These glossary entries cover words that have different meanings in different parts of the operating system, or have different meanings in the authentication services of Oracle Solaris. For definitions of Kerberos components, see the documentation on the MIT Kerberos web site (http://web.mit.edu/kerberos/).
1. In Kerberos, the process of determining if a principal can use a service, which objects the principal is allowed to access, and the type of access that is allowed for each object.
2. In Oracle Solaris rights-based access control (RBAC), a right that can be assigned to a role or user (or as part of a rights profile) for performing a class of operations that are otherwise prohibited by security policy. Authorizations are enforced at the user application level, not in the kernel.
1. In Kerberos, the second part of a principal name. An instance qualifies the principal's primary. In the case of a service principal, the instance is required. The instance is the host's fully qualified domain name, as in host/central.example.com. For user principals, an instance is optional. Note, however, that jdoe and jdoe/admin are unique principals.
2. In Oracle Solaris, a specific service of a class of System Management Facility (SMF) services. For example, the compliance:default instance and the compliance:generate-guide instance are separate instances of the compliance SMF service.
A set of rules that governs password usage in the Kerberos service. Policies can regulate principals' accesses, or ticket parameters, such as lifetime.
The requirements for passwords, such as "following industry standards such as password length". Security policy requires passwords. Password policy might dictate password strength, frequency of change, and permitted alphabet, number, and keyboard modifier keys.
Generally, a plan or course of action that influences or determines decisions and actions. For computer systems, policy typically means security policy. Your site's security policy is the set of rules that define the sensitivity of the information that is being processed and the measures that are used to protect the information from unauthorized access.
In general, a power or capability to perform an operation on a computer system that is beyond the powers of a regular user. A privileged user or privileged application is a user or application that has been granted additional rights.
1. In Kerberos, a right granted to a principal by an entry in the kadm5.acl file.
2. In Oracle Solaris, privileges are discrete rights on processes, including user processes. Privileges are also called process privileges or kernel privileges. For a full description of privileges, see the privileges(5) man page.
In Kerberos, a configuration variable or relationship that is defined in the kdc.conf or krb5.conf files. In the Oracle Solaris OS, relations are typically called variables or keyword-value pairs.
1. In Kerberos, a resource that is provided to network clients, often by more than one server. For example, if you ssh to the central.example.com host, then that host is the server that provides the ssh service.
2. In Oracle Solaris, a program that is managed by the SMF as a service. Services can be enabled, disabled, refreshed, and restarted through SMF commands. The status of services is constantly monitored and logged for ease in tracking and troubleshooting. In Oracle Solaris, the KDC, the Kerberos client, OTP, SASL, and smart card are SMF services.