Go to main content

Remote Administration Daemon Developer's Guide

Exit Print View

Updated: May 2019
 
 

Overview of RAD Features

    RAD provides the following main functionalities:

  • Essentials

    • Two SMF services: svc:/system/rad:local and svc:/system/rad:remote

    • Structured and browsable namespace.

    • Inspectable, typed, and versioned interfaces.

    • Asynchronous event sources.

    • XML-based interactive data language (IDL) abstract data representation (ADR) that supports formal definitions of APIs. The IDL compiler radadrgen generates client language bindings.

  • Security

    • Full PAM conversation support including use of pam_setcred (3PAM) to set the audit context.

    • Authentication by using GSSAPI in deployments where Kerberos is configured.

    • Implicit authentication by using getpeerucred (3C) when possible.

    • Non-local network connectivity is not available by default. RAD is preconfigured to use TLS.

    • Most operations are automatically delegated to lesser-privileged processes.

    • Defines two authorizations and two rights profiles to provide fine-grained separation of powers for managing and configuring the RAD SMF services.

      • RAD authorizations

        • solaris.smf.manage.rad – Grants the authorization to enable, disable, or restart the RAD SMF services.

        • solaris.smf.value.rad – Grants the authorization to change RAD SMF property values.

      • RAD rights profiles

        • RAD Management – Includes the solaris.smf.manage.rad authorization.

        • RAD Configuration – Includes the solaris.smf.value.rad authorization.

    • Generates AUE_rad_login, AUE_logout, AUE_role_login, AUE_role_logout, and AUE_passwd audit events.

  • Connectivity

    • Local access by using AF_UNIX sockets.

    • Remote access by using TCP sockets.

    • Secure remote access by using TLS sockets.

    • Captive execution with access through a pipe.

    • Connection points are completely configurable at the command line or by using SMF.

  • Client support

    • Java language binding provides access to all defined server interfaces.

    • Python language binding provides access to all defined server interfaces.

    • C language binding provides access to all defined server interfaces.

  • Extension

    • A public native C module interface supports addition of third-party content.

    • radadrgen can generate server-side type definitions and stubs from IDL input.

    • A native execution system can automatically run modules with authenticated user's privilege and audit context, simplifying authentication and auditing.

    • Private module interfaces enable the defining of new transports.