS-API
limitations
Limitations of GSS-API
mech
file
/etc/gss/mech File
message transmission
Confirming Message Transmission in GSS-API
MICs
Sending Protected Data in GSS-API
minor-status codes
Use of minor_status Parameter
miscellaneous sample functions
source code
Miscellaneous GSS-API Sample Functions
mutual authentication
Performing Mutual Authentication Between Peers in GSS-API
name types
Name Types
Name Types in GSS-API
OIDs
GSS-API OIDs
other context services
Using Other Context Services in GSS-API
outside references
Where to Get More Information on GSS-API
portability
Application Portability With GSS-API
protecting channel-binding information
Protection of Channel-Binding Information
QOP
/etc/gss/qop File
Application Portability With GSS-API
readable name syntax
Human-Readable Name Syntax
releasing contexts
Cleanup in the GSSAPI Server Example
releasing stored data
Deletion of Contexts and Stored Data
remote procedure calls
Remote Procedure Calls With GSS-API
replaced functions
Functions From Previous Versions of GSS-API
role in Oracle Solaris OS
Network Security Architecture
sample client application
description
GSSAPI Client Example Overview
source code
Client-Side Application
sample server application
description
GSSAPI Server Example Overview
source code
Server-Side Application
specifying non-default mechanisms
Specifying a Non-Default Mechanism
specifying OIDs
Specifying an OID
status code macros
Status Code Macros
status codes
GSS-API Major Status Code Values
GSS-API Status Codes
GSS-API Status Codes
supported credentials
Types of Credentials Supported
tokens
GSS-API Tokens
context-level
GSS-API Tokens
interprocess
Interprocess Tokens in GSS-API
per-message
GSS-API Tokens
translation into GSS-API format
Translating a Service Name into GSS-API Format
wrap-size limits
Wrap Size Limits and QOP Values
gss-client
example
context deletion
Deleting the Security Context
obtaining context status
Miscellaneous GSSAPI Context Operations on the Client Side
restoring contexts
Miscellaneous GSSAPI Context Operations on the Client Side
saving contexts
Miscellaneous GSSAPI Context Operations on the Client Side
sending messages
Wrapping and Sending a Message
signature blocks
Reading and Verifying a Signature Block From a GSS-API Client
gss-client
sample application
GSSAPI Client Example Overview
gss-server
example
signing messages
Signing and Returning the Message
unwrapping messages
Unwrapping the Message
gss-server
sample application
GSSAPI Server Example Overview
gss_accept_sec_context()
function
GSS-API Functions
gss_accept_sec_context()
function
Accepting a Context in GSS-API
GSS-API server example
server_establish_context Function
gss_acquire_cred()
function
GSS-API Functions
gss_acquire_cred()
function
Acquiring Credentials in GSS-API
GSS-API server example
Acquiring Credentials
gss_add_cred()
function
GSS-API Functions
gss_add_cred()
function
Acquiring Credentials in GSS-API
gss_add_oid_set_member()
function
GSS-API Functions
gss_buffer_desc structure
gss_buffer_desc Data Type
gss_buffer_desc
structure
Strings and Similar Data in GSS-API
gss_buffer_t
pointer
Strings and Similar Data in GSS-API
GSS_C_ACCEPT
credential
Working With Credentials in GSS-API
GSS_C_BOTH
credential
Working With Credentials in GSS-API
GSS_C_INITIATE
credential
Working With Credentials in GSS-API
GSS_CALLING_ERROR
macro
Status Code Macros
GSS-API Status Codes
gss_canonicalize_name()
function
GSS-API Functions
gss_canonicalize_name()
function
Using gss_import_name
gss_channel_bindings_structure structure
gss_channel_bindings_struct Data Type
gss_channel_bindings_t data type
Using Channel Bindings in GSS-API
gss_compare_name()
function
GSS-API Functions
gss_compare_name()
function
Comparing Names (Slow)
Comparing Names in GSS-API
gss_context_time()
function
GSS-API Functions
gss_create_empty_oid_set()
function
GSS-API Functions
gss_delete_oid()
function
Functions for Manipulating OIDs
gss_delete_sec_context()
function
GSS-API Functions
gss_delete_sec_context()
function
Cleaning Up a GSS-API Session
releasing contexts
Deletion of Contexts and Stored Data
gss_display_name()
function
GSS-API Functions
gss_display_name()
function
Using gss_import_name
gss_display_status()
function
GSS-API Functions
gss_display_status()
function
Displaying Status Codes
gss_duplicate_name()
function
GSS-API Functions
gss_export_context()
function
Interprocess Tokens in GSS-API
gss_export_name()
function
GSS-API Functions
gss_export_sec_context()
function
GSS-API Functions
gss_export_sec_context()
function
Exporting and Importing Contexts in GSS-API
gss_get_mic()
function
GSS-API Functions
gss_get_mic()
function
Tagging Messages With gss_get_mic
Sending Protected Data in GSS-API
comparison with
gss_wrap()
function
Sending Protected Data in GSS-API
GSS-API server example
Signing and Returning the Message
gss_import_name()
function
GSS-API Functions
gss_import_name()
function
Names in GSS-API
GSS-API client example
Translating a Service Name into GSS-API Format
GSS-API server example
Acquiring Credentials
gss_import_sec_context()
function
GSS-API Functions
gss_import_sec_context()
function
Exporting and Importing Contexts in GSS-API
gss_indicate_mechs()
function
GSS-API Functions
gss_init_sec_context()
function
GSS-API Functions
gss_init_sec_context()
function
Using Other Context Services in GSS-API
Initiating a Context in GSS-API
GSS-API client example
Establishing a Security Context for GSS-API
use in anonymous authentication
Performing Anonymous Authentication in GSS-API
use in mutual authentication
Performing Mutual Authentication Between Peers in GSS-API
gss_inquire_context function
Obtaining Context Information in GSS-API
gss_inquire_context()
function
GSS-API Functions
gss_inquire_cred()
function
GSS-API Functions
gss_inquire_cred_by_mech()
function
GSS-API Functions
gss_inquire_mechs_for_name()
function
GSS-API Functions
gss_inquire_names_for_mech()
function
GSS-API Functions
gss_OID
pointer
GSS-API OIDs
gss_OID_desc structure
gss_OID_desc Data Type
gss_OID_set
pointer
OIDs Structure
gss_OID_set_desc structure
gss_OID_set_desc Data Type
gss_OID_set_desc
structure
OIDs Structure
gss_oid_to_str()
function
Functions for Manipulating OIDs
gss_process_context_token()
function
GSS-API Functions
gss_release_buffer()
function
GSS-API Functions
gss_release_buffer()
function
Cleaning Up a GSS-API Session
gss_release_cred()
function
GSS-API Functions
gss_release_cred()
function
Cleaning Up a GSS-API Session
GSS-API server example
Cleanup in the GSSAPI Server Example
gss_release_name()
function
GSS-API Functions
gss_release_name()
function
Cleaning Up a GSS-API Session
releasing stored data
Deletion of Contexts and Stored Data
gss_release_oid()
function
GSS-API client example
GSSAPI Client Example: main Function
GSS-API server example
Acquiring Credentials
gss_release_oid_set()
function
GSS-API Functions
gss_release_oid_set()
function
Cleaning Up a GSS-API Session
GSS_ROUTINE_ERROR
macro
Status Code Macros
GSS-API Status Codes
gss_seal()
function
Renamed Functions
gss_sign()
function
Renamed Functions
gss_str_to_oid()
function
gss_str_to_oid Function
Functions for Manipulating OIDs
GSS_SUPPLEMENTARY_INFO
macro
Status Code Macros
GSS-API Status Codes
gss_test_oid_set_member()
function
GSS-API Functions
gss_unseal()
function
Renamed Functions
gss_unwrap()
function
GSS-API Functions
gss_unwrap()
function
GSS-API server example
Unwrapping the Message
gss_verify()
function
Renamed Functions
gss_verify_mic()
function
GSS-API Functions
gss_wrap()
function
GSS-API Functions
gss_wrap()
function
Handling Wrap Size Issues in GSS-API
Sending Protected Data in GSS-API
comparison with
gss_get_mic()
function
Sending Protected Data in GSS-API
wrapping messages
Wrapping Messages With gss_wrap
gss_wrap_size_limit()
function
GSS-API Functions
gss_wrap_size_limit()
function
Handling Wrap Size Issues in GSS-API
gssapi.h file
Generalized GSS-API Usage
guidelines for privileged applications
Guidelines for Developing Privileged Applications
H
header files
GSS-API
Generalized GSS-API Usage
I
importing GSS-API contexts
Exporting and Importing Contexts in GSS-API
inetd
checking for in
gss-client()
example
Checking for inetd
inheritable privilege set
defined
Inheritable Privilege Set
integers
GSS-API
GSS-API Integers
integrity
GSS-API
Sending Protected Data in GSS-API
Security Services in GSS-API
interprocess tokens
GSS-API
Interprocess Tokens in GSS-API
IPC privileges
Privilege Categories
J
Java API
System Security
K
Kerberos v5
GSS-API
Available Mechanisms in GSS-API
key management
System Security
Key Management Framework (KMF)
Introduction to the Oracle Solaris Key Management Framework
keypair
KMF Application Programming Interfaces
keystore
Oracle Solaris Key Management Framework Features
KMF (Key Management Framework)
Introduction to the Oracle Solaris Key Management Framework
kmfcfg
(1) configuration utility
KMF Policy Enforcement Mechanisms
L
language bindings
GSS-API
Language Bindings for GSS-API
libpam
PAM Library
libpkcs11.so
library
Cryptographic Framework
Components of the Cryptographic Framework
libsasl
initialization
libsasl Initialization
use of API
Communication in SASL
libsasl
library
SASL Library Basics
limit privilege set
defined
Limit Privilege Set
M
macros
GSS-API
GSS_CALLING_ERROR
GSS-API Status Codes
GSS_ROUTINE_ERROR
GSS-API Status Codes
GSS_SUPPLEMENTARY_INFO
GSS-API Status Codes
major status codes
GSS-API
GSS-API Status Codes
descriptions
GSS-API Major Status Code Values
major-status codes
GSS-API
encoding
GSS-API Status Codes
mech
file
/etc/gss/mech File
Mechanism Name (MN)
Using gss_import_name
mechanisms
Cryptographic Framework
Oracle Solaris Cryptography Terminology
defined
Network Security Architecture
GSS-API
Available Mechanisms in GSS-API
printable formats
gss_str_to_oid Function
SASL
Security Mechanisms
specifying GSS-API
Mechanisms and QOPs in GSS-API
memcmp function
Comparing Names (Slow)
message digesting
Cryptographic Framework
Message Digest Example
Message Integrity Code
See
MICs
messages
See Also
data
encrypting with
gss_wrap()
Wrapping Messages With gss_wrap
GSS-API
GSS-API Tokens
out-of-sequence problems
Detecting Sequence Problems in GSS-API
sending
Wrapping and Sending a Message
signing
Signing and Returning the Message
transmission confirmation
Confirming Message Transmission in GSS-API
unwrapping
Unwrapping the Message
tagging with MICs
Tagging Messages With gss_get_mic
wrapping in GSS-API
Handling Wrap Size Issues in GSS-API
metaslot
Cryptographic Framework
Oracle Solaris Cryptography Terminology
MICs
defined
Sending Protected Data in GSS-API
GSS-API
tagging messages
Tagging Messages With gss_get_mic
message transmission confirmation
Confirming Message Transmission in GSS-API
minor status codes
GSS-API
GSS-API Status Codes
MN
See
Mechanism Name
mutual authentication
GSS-API
Performing Mutual Authentication Between Peers in GSS-API
N
name types
GSS-API
Name Types
names
comparing in GSS-API
Comparing Names in GSS-API
GSS-API
Names in GSS-API
types in GSS-API
Name Types in GSS-API
network security
overview
Network Security Architecture
nxheap
security extension
Security Extensions Framework
nxstack
security extension
Security Extensions Framework
O
Object Identifiers
See
OIDs
OCSP (Online Certificate Status Protocol)
Oracle Solaris Key Management Framework Features
OIDs
constructing
Constructing Mechanism OIDs
deallocation of
OID Set Structure
GSS-API
GSS-API OIDs
sets
OIDs Structure
specifying
Specifying an OID
Mechanisms and QOPs in GSS-API
types of data stored as
GSS-API OIDs
Online Certificate Status Protocol (OCSP)
Oracle Solaris Key Management Framework Features
Oracle Solaris Cryptographic Framework
See
Cryptographic Framework
Oracle Solaris Enterprise Authentication Mechanism
See
SEAM
out-of-sequence problems
GSS-API
Detecting Sequence Problems in GSS-API
P
PAM
Writing PAM Applications and Services
authentication process
PAM Authentication Process
consumer application example
A Simple PAM Consumer Example
framework
Introduction to the PAM Framework
items
Requirements for PAM Consumers
library
PAM Library
requirements for PAM consumers
Requirements for PAM Consumers
role in Oracle Solaris OS
Network Security Architecture
service modules
PAM Service Modules
service provider example
Sample PAM Provider Service Module
service provider requirements
Requirements for PAM Service Providers
writing conversation functions
Writing Conversation Functions
pam.conf
file
See
PAM configuration file
pam_end()
function
Requirements for PAM Consumers
pam_getenvlist()
function
Other Useful PAM Functions
pam_open_session()
function
Other Useful PAM Functions
pam_set_item()
function
Requirements for PAM Consumers
pam_setcred()
function
A Simple PAM Consumer Example
pam_start()
function
Requirements for PAM Consumers
parse_oid()
function
Specifying a Non-Default Mechanism
GSS-API client example
GSSAPI Client Example: main Function
per-message tokens
GSS-API
GSS-API Tokens
permitted privilege set
defined
Permitted Privilege Set
PKCS #11
C_GetInfo()
function
PKCS #11 Functions: C_GetInfo
C_GetMechanismList()
function
PKCS #11 Functions: C_GetMechanismList
C_GetSlotList()
function
PKCS #11 Functions: C_GetSlotList
C_GetTokenInfo()
function
PKCS #11 Functions: C_GetTokenInfo
C_Initialize()
function
PKCS #11 Functions: C_Initialize
C_OpenSession()
function
PKCS #11 Functions: C_OpenSession
function list
PKCS #11 Function List
pkcs11_softtoken.so
module
Overview of the Cryptoki Library
SUNW_C_GetMechSession()
function
Extended PKCS #11 Functions: SUNW_C_KeyToObject
Extended PKCS #11 Functions: SUNW_C_GetMechSession
pkcs11_kernel.so
library
Cryptographic Framework
Components of the Cryptographic Framework
pkcs11_softtoken.so
library
Cryptographic Framework
Components of the Cryptographic Framework
PKI (Public Key Infrastructure)
Introduction to the Oracle Solaris Key Management Framework
pktool
(1) key management tool
KMF Key Management Tool
pluggable authentication module
See
PAM
pluggable interface
Cryptographic Framework
Components of the Cryptographic Framework
plugins
Cryptographic Framework
Oracle Solaris Cryptography Terminology
SASL
SASL Plugin Overview
principals
GSS-API
Names in GSS-API
PRIV_FILE_LINK_ANY
Privilege Categories
PRIV_OFF
flag
Privilege Data Types
PRIV_ON
flag
Privilege Data Types
PRIV_PROC_EXEC
privilege
Privilege Categories
PRIV_PROC_FORK privilege
Privilege Categories
PRIV_PROC_INFO
privilege
Privilege Categories
PRIV_PROC_SESSION privilege
Privilege Categories
PRIV_SET
flag
Privilege Data Types
priv_set_t
structure
Privilege Data Types
priv_str_to_set()
function
synopsis
priv_str_to_set for Mapping Privileges
priv_t
type
Privilege Data Types
privilege sets
defined
How Privileges Are Implemented
privileged applications
defined
Privileged Applications
privileges
assignment
How Administrators Assign Privileges
bracketing in the least privilege model
Privilege Bracketing in the Least Privilege Model
bracketing in the superuser model
Privilege Bracketing in the Superuser Model
categories
Privilege Categories
IPC
Privilege Categories
process
Privilege Categories
system
Privilege Categories
System V IPC
Privilege Categories
code example
Privilege Bracketing in the Least Privilege Model
compatibility with superuser
Compatibility Between the Superuser and Privilege Models
data types
Privilege Data Types
defined
Privileged Applications
interfaces
Privilege Interfaces
introduction
System Security
operation flags
Privilege Data Types
overview
About Privileges
priv_str_to_set()
function
priv_str_to_set for Mapping Privileges
privilege ID data type
Privilege Data Types
required header file
Programming with Privileges
setppriv()
function
setppriv for Setting Privileges
use in application development
Guidelines for Developing Privileged Applications
process privileges
Privilege Categories
See
privileges
protecting data
GSS-API
Sending Protected Data in GSS-API
providers
Cryptographic Framework
Components of the Cryptographic Framework
Oracle Solaris Cryptography Terminology
defined
Network Security Architecture
Public Key Infrastructure (PKI)
Introduction to the Oracle Solaris Key Management Framework
Q
qop
file
/etc/gss/qop File
QOPs
Application Portability With GSS-API
role in wrap size
Handling Wrap Size Issues in GSS-API
specifying
Files with OID Values
Mechanisms and QOPs in GSS-API
storage in OIDs
GSS-API OIDs
Quality of Protection
See
QOP
R
random byte generation
Cryptographic Framework
example
Random Byte Generation Example
remote procedure calls
GSS-API
Remote Procedure Calls With GSS-API
return codes
GSS-API
GSS-API Status Codes
RPCSEC_GSS
Remote Procedure Calls With GSS-API
S
SASL
architecture
SASL Architecture
authentication
SASL Authentication
authid
SASL Library Basics
auxprop
plugins
Auxiliary Property (auxprop) Plugins
callbacks
SASL_CB_AUTHNAME
Communication in SASL
SASL_CB_CANON_USER
Communication in SASL
SASL_CB_ECHOPROMPT
Communication in SASL
SASL_CB_GETCONF
Communication in SASL
SASL_CB_GETOPT
Communication in SASL
SASL_CB_GETPATH
Communication in SASL
SASL_CB_GETREALM
Communication in SASL
SASL_CB_LANGUAGE
Communication in SASL
SASL_CB_LOG
Communication in SASL
SASL_CB_NOECHOPROMPT
Communication in SASL
SASL_CB_PASS
Communication in SASL
SASL_CB_PROXY_POLICY
Communication in SASL
SASL_CB_SERVER_USERDB_CHECKPASS
Communication in SASL
SASL_CB_SERVER_USERDB_SETPASS
Communication in SASL
SASL_CB_USER
Communication in SASL
SASL_CB_VERIFYFILE
Communication in SASL
canonicalization
User Canonicalization Plugins
client sample application
SASL Client Example
confidentiality
SASL Confidentiality and Integrity
connection contexts
SASL Connection Contexts
functions
SASL Interface Summaries
integrity
SASL Confidentiality and Integrity
library
SASL Library Basics
libsasl
API
Communication in SASL
libsasl
initialization
libsasl Initialization
life cycle
Steps in the SASL Cycle
mechanisms
Security Mechanisms
overview
Introduction to Simple Authentication Security Layer (SASL)
plugin design
SASL Plugin Development Guidelines
client plugins
Client Plugins
overview
SASL Plugin Overview
server plugins
Server Plugins
structures
Important Structures for SASL Plugins
reference tables
SASL Interface Summaries
releasing resources
libsasl Cleanup
releasing sessions
Releasing SASL Sessions
role in Oracle Solaris OS
Network Security Architecture
sample functions
Common Code
sample output
SASL Example
server sample application
SASL Server Example
session initialization
SASL Session Initialization
setting SSF
SASL Session Initialization
SPI
SASL Plugin Overview
SSF
SASL Security Strength Factor
userid
SASL Library Basics
sasl_canonuser_plug_nit()
function
User Canonicalization Plugins
SASL_CB_AUTHNAME
callback
Communication in SASL
SASL_CB_CANON_USER
callback
Communication in SASL
SASL_CB_ECHOPROMPT
callback
Communication in SASL
SASL_CB_GETCONF
callback
Communication in SASL
SASL_CB_GETOPT
callback
Communication in SASL
SASL_CB_GETPATH
callback
Communication in SASL
SASL_CB_GETREALM
callback
Communication in SASL
SASL_CB_LANGUAGE
callback
Communication in SASL
SASL_CB_LOG
callback
Communication in SASL
SASL_CB_NOECHOPROMPT
callback
Communication in SASL
SASL_CB_PASS
callback
Communication in SASL
SASL_CB_PROXY_POLICY
callback
Communication in SASL
SASL_CB_SERVER_USERDB_CHECKPASS
callback
Communication in SASL
SASL_CB_SERVER_USERDB_SETPASS
callback
Communication in SASL
SASL_CB_USER
callback
Communication in SASL
SASL_CB_VERIFYFILE
callback
Communication in SASL
sasl_client_add_plugin()
function
SASL Plugin Overview
sasl_client_init()
function
SASL Plugin Overview
libsasl Initialization
sasl_client_new()
function
SASL life cycle
SASL Session Initialization
sasl_client_start()
function
SASL life cycle
SASL Authentication
SASL_CONTINUE
flag
SASL Authentication
sasl_decode()
function
SASL Confidentiality and Integrity
sasl_dispose()
function
libsasl Cleanup
Releasing SASL Sessions
sasl_done()
function
libsasl Cleanup
Releasing SASL Sessions
sasl_encode()
function
SASL Confidentiality and Integrity
sasl_getprop()
function
checking SSF
SASL Confidentiality and Integrity
SASL_INTERACT
flag
SASL Authentication
SASL_O
K flag
SASL Authentication
sasl_server_add_plugin()
function
SASL Plugin Overview
sasl_server_init()
function
SASL Plugin Overview
libsasl Initialization
sasl_server_new()
function
SASL life cycle
SASL Session Initialization
sasl_server_start()
function
SASL life cycle
SASL Authentication
SEAM
GSS-API
Available Mechanisms in GSS-API
security context
See
contexts
security extensions
kernel
Security Extensions Framework
security mechanisms
See
GSS-API
security policy
privileged application guidelines
Guidelines for Developing Privileged Applications
security strength factor
See
SSF
send_token()
function
GSS-API client example
Establishing a Security Context for GSS-API
sequence problems
GSS-API
Detecting Sequence Problems in GSS-API
server plugins
SASL
Server Plugins
server_acquire_creds()
function
GSS-API server example
Acquiring Credentials
server_establish_context()
function
GSS-API server example
Accepting a Context
service provider interface
See
SPI
session management
PAM service module
PAM Service Modules
session objects
Cryptographic Framework
Oracle Solaris Cryptography Terminology
setppriv()
function
synopsis
setppriv for Setting Privileges
shell escapes
and privileges
Guidelines for Developing Privileged Applications
sign_server()
function
GSS-API client example
GSSAPI Server Example: main Function
GSS-API server example
Receiving Data From a Client
signature blocks
GSS-API
gss-client
example
Reading and Verifying a Signature Block From a GSS-API Client
signing messages
GSS-API
Signing and Returning the Message
signing messages example
Cryptographic Framework
Sign and Verify Example
Simple Authentication and Security Layer
See
SASL
slots
Cryptographic Framework
Oracle Solaris Cryptography Terminology
soft tokens
Cryptographic Framework
Oracle Solaris Cryptography Terminology
specifying a QOP
Files with OID Values
specifying mechanisms in GSS-API
Files with OID Values
specifying OIDs
Specifying an OID
SPI
Cryptographic Framework
user level
Components of the Cryptographic Framework
SSF
defined
SASL Security Strength Factor
setting
SASL Authentication
SASL Session Initialization
status codes
GSS-API
GSS-API Status Codes
GSS-API Status Codes
major
GSS-API Status Codes
minor
GSS-API Status Codes
strings
GSS-API
Strings and Similar Data in GSS-API
SUNW_C_GetMechSession()
function
digest message example
Message Digest Example
symmetric encryption example
Symmetric Encryption Example
SUNW_C_GetMechSession()
function
Extended PKCS #11 Functions: SUNW_C_KeyToObject
Extended PKCS #11 Functions: SUNW_C_GetMechSession
sxadm
command
Using the sxadm Command to Manage Security Extensions
symmetric encryption
Cryptographic Framework
example
Symmetric Encryption Example
system privileges
Privilege Categories
System V IPC privileges
Privilege Categories
T
test_import_export_context()
function
GSS-API server example
Using the test_import_export_context Function
token objects
Cryptographic Framework
Oracle Solaris Cryptography Terminology
tokens
Cryptographic Framework
Oracle Solaris Cryptography Terminology
distinguishing GSS-API types
GSS-API Tokens
GSS-API
GSS-API Tokens
context-level
GSS-API Tokens
interprocess
Interprocess Tokens in GSS-API
per-message
GSS-API Tokens
U
userid
SASL
SASL Library Basics
V
verifying messages example
Cryptographic Framework
example
Sign and Verify Example
W
wrapping messages
GSS-API
Handling Wrap Size Issues in GSS-API
Previous