Go to main content

Trusted Extensions Configuration and Administration

Exit Print View

» ...Documentation Home » Oracle Solaris 11.3 Information Library » Trusted Extensions Configuration and ... » Initial Configuration of Trusted Extensions » Adding the Trusted Extensions Feature to ... » Installing and Enabling Trusted Extensions » Enable Trusted Extensions

Updated: December 2017

Trusted Extensions Configuration and Administration

Document Information

Using This Documentation

Part I Initial Configuration of Trusted Extensions

Chapter 1 Security Planning for Trusted Extensions

Planning for Security in Trusted Extensions

Results of Enabling Trusted Extensions From an Administrator's Perspective

Chapter 2 Configuration Roadmap for Trusted Extensions

Task Map: Preparing for and Enabling Trusted Extensions

Task Map: Choosing a Trusted Extensions Configuration

Task Map: Configuring Trusted Extensions With the Provided Defaults

Task Map: Configuring Trusted Extensions to Meet Your Site's Requirements

Chapter 3 Adding the Trusted Extensions Feature to Oracle Solaris

Initial Setup Team Responsibilities

Resolving Security Issues Before Installing Trusted Extensions

Installing and Enabling Trusted Extensions

Add Trusted Extensions Packages to an Oracle Solaris System

Enable Trusted Extensions

Log In to Trusted Extensions

Chapter 4 Configuring Trusted Extensions

Setting Up the Global Zone in Trusted Extensions

Creating Labeled Zones

Configuring the Network Interfaces in Trusted Extensions

Creating Roles and Users in Trusted Extensions

Creating Centralized Home Directories in Trusted Extensions

Troubleshooting Your Trusted Extensions Configuration

Additional Trusted Extensions Configuration Tasks

Chapter 5 Configuring LDAP for Trusted Extensions

Configuring LDAP on a Trusted Extensions Network

Configuring an LDAP Proxy Server on a Trusted Extensions System

Configuring the Oracle Directory Server Enterprise Edition on a Trusted Extensions System

Creating a Trusted Extensions Proxy for an Existing Oracle Directory Server Enterprise Edition

Creating a Trusted Extensions LDAP Client

Part II Administration of Trusted Extensions

Appendix A Site Security Policy

Appendix B Configuration Checklist for Trusted Extensions

Appendix C Quick Reference to Trusted Extensions Administration

Appendix D List of Trusted Extensions Man Pages

Trusted Extensions Glossary

Language:

Enable Trusted Extensions

Before You Begin

You must be in the root role in the global zone.

In a terminal window, enable the labeld service.
Note - Use the labeladm command to control the labeld service. Do not manipulate the labeld services directly. For more information, see the labeladm(1M) man page.
```
# labeladm enable -r
```
The labeladm command provides several options when enabling the service.

–i

Prevents a confirmation prompt.

–m

Sends error messages to syslog and to the console.

–n

Tests the command without enabling the service.

–r

Delays enabling the service until after a system reboot. This is the same behavior as in previous releases.

Verify that the service is enabled.

# labeladm info
     Labeling status: pending enable on boot
          Latest log: "/var/user/root/trusted-extensions-install-log"
Label encodings file: /etc/security/tsol/label_encodings

Caution

Caution - If you are enabling and configuring Trusted Extensions remotely, carefully review Remote Administration in Trusted Extensions. Do not reboot until you have configured the system to allow remote administration. If you do not configure the Trusted Extensions system for remote administration, you will be unable to reach it from a remote system.

If you have a customized label encodings file, install it now.
```
# labeladm encodings path-to-encodings-file
```
Reboot the system.
You must run this command if you used the –r option.
```
# /usr/sbin/reboot
```

Next Steps

Continue with Log In to Trusted Extensions.

Copyright © 1992, 2017, Oracle and/or its affiliates. All rights reserved.