Controlling Access to a Domain Console by Using Rights
By default, any user can access all domain consoles. To control access to a domain console, configure the vntsd daemon to perform authorization checking. This authorization checking applies to accessing a console with either the ldmconsole or telnet command. The vntsd daemon provides a Service Management Facility (SMF) property named vntsd/authorization. This property can be configured to enable authorization checking of users and roles for a domain console or a console group. To enable authorization checking, use the svccfg command to set the value of this property to true. While this option is enabled, vntsd listens and accepts connections only on localhost. If the listen_addr property specifies an alternative IP address when vntsd/authorization is enabled, vntsd ignores the alternative IP address and continues to listen only on localhost.
Caution - Do not configure the vntsd service to use a host other than localhost.
If you specify a host other than localhost, you are no longer restricted from connecting to guest domain consoles from the control domain. If you use the telnet command to remotely connect to a guest domain, the login credentials are passed as clear text over the network.
By default, an authorization to access all guest consoles is present in the local authorization description database.
solaris.vntsd.consoles:::Access All LDoms Guest Consoles::