primary# svccfg -s vntsd setprop vntsd/authorization = true primary# svcadm refresh vntsd primary# svcadm restart vntsd
授权名称从域名派生而来,并且形式为 solaris.vntsd.console-domain:
solaris.vntsd.console-domain:::Access domain Console::
primary# roleadd -A solaris.vntsd.console-domain role-name primary# passwd role-name New Password: Re-enter new Password: passwd: password successfully changed for role-name
primary# usermod -R role-name username
本示例说明用户 terry 如何承担 ldg1cons 角色,以及如何访问 ldg1 域控制台。
首先,将单个域 (ldg1) 的授权添加到授权说明数据库中。
solaris.vntsd.console-ldg1:::Access ldg1 Console::
然后,创建具有新授权的角色,以便仅允许访问该域控制台。
primary# roleadd -A solaris.vntsd.console-ldg1 ldg1cons primary# passwd ldg1cons New Password: Re-enter new Password: passwd: password successfully changed for ldg1cons
将 ldg1cons 角色分配给用户 terry,其承担 ldg1cons 角色并访问域控制台。
primary# usermod -R ldg1cons terry primary# su terry Password: $ id uid=700300(terry) gid=1(other) $ su ldg1cons Password: $ id uid=700303(ldg1cons) gid=1(other) $ telnet localhost 5000 Trying 0.0.0.0... Escape character is '^]'. Connecting to console "ldg1" in group "ldg1" .... Press ~? for control options ..
以下示例显示用户 terry 无法访问 ldg2 域控制台:
$ telnet localhost 5001 Trying 0.0.0.0... Connected to 0. Escape character is '^]'. Connection to 0 closed by foreign host.