Configurable Solaris Security Features
Trusted Extensions uses the same security features that the Solaris OS provides, and
adds some features. For example, the Solaris OS provides eeprom protection, password requirements
and strong password algorithms, system protection by locking out a user, and protection
from keyboard shutdown.
Trusted Extensions differs from the Solaris OS in the actual procedures that are
used to modify these security defaults. In Trusted Extensions, you typically administer systems
by assuming a role. Local settings are modified by using the trusted editor. Changes that
affect the network of users, roles, and hosts are made in the
Solaris Management Console.
Trusted Extensions Interfaces for Configuring Security Features
Procedures are provided in this book where Trusted Extensions requires a particular interface
to modify security settings, and that interface is optional in the Solaris OS.
Where Trusted Extensions requires the use of the trusted editor to edit local
files, no separate procedures are provided in this book. For example, the procedure
How to Prevent Account Locking for Users describes how to update a user's account by using the Solaris Management
Console to prevent the account from being locked. However, the procedure for setting
a system-wide password lock policy is not provided in this book. You follow
the Solaris instructions, except that in Trusted Extensions, you use the trusted editor
to modify the system file.
Extension of Solaris Security Mechanisms by Trusted Extensions
The following Solaris security mechanisms are extensible in Trusted Extensions as they are
in the Solaris OS:
Audit events and classes – Adding audit events and audit classes is described in Chapter 30, Managing Solaris Auditing (Tasks), in System Administration Guide: Security Services.
Rights profiles – Adding rights profiles is described in Part III, Roles, Rights Profiles, and Privileges, in System Administration Guide: Security Services.
Roles – Adding roles is described in Part III, Roles, Rights Profiles, and Privileges, in System Administration Guide: Security Services.
Authorizations – For an example of adding a new authorization, see Customizing Device Authorizations in Trusted Extensions (Task Map).
As in the Solaris OS, privileges cannot be extended.
Trusted Extensions Security Features
Trusted Extensions provides the following unique security features:
Labels – Subjects and objects are labeled. Processes are labeled. Zones and the network are labeled.
Device Allocation Manager – By default, devices are protected by allocation requirements. The Device Allocation Manager GUI is the interface for administrators and for regular users.
Change Password menu item – The Trusted Path menu enables you to change your user password, and the password of the role that you have assumed.