RAD provides the following main functionalities:
Two SMF services: svc:/system/rad:local and svc:/system/rad:remote
Structured and browsable namespace.
Inspectable, typed, and versioned interfaces.
Asynchronous event sources.
XML-based interactive data language (IDL) abstract data representation (ADR) that supports formal definitions of APIs. The IDL compiler radadrgen generates client language bindings.
Full PAM conversation support including use of pam_setcred (3PAM) to set the audit context.
Authentication by using GSSAPI in deployments where Kerberos is configured.
Implicit authentication by using getpeerucred (3C) when possible.
Non-local network connectivity is not available by default. RAD is preconfigured to use TLS.
Most operations are automatically delegated to lesser-privileged processes.
Defines two authorizations and two rights profiles to provide fine-grained separation of powers for managing and configuring the RAD SMF services.
Generates AUE_rad_login, AUE_logout, AUE_role_login, AUE_role_logout, and AUE_passwd audit events.
Local access by using AF_UNIX sockets.
Remote access by using TCP sockets.
Secure remote access by using TLS sockets.
Captive execution with access through a pipe.
Connection points are completely configurable at the command line or by using SMF.
Java language binding provides access to all defined server interfaces.
Python language binding provides access to all defined server interfaces.
C language binding provides access to all defined server interfaces.
A public native C module interface supports addition of third-party content.
radadrgen can generate server-side type definitions and stubs from IDL input.
A native execution system can automatically run modules with authenticated user's privilege and audit context, simplifying authentication and auditing.
Private module interfaces enable the defining of new transports.